Go to listing page

Cyware Daily Threat Intelligence, March 22, 2021

Cyware Daily Threat Intelligence, March 22, 2021

Share Blog Post

Unpatched zero-day flaws have led to a spike in cyberattacks. Researchers have unearthed a series of new attack campaigns that leveraged a total of 11 zero-day flaws affecting Windows, iOS, and Android. These attacks were carried out in two separate months, February and October 2020. 

In another instance, BlackKingdom ransomware is now being used as part of attacks targeting ProxyLogon vulnerabilities in Microsoft Exchange servers. The first was the DearCry ransomware that was used in limited attacks earlier this month.

Meanwhile, the REvil ransomware has landed a blow on Acer by stealing and encrypting sensitive data from the company. The gang has shared screenshots of customer data and payment application forms, among others, to claim their attack.    

Top Breaches Reported in the Last 24 Hours

Acer hit
World’s largest PC and device maker, Acer, has reportedly been targeted by the REvil ransomware gang who demanded $50 million in ransom to release the decryption key. To claim the attack, the gang has shared screenshots of customer data, payment application forms, and other information on the REvil darknet site. 
 
Top Malware Reported in the Last 24 Hours

New BlackKingdom ransomware
BlackKingdom is the second confirmed ransomware targeting Microsoft Exchange ProxyLogon vulnerabilities. Based on the logs collected from honeypots, victims are located in the USA, Canada, Austria, Switzerland, Russia, France, Israel, the U.K, Italy, Germany, Greece, Australia, and Croatia.

Top Vulnerabilities Reported in the Last 24 Hours

11 zero-days targeted
A group of hackers used 11 zero-days in attacks targeting Windows, iOS, and Android users. The attacks were carried out in two separate campaigns, one in February 2020  and the other in October 2020.

Vulnerable Netop Vision Pro software 
Multiple security holes discovered in Netop Vision Pro software can be exploited by hackers to gain full control over students’ computers. Attackers can also perform local elevation of privilege attacks and ultimately gain system privileges.  The vulnerabilities are tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-2795. Netop plans to roll out security patches in the near future.  

A flaw in Apache OFBiz
A high-severity flaw in Apache OFBiz can allow an unauthorized adversary to remotely take control of the open-source enterprise resource planning system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs unsafe deserialization as an attack vector to permit attackers to execute arbitrary code on a server directly.

Top Scams Reported in the Last 24 Hours

Employees returning office targeted
Employees who are returning to work in offices and other company premises are being targeted in a new phishing campaign that impersonates their colleagues, as well as company leadership. The campaign uses several lures such as a ‘survey regarding the COVID-19 vaccine’, ‘internal precautionary measures’, and ‘changes in rules and new security roles within the company’.  

Phishing against Resident Evil gamers
Scammers are using demos and early access promises as bait to lure Resident Evil gamers. For this, they are using fake emails offering ‘Early access invitations’ to play Village itself. 

 Tags

11 zero day flaws
revil ransomware gang
dearcry ransomware
netop vision pro
blackkingdom ransomware

Posted on: March 22, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.