Go to listing page

Cyware Daily Threat Intelligence, March 30, 2022

Cyware Daily Threat Intelligence, March 30, 2022

Share Blog Post

A fresh instance of cybercriminals leveraging Python language for their malicious use has been uncovered in the last 24 hours. Security experts have found a new Python-based ransomware that is actively targeting misconfigured Jupyter Notebook applications. There’s also a new variant of Mars info-stealer in the cyber threat landscape. The malware variant has been spotted leveraging cracked OpenOffice installers to target users in Canada.

Meanwhile, the notorious Lapsus$ gang has made a comeback after a short break. This time it targeted Globant software firm and leaked around 70 GB of source code, including passwords associated with the Atlassian suite.

Top Breaches Reported in the Last 24 Hours


Shutterfly hit by Conti ransomware
A ransomware attack at Shutterfly affected the personal information of its employees. The attack occurred on December 3, 2021, after which the Conti ransomware group had leaked around 7.05 GB of stolen data on its site. Apart from stealing employee data, the gang had also encrypted over 4,000 devices and 120 VMware ESXi servers. Meanwhile, Shutterfly has stated that it is working with security experts to investigate the scope of the attack.

Over $620 million in cryptocurrency stolen
Cyberattackers hacked the Ronin network of Axie Infinity blockchain-based game and stole more than $620 million in cryptocurrency. The incident took place on March 23. The attackers used hacked private keys to forge fake withdrawals. Upon discovery, the Ronin Network halted the Ronin bridge and Katana Dex. 

Lapsus$ targets Globant
The Lapsus$ gang announced its return on Telegram by leaking confidential information stolen from software firm Globant. Around 70 GB of source code as well as administrator passwords associated with the firm’s Atlassian suite, stolen by threat actors, is available on their Telegram channel. In another incident, Okta revealed that Sitel, a third-party service provider, was responsible for the recent security incident involving the Lapsus$ hacking group.

Top Malware Reported in the Last 24 Hours


New Mars Stealer variant discovered
A new variant of Mars Stealer is being used widely in multiple large-scale attack campaigns. In one such campaign, threat actors were spotted using Google Ads for OpenOffice installer to distribute the malware variant. The campaign primarily targeted users in Canada. According to researchers, the new Mars variant is capable of pilfering browser auto-fill data, browser extension data, credit cards, IP address, country code, and timezone, among others. 

New Python-based ransomware spotted
A newly discovered Python-based ransomware has been found targeting the Jupyter Notebook tool to cause significant damage to organizations. The attackers are scanning the internet for applications that are left exposed with no passwords.  

Top Vulnerabilities Reported in the Last 24 Hours


Parser flaw patched in Chrome
A parser flaw that could potentially lead to XSS attacks has been fixed in Chrome 99.0.4844.51. Tracked as CVE-2022-0801, the flaw exists due to inappropriate implementation in the HTML parser. In addition to this, 28 other security vulnerabilities have been addressed in the same version of Chrome. 

A flaw in Wyze Cam
A three-year-old flaw affecting the Wyze Cam internet camera can be exploited to gain remote access to videos and images stored on local memory cards. Attackers can exploit the flaw via a webserver listening on port 80 without requiring authentication. The firm has fixed the flaw by releasing firmware updates for Cam v2 and v3 but Cam v1 remains unpatched.

 Tags

conti ransomware group
python based ransomware
shutterfly
globant
mars info stealer

Posted on: March 30, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.