Go to listing page

Cyware Daily Threat Intelligence, June 02, 2021

Cyware Daily Threat Intelligence, June 02, 2021

Share Blog Post

Circumventing security software while spreading across networks has always been one of the primary objectives of malicious actors. Making it more challenging for security vendors, researchers have disclosed details about two new attack techniques that can make the detection of attacks more difficult. These are dubbed as ‘Cut-and-Mouse and Ghost Control’ attacks that leverage several security weaknesses found in popular software applications. Malware operators can use this trick to bypass ransomware defense systems in antivirus solutions.

In another update, researchers have uncovered hacking operations conducted by the notorious Kimsuky APT group. The ultimate purpose of these attacks was to distribute the AppleSeed backdoor.

Meanwhile, users are being urged to uninstall the Fancy Product Designer plugin from their WordPress sites as a critical file upload vulnerability found in the plugin is being exploited in the wild.

Top Breaches Reported in the Last 24 Hours

New update on Nobelium’s attacks
The latest wave of attacks being attributed to the Nobelium threat actor group includes the use of a new poisoned update installer. The latest iteration uses a multi-stage infection process that includes the use of ‘DLL_stageless’ downloaders called NativeZone. This served as a booby-trapped update installer for a Ukrainian cryptographic smart key used in government operations.

Kimsuky’s new target
Researchers have released TTPs associated with the Kimsuky threat actor group that was used in the recent attacks against South Korean government agencies. The APT group had leveraged spear-phishing emails to distribute the AppleSeed backdoor.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Fancy Product Designer plugin
A critical file upload vulnerability discovered in the Fancy Product Designer plugin is being exploited in the wild. The flaw is being abused to upload malware onto WordPress sites that have the plugin installed. Currently, there is no security patch for the flaw.

Cut-and-Mouse and Ghost Control attack
Researchers have demonstrated a new attack technique dubbed Cut-and-Mouse and Ghost Control that can be used to bypass ransomware defense in antivirus solutions. The newly discovered twin attacks leverage security weaknesses in popular software applications that can ultimately enable the takeover of applications.

Bypassing ASMI
Researchers have outlined common tools and tactics that are being used to bypass Microsoft’s Anti-Malware Scan Interface (AMSI). One of the tools leveraged is Seatbelt, an offensive security tool. Other known techniques include living-off-the-land and fileless attacks.

Faulty Overwolf platform patched
A remote code execution vulnerability in the client application of the Overwolf game development platform has been patched. The flaw is tracked as CVE-2021-33501 and has a CVSS score of 9.6. Attackers can achieve RCE by combining an XSS bug with a Chromium Embedded Framework sandbox escape.

Vulnerable Industrial switches
Industrial switches provided by several vendors are affected by five types of vulnerabilities that arise due to the use of the same firmware made by Korenix Technology. The flaws are related to unauthenticated device administration, backdoor account, cross-site request forgery (CSRF), authenticated command injection, and TFTP file read/write issues.

 Tags

appleseed backdoor
remote code execution vulnerability
fancy product designer plugin
kimsuky apt group

Posted on: June 02, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.