Go to listing page

Cyware Daily Threat Intelligence, January 12, 2021

Cyware Daily Threat Intelligence, January 12, 2021

Share Blog Post

Another day, another update on the devastating SolarWinds supply chain attack. After the discovery of Sunburst and SuperNova, researchers have unearthed another malware strain named Sunspot that was used to gain initial access to SolarWinds’s internal network.

A wave of attacks that involves the use of three RATs—Remcos, njRAT, and AsyncRAT—has also come to the notice of researchers. Dubbed Operation Spalax, the campaign is active in Columbia.

Amid all these new threats, here’s a good thing from cybersecurity space. A decryptor for DarkSide ransomware that generated millions of dollars for its operators is now available for free.

Top Breaches Reported in the Last 24 Hours

Ubiquiti suffers a breach
Ubiquiti is informing its customers about a security breach that occurred due to unauthorized access to some of its systems. The company has claimed that hackers had gained access to databases but are not sure if the user data was exposed in the incident. The exposed information includes name, email address, phone number, home address, and one-way encrypted passwords.

Socialarks affected
Chinese social media firm Socialarks has suffered a data leak leading to the exposure of over 400GB of personal data due to an unsecured Elasticsearch database. The exposed data includes information of several high-profile celebrities and social media influencers.

Top Malware Reported in the Last 24 Hours

Sunspot malware
Researchers have uncovered a third malware strain, dubbed Sunspot, involved in the recent SolarWinds hack. The malware was deployed in September 2019, when hackers first breached SolarWinds’s internal network.

Free decryptor for DarkSide ransomware
A free decryptor for the DarkSide ransomware will allow victims to recover their files without paying a ransom. The ransomware has been active since August 2020 and has generated millions of dollars for its operators.

Operation Spalax
A campaign dubbed Operation Spalax is using a trio of remote access trojans to steal confidential information from Columbian companies. Active since the second half of 2020, the infection process begins through a phishing email. The three RATs are Remcos, njRAT, and AsyncRAT.

OSAMiner variant
A new variant of OSAMiner is targeting macOS users with an aim to mine cryptocurrency. The variant uses three run-only AppleScript files to deploy the mining process on an infected macOS machine.

Top Vulnerabilities Reported in the Last 24 Hours

Typeform patches a flaw
Typeform has patched an information hijacking vulnerability that could let attackers quietly redirect form submissions containing potentially sensitive data. The flaw arose due to a design issue in the app.

GitLab addresses several flaws
GitLab has issued security patches for several vulnerabilities that could give attackers the ability to steal a user’s API access token through GitLab pages. Two of these are related to insufficient authentication and denial-of-service.

 Tags

darkside ransomware
osaminer
gitlab
ubiquiti
sunspot malware
typeform software

Posted on: January 12, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.