Go to listing page

Cyware Daily Threat Intelligence, July 01, 2022

Cyware Daily Threat Intelligence, July 01, 2022

Share Blog Post

In the latest digital salvo, one of the largest book publishers in the U.S. has found itself caught in the cyberattack whirlwind. While the victims haven’t disclosed much details about the attacks, however, all the information about a sneaky backdoor lurking at vulnerable Exchange servers since over the past 15 months has been made public. It could successfully penetrate the networks of at least 24 firms.

Federal agencies have been ordered to patch their Linux servers against PwnKit within three weeks. The most astounding part is that it remained hidden for over 12 years since pkexec's first release.


Top Breaches Reported in the Last 24 Hours


DDoS hits Norway's websites
Hackers rattled the IT infrastructure of Norway’s public and private sector websites in a DDoS attack, forcing them to go offline. Officials claim pro-Russian cybercriminal group Killnet was behind the act. The online banking identification service and the Norwegian Labor Inspection Authority were among the organizations affected by the attack.

PHI data exposed via radiology facility
Charlotte Radiology disclosed a breach event that culminated in hackers stealing the PHI of patients, such as names, addresses, SSNs, insurance information, and medical record numbers. A similar breach has come to the light at OrthoNebraska wherein hackers took over an email account to obtain PHI.

Macmillan shuts down systems 
Macmillan, U.S., experienced a massive cyber intrusion in its network, knocking its IT systems offline. Its sales team reportedly warned clients and customers about the delay in book shipments. It’s not been disclosed whether it was a ransomware threat and if any data was stolen.

Top Malware Reported in the Last 24 Hours


Free decryptor released for Hive
KISA, South Korea’s cybersecurity agency, has dropped a free decryptor for Hive ransomware. The decryptor works on ransomware versions from v1 to v4. Hive ransomware was ranked in the list of top 10 ransomware strains by revenue in 2021. According to researchers, more than 95% of the keys used for encryption could be recovered using the suggested method.

Fake IIS Module was a backdoor
A new stealthy malware, dubbed SessionManager, has come to light infecting Microsoft Exchange servers after their compromise. For the past 15 months, the backdoor has been posing as a legitimate module for Internet Information Services (IIS). Kaspersky has identified 34 servers across 24 organizations impacted by the malicious backdoor.

Top Vulnerabilities Reported in the Last 24 Hours


CISA added another critical Linux flaw
The CISA warned against a high-severity Linux vulnerability, PwnKit, to its list of bugs exploited in the wild. Tracked as CVE-2021-4034, the vulnerability was found in the Polkit's pkexec component used by the likes of Ubuntu, Fedora, Debian, and CentOS. Qualys, which reported the bug, has urged Linux admins to prioritize patching vulnerable servers via the GitLab repository.

Fixing a critical vulnerability in Gitlab
Gitlab addressed a critical flaw in all of its versions, from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Assigned CVE-2022-2185, the flaw could be abused by an authenticated user to deploy a maliciously crafted project leading to RCE. Besides, the recent update also ??patched other flaws, including two cross-site scripting bugs. Federal agencies have been ordered to fix the security hole in three weeks.

 Tags

hive ransomware group
macmillan
cisa warning
orthonebraska
rce flaws
pkexec
iis module
cve 2021 4034
sessionmanager
ddos attacks
free decryptor
pwnkit
gitlab
charlotte radiology

Posted on: July 01, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.