Go to listing page

Cyware Daily Threat Intelligence, June 15, 2021

Cyware Daily Threat Intelligence, June 15, 2021

Share Blog Post

Malicious SEO tactics are mounting a comeback to squirm malware-laced sites into Google search results. Lately, threat actors are using PDF documents filled with SEO keywords and links to push SolarMarker malware to the systems of unwary users. This the second time in six months that the malware is using SEO tactics to stay under the radar.

While some attacks do not have a direct mitigation strategy, a few can be prevented by applying security fixes that are easily available. To stop the proliferation of two actively exploited flaws in the wild, Apple has issued out-of-band patches to secure the Safari browser WebKit engine used in sixth-generation Apple iPhones, iPads, and iPod touch devices.

A matter of concern has arisen for security experts as the source code of the .NET version of Paradise ransomware was found to have been leaked on hacker forums. This creates opportunities for threat actors planning to launch sophisticated ransomware attacks. 

Top Breaches Reported in the Last 24 Hours

Hack at Benefits Group
The Seattle-based Service Employees International Union 775 Benefits Group reported a hacking incident that affected the data of 140,000 individuals. Investigation reveals that attackers appear to have gained access to the data systems and deleted PII and PHI.

Data leak reported
A misconfigured database belonging to Cognyte had left exposed more than 5 billion records for three days before it was secured by security experts. The information included names, passwords, email addresses, and other personal details from previously breached records.

REvil claims attack on Invenergy
REvil ransomware gang has claimed responsibility for a recent cyberattack on Invenergy LLC. The attackers posted on their dark website about compromising the company’s computer systems and exfiltrating 4TB of data. Among the information allegedly taken by REvil are contracts and project data.

Ransomware source code leaked
The source code of the .NET version of the Paradise ransomware was leaked on hacking forums over the weekend. This included codes related to its builder and decryption utility. 

Top Malware Reported in the Last 24 Hours

New SolarMarker malware campaign
A new SEO poisoning tactic that makes use of PDF documents filled with keywords and malicious links, has been found distributing the SolarMarker malware. The list of keywords and links is used as a channel to redirect unsuspecting users to multiple sites that install the malware. The backdoor malware is capable of stealing data and credentials from browsers.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches two flaws
Apple has issued out-of-bound patches for two flaws that are being exploited in the wild. The bugs impact the WebKit browser engine that powers Safari, used in sixth-generation Apple iPhones, iPads, and iPod touch model hardware. The flaws are tracked as CVE-2021-30761 and CVE-2021-30762.

Top Scams Reported in the Last 24 Hours

BEC campaign disrupted
Microsoft has disrupted a large-scale BEC campaign that allowed attackers to gain access to messages related to financial transactions. The attack involved breaching the mailboxes of the victims using phishing messages and then exfiltrating sensitive data from the incoming forwarded mails. The ultimate goal of the campaign was to pilfer login credentials from victims by redirecting them to fake pages that looked similar to Microsoft sign-in pages.

 Tags

solarmarker malware
revil ransomware gang
seo poisoning tactic
paradise ransomware
bec campaigns
cognyte

Posted on: June 15, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.