The fact that cybercriminals see no boundaries has intensified the impact of cybercrime in leaps and bounds. In a new discovery, Facebook disrupted an online cyberespionage campaign that targeted U.S. military personnel. A group of Iranian hackers, dubbed Tortoiseshell, had leveraged the platform to create fake accounts and send malicious links.
In another investigation, Microsoft identified a new malware family—DevilsTongue—pushed via two vulnerabilities in Windows PCs. Meanwhile, users of VMware virtual machines need to be cautious as a new Linux variant of HelloKitty ransomware is actively targeting these machines to spread across systems.
Top Breaches Reported in the Last 24 Hours
Facebook dismantles a campaign
Facebook dismantled a sophisticated online cyberespionage campaign conducted by Iranian hackers. The gang, known as Tortoiseshell, leveraged the platform to target about 200 military personnel and companies in the defense and aerospace sectors in the U.S. and Europe. The hackers created fake online personas on the platform to redirect victims to rogue domains via malicious links.
Top Malware Reported in the Last 24 Hours
BazarBackdoor malware was caught in a new phishing campaign that used the ‘Environment Day’ theme to trick users. The attackers used the multi-compression technique and nested archive method to trick email security gateways. Once deployed on a victim computer, the backdoor used the Cobalt Strike Beacon to spread laterally in the network environment.
DevilsTongue malware attack
Microsoft along with Citizen Lab examined a unique malware family named DevilsTongue developed by Israel-based Private-Sector Offensive Actor (PSOA) dubbed Sourgum. The victims of the malware are spread across Israel, Iran, Spain, and the U.K. The malware is pushed by exploiting CVE-2021-31979 and CVE-2021-33771, for which patches have been released.
HelloKitty ransomware variant
A Linux variant of HelloKitty ransomware is targeting VMware ESXi virtual machines to bypass security checks. Upon execution, the malware variant attempts to shut down virtual machines before encrypting files. Once the virtual machines are shut down, the ransomware encrypts .vmdk (virtual hard disk), .vmsd (metadata and snapshot information), and .vmsn (contains the active state of the VM) files.
TeaBot banking malware
TeaBot mobile banking trojan is surging across Europe. While still under active development, the mobile trojan has been used in attacks against customers of 60 European banks. The malware attempts to steal other account records, including cryptocurrency wallets.
Top Vulnerabilities Reported in the Last 24 Hours
Google patches eight zero-day flaw
Google has released Chrome 91.04472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities. One of them is a high severity zero-day flaw—CVE-2021-30563—being exploited in the wild. According to reports, threat actors exploited the vulnerability to deploy spyware on iOS, Android, macOS, and Windows devices.
A critical SQL injection vulnerability in the WooCommerce e-commerce platform and a related plugin are being exploited in the wild. The flaw can allow attackers to access arbitrary data in an online store’s database. The flaw affects versions from 3.3 through 5.5 of the WooCommerce plugin and WooCommerce Block 2.2 to 5.5 plugin.
Palo Alto Networks patches flaws
Palo Alto Networks has announced patches for multiple security flaws affecting the Prisma Cloud Compute cloud workload protection solution and Windows agent for the Cortex XDR detection and response platform. The most serious of these is a local privilege escalation vulnerability tracked as CVE-2021-3042, with a CVSS score of 7.8.
Cloudflare fixes a critical flaw
Cloudflare has fixed a critical vulnerability in its CDNJS service impacting 12.7% of all websites on the internet. The flaw can be exploited to trigger a Path Traversal vulnerability, and eventually, remote code execution.