Go to listing page

Cyware Daily Threat Intelligence July 07, 2021

Cyware Daily Threat Intelligence July 07, 2021

Share Blog Post

Threat actors have started taking advantage of the sophisticated Kaseya REvil ransomware attack to cause further damage. A new malspam campaign that pretends to be a security update for VSA servers has been uncovered by researchers. The ultimate goal of the campaign is to drop Cobalt Strike on victims’ devices.

In other threats, the lesser-known WildPressure APT group has re-emerged with upgraded versions of the Milum trojan. Dubbed as Guard and Tandis, the malware are capable of infecting both Windows and macOS systems.

Security teams can have a sigh of relief as a security patch for the much-talked-about PrintNightmare vulnerability has been released. Existing in Windows Print Spooler service, the flaw can allow remote attackers to run arbitrary code and take over vulnerable systems.

Top Breaches Reported in the Last 24 Hours

Update on Kaseya attack
The REvil ransomware gang has lowered the ransom price from $70 million to $50 million for the universal decryptor. Meanwhile, Kaseya has released a new detection tool to determine whether or not a system has been infected in the recent attack.

Wiregrass Electric Cooperative affected
Wiregrass Electric Cooperative was hit by a ransomware attack that temporarily blocked the customers from accessing their account information. The firm discovered the attack on one of its servers, which was later isolated.

Medical data exposed
A misconfigured database has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown threat actors gained unauthorized access to the database owned by Elekta and stole patients’ names, dates of birth, Social Security Numbers, health insurance information, and medical record numbers.

GETTR security snafu
A hacker has leaked confidential data from a new social media platform called GETTR. The data has been dumped on the RAID hacking forum and includes details such as users’ email addresses, birth years, and locations.

Hacking attempt
Hackers attempted to hijack Microsoft Cloud Customer Apps by exploiting Synnex. It is yet to be ascertained if the hack was a part of the Kaseya ransomware campaign.

Top Malware Reported in the Last 24 Hours

New Milum trojan
The WildPressure APT group has resurfaced with new versions of Milum trojan that target both Windows and macOS systems. Dubbed as Guard and Tandis, the trojans enable the threat actors to gain remote control of the compromised device. While Guard is written in Python, Tandis is a VBScript version of Milum.

Malspam campaign
Threat actors are leveraging the Kaseya ransomware attack to launch a malspam campaign that drops Cobalt Strike. The campaign is carried out via phishing emails that contain an attachment named ‘SecurityUpdates.exe’, as well as a link pretending to be a security update for the Kaseya vulnerability.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues a security update
Microsoft has shipped an out-of-band security update to address a critical zero-day vulnerability called PrintNightmare. The flaw, tracked as CVE-2021-34527, affects the Windows Print Spooler service and can allow remote attackers to run arbitrary code and take over vulnerable systems.

 Tags

vsa servers
milum trojan
wiregrass electric cooperative
wildpressure apt group

Posted on: July 07, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.