Cyware Daily Threat Intelligence, January 20, 2021

Share Blog Post

The ShinyHunters threat actor group is back from shadows with another batch of user records belonging to Pixlr. The gang has shared the database containing 1.4 million records for free on a hacker forum. 

Another threat actor group named Chimera has also re-emerged and is linked with the attacks on the airline industry over the last few years. During its initial days, the attacks were targeted against Taiwan’s superconductor industry. 

Meanwhile, the Sofacy hacker group’s VPNFilter malware is still found to be hosted on hundreds of networks and computer devices.

Top Breaches Reported in the Last 24 Hours

Pixlr records leaked
1.4 million Pixlr user records belonging to Pixlr have been leaked on a hacker forum by the ShinyHunters threat actor group. The database has been shared for free on the forum. 
 
Malwarebytes targeted by SolarWinds
After FireEye, another cybersecurity firm Malwarebytes has revealed being targeted by SolarWinds hackers. Although the firm confirmed that it has not used any SolarWinds products, the threat actors had gained access to some of its systems by abusing applications with privileged access to Microsoft 365 and Azure environments. 

Chimera targets the airline industry
A Chinese hacker group Chimera has been attacking the airline industry for the past few years with the goal of obtaining passenger data to track the movement of persons of interest. These attacks have targeted semiconductor and airline companies in different geographical areas, including Asia.

Top Malware Reported in the Last 24 Hours

VPNFilter malware still affects devices
According to researchers at Trend Micro, hundreds of networks are still affected by VPNFilter malware. Believed to be operated by the Sofacy threat actor group, the malware is capable of exfiltrating data, encrypting communications with C2 server, and exploiting endpoints.  

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable 123contactform plugin
A number of vulnerabilities discovered in the 123contactform-for-wordpress WordPress plugin can allow attackers to arbitrarily create posts and inject malicious files into the website without any form of authentication. The plugin owners have not provided a patch to fix these vulnerabilities. Instead, they have taken the affected versions of the plugin down from the WordPress plugin repository. 

Patches for Chrome 88 
Google has released Chrome 88 with patches for 36 vulnerabilities. One of these flaws is rated critical severity and is tracked as CVE-2021-21117. The exploitation of the bug could result in arbitrary code execution in the context of the browser. 

Top Scams Reported in the Last 24 Hours

New investment scam
Interpol has warned of a new investment scam that targets mobile dating apps. The modus operandi involves scammers taking advantage of people’s vulnerabilities who are looking for a potential match and lure them into sophisticated fraud schemes.  

 Tags

vpnfilter malware
chimera hacker group
solarwinds
shinyhunters threat actor group
123contactform for wordpress plugin

Posted on: January 20, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!