Go to listing page

Cyware Daily Threat Intelligence, January 13, 2021

Cyware Daily Threat Intelligence, January 13, 2021

Share Blog Post

It’s the first Patch Tuesday of 2021 and Microsoft has released fixes for 83 security vulnerabilities found across its 11 products. One of these is an actively exploited remote code execution bug in the Microsoft Defender software. Moreover, Adobe and SAP issued fixes for multiple vulnerabilities affecting their products and services.

Malware threats in the form of new Rogue RAT and new Ursnif trojan variant also made headlines in the last 24 hours. While Rogue RAT is distributed through a dark web forum, the new version of Ursnif is propagated via phishing emails.

Top Breaches Reported in the Last 24 Hours

SolarLeaks set for SolarWinds
A website named SolarLeaks is selling data claimed to be stolen from companies affected by the SolarWinds attack. The stolen data on the website allegedly belongs to Microsoft, Cisco, FireEye, and SolarWinds. The website is also selling Microsoft source code and repositories for $600,000.

Pfizer vaccine data stolen
The European Medicine Agency (EMA) has revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December were leaked online. Reports suggested that the leaked data included email screenshots, EMA peer review comments, Word documents, PDFs, and PowerPoint presentations.

OmniTRAX affected
Conti ransomware has struck again, this time affecting OmniTRAX. Following the attack, the threat actors have leaked around 70GB of the stolen data. The data exposed includes crucial internal OmniTRAX documents.

Mimecast certificate stolen
A sophisticated threat actor has compromised a Mimecast digital certificate provided to certain customers to securely connect to Microsoft 365 Exchange. While the company has not elaborated on the extent of the attack, a consequence of such attacks could result in MitM attacks.

Capcom suffers a breach
Capcom has suffered a security breach that affected the personal data of up to 400,000 gamers. The Ragnar Locker ransomware group has claimed the responsibility and said that they have downloaded more than 1TB of corporate data, including banking details, contracts, and proprietary data, among others.

Top Malware Reported in the Last 24 Hours

A new variant of Ursnif discovered
A new variant of Ursnif trojan has been spotted in the wild targeting users in Italy. The campaign spreads via phishing emails written in Italian language and masquerades as a payment reminder. The email includes a Word document named ‘residuo_8205843.doc’.

Newly discovered Rogue RAT
Researchers have released details about a new Rogue RAT capable of reading victims’ messages, stealing passwords, taking screenshots, and even recording calls. The RAT infects victims with a keylogger, allowing attackers to easily monitor the websites and apps used by target users. The RAT is said to be a blend of two previous families of Android RATs - Cosmos and Hawkshaw. It is being sold on a dark web forum by a threat actor group named Triangulum.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 83 flaws
For the first patch Tuesday of 2021, Microsoft has released security updates for 83 vulnerabilities spanning across 11 products. These include an actively exploited zero-day vulnerability tracked as CVE-2021-1647. The most severe of these issues is a remote code execution flaw (CVE-2021-1647) in Microsoft Defender.

SAP publishes 10 advisories
SAP has published 10 advisories for different vulnerabilities in SAP Business Warehouse, SAP Commerce Cloud, BusinessObjects, Master Data Governance, NetWeaver, GUI for Windows, 3D Visual Enterprise Viewer, Banking Services, and EPM add-in. The most important of these is CVE-2021-21465, which carries a CVSS score of 9.9.

Adobe addresses 7 flaws
Adobe has issued patches for seven critical remote code execution vulnerabilities plaguing a slew of its multimedia and creativity software products. The impact of the flaws ranges from arbitrary code execution to sensitive information disclosure.

Exploiting zero-day vulnerabilities
Google Project Zero researchers have uncovered sophisticated hacking campaigns that used  Windows and Android zero-day vulnerabilities. Threat actors had leveraged these n-days vulnerabilities to exploit two servers delivering different exploit chains via watering hole attacks. While one server targeted Windows users, the other targeted Android.


rogue rat
ursnif trojan
microsoft defender antivirus

Posted on: January 13, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.