That’s not all. A large-scale attack campaign that makes use of AgentTesla keylogger has been found to be active since November 2019. The attack campaign mainly targeted countries in Western Europe, including France, Serbia, Poland, Turkey, Italy, and other countries like Argentina.
Talking about vulnerabilities, researchers have uncovered that Apache Tomcat servers released in the last 13 years are vulnerable to a bug called GhostCat.The flaw exists in the Tomcat AJP protocol and can allow malicious hackers to take over unpatched systems.
Top Breaches Reported in the Last 24 Hours
Visser Precision confirms data breach
Visser Precision, a Colorado-based manufacturer, has confirmed a data breach that may have resulted in access or theft of data. Researchers say that the attack was caused by the DoppelPaymer ransomware. A list of files stolen from Visser, including folders with its customers’ names, has been published on the website managed by the ransomware’s operators.
Walgreens leaks data
Walgreens, a pharmacy store in the US, has leaked personal data of some of its users due to an error in the secure messaging feature in the app. The exposed data includes first and last name, prescription details, store number, and shipping addresses of customers.
Power outage in Venezuela
A power outage had occurred in several states of Venezuela on March 1, 2020. The blackout was caused by a cyberattack against the Guri hydroelectric power plant. The incident has also impacted mobile networks partially.
Top Malware Reported in the Last 24 Hours
AgentTesla keylogger returns
Multiple large-scale cyber attacks that involve the use of AgentTesla keylogger have been observed by researchers. The campaign is mainly targeted against countries in Western Europe, including France, Serbia, Poland, Turkey, Italy, and other countries like Argentina. The malware is delivered via phishing emails that carry malicious attachments, generally disguised as payslips, purchase orders, contracts, etc.
Top Vulnerabilities Reported in the Last 24 Hours
Exploitable WordPress plugins
Facebook patches a 10-year-old flaw
A 10-year-old account takeover vulnerability present in Facebook’s Authorization feature ‘Login with Facebook’ has been fixed recently. The critical flaw could allow anyone with the stolen tokens to takeover accounts including Facebook, Instagram, Oculus, and other Facebook services.
Apache Tomcat servlet container is affected by a serious vulnerability called GhostCat. The flaw tracked as CVE-2020-1938, can allow remote attackers to read the content of any file on vulnerable web servers and obtain sensitive configuration files or source code or execute arbitrary code if the server allows file upload. Users are urged to upgrade to the latest version of Apache Tomcat 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability.