Another day, another update on the devastating SolarWinds supply chain attack. After the discovery of Sunburst and SuperNova, researchers have unearthed another malware strain named Sunspot that was used to gain initial access to SolarWinds’s internal network.
A wave of attacks that involves the use of three RATs—Remcos, njRAT, and AsyncRAT—has also come to the notice of researchers. Dubbed Operation Spalax, the campaign is active in Columbia.
Amid all these new threats, here’s a good thing from cybersecurity space. A decryptor for DarkSide ransomware that generated millions of dollars for its operators is now available for free.
Top Breaches Reported in the Last 24 Hours
Ubiquiti suffers a breach
Ubiquiti is informing its customers about a security breach that occurred due to unauthorized access to some of its systems. The company has claimed that hackers had gained access to databases but are not sure if the user data was exposed in the incident. The exposed information includes name, email address, phone number, home address, and one-way encrypted passwords.
Chinese social media firm Socialarks
has suffered a data leak leading to the exposure of over 400GB of personal data due to an unsecured Elasticsearch database. The exposed data includes information of several high-profile celebrities and social media influencers.
Top Malware Reported in the Last 24 Hours
Researchers have uncovered a third malware strain, dubbed Sunspot
, involved in the recent SolarWinds hack. The malware was deployed in September 2019, when hackers first breached SolarWinds’s internal network.
Free decryptor for DarkSide ransomware
A free decryptor for the DarkSide ransomware
will allow victims to recover their files without paying a ransom. The ransomware has been active since August 2020 and has generated millions of dollars for its operators.
A campaign dubbed Operation Spalax
is using a trio of remote access trojans to steal confidential information from Columbian companies. Active since the second half of 2020, the infection process begins through a phishing email. The three RATs are Remcos, njRAT, and AsyncRAT.
A new variant of OSAMiner
is targeting macOS users with an aim to mine cryptocurrency. The variant uses three run-only AppleScript files to deploy the mining process on an infected macOS machine.
Top Vulnerabilities Reported in the Last 24 Hours
Typeform patches a flaw
has patched an information hijacking vulnerability that could let attackers quietly redirect form submissions containing potentially sensitive data. The flaw arose due to a design issue in the app.
GitLab addresses several flaws
has issued security patches for several vulnerabilities that could give attackers the ability to steal a user’s API access token through GitLab pages. Two of these are related to insufficient authentication and denial-of-service.