Go to listing page

Cyware Daily Threat Intelligence, January 20, 2022

Cyware Daily Threat Intelligence, January 20, 2022

Share Blog Post

Cybercriminals, looking for ways to exploit the Log4Shell vulnerability, are attacking products from SolarWinds and ZyXEL that are known to have used the Log4j library. Microsoft has recently made a new revelation on the matter by highlighting a zero-day flaw in the SolarWinds Serv-U file-sharing server. On the other hand, Akamai has identified a variant of the Mirai botnet going after Zyxel networking devices to launch DDoS attacks. Applying required patches and ensuring the right security postures through the streamlined combination of people, processes, and technologies can help prevent organizations from such attacks.

A third new bootkit, dubbed MoonBounce, has been discovered in the wild. The malicious impact hides in a computer’s Unified Extensible Firmware Interface (UEFI) firmware, making it hard for proprietary security products to spot. The bootkit is being used by the APT41 threat actor group in targeted attacks.

Top Breaches Reported in the Last 24 Hours

Update on Gloucester City Council attack
A cyberattack at Gloucester City Council has been linked to Russian hackers. The Council became aware of the attack on December 20, 2021. A harmful software that was left dormant for some time was used in the attack that affected the council’s revenue and benefits, planning, and customer services.

King Plant Barn affected
Kings Plant Barn has become the latest victim of a security breach that occurred at FlexBooker. The incident affected the names, email addresses, and collection times. However, the firm disclosed that no credit card, password details, or mobile data were exposed.

ICRC discloses a cyberattack
The International Committee of the Red Cross (ICRC) was hit by a cyberattack this week that compromised the personal data of over 515,000 people. The data accessed came from at least 60 Red Cross and Red Crescent National Societies located across the world.

RRD targeted by Conti ransomware
Marketing giant RRD confirmed a security breach incident that was launched by Conti ransomware attackers. This disrupted the IT systems, making its customers unable to receive printed documents required for vendor payments, disbursement checks, and motor vehicle documentation. The attackers, on the other hand, claimed responsibility and began leaking 2.5GB of data allegedly stolen from RRD. (For tactics, techniques, and procedures of Conti ransomware, click here.)

Top Malware Reported in the Last 24 Hours

MoonBounce bootkit
A new firmware bootkit, dubbed MoonBounce, has been discovered in the wild. The malicious impact hides in a computer’s Unified Extensible Firmware Interface (UEFI) firmware, making it hard for proprietary security products to spot. The bootkit is being used by the APT41 threat actor group in targeted attacks.

Top Vulnerabilities Reported in the Last 24 Hours

SolarWinds patches Serv-U vulnerability
SolarWinds has released patches for a Serv-U vulnerability that has been abused for the propagation of Log4j attacks. Tracked as CVE-2021-35247, the input validation flaw can allow an attacker to build a query based on given input and then send the query over the network without sanitization. The flaw impacts versions prior to 15.3 of the Serv-U server.

Google releases patches for 26 flaws
Google has announced the release of 26 security patches as part of its latest Chrome update. One of these includes a critical-severity bug. There are 12 use-after-free flaws impacting Safe Browsing, Site isolation, Web packaging, Omnibox, Printing, Vulkan, Scheduling, Text Input Method Editor, Bookmarks, Optimization Guide, and Data Transfer.

Cisco patches a critical flaw
Cisco has fixed a critical security flaw discovered in its Redundancy Configuration Manager (RCM) for Cisco StarOS software. Tracked as CVE-2022-20649, the flaw enables attackers to gain remote code execution with root-level privileges on devices running the vulnerable software. Meanwhile, the company claims to be unaware of the exploitation of the vulnerability in ongoing attacks.

 Tags

gloucester city council
conti ransomware
moonbounce bootkit
chrome update
mirai botnet
zyxel networking devices

Posted on: January 20, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.