Go to listing page

Cyware Daily Threat Intelligence, November 17, 2021

Cyware Daily Threat Intelligence, November 17, 2021

Share Blog Post

Fake ransomware attacks are now tricking WordPress website owners into paying a ransom. Researchers have revealed that threat actors targeted nearly 300 websites in a new wave of attacks that involved fake ransomware infection notices. The ultimate goal was to create a sense of urgency among the site owners and demand 0.1 Bitcoin in ransom to restore a site. In another interesting tale of ransomware attacks, miscreants used the typosquatting technique to create similar names of a JS library in an attempt to deliver ransomware to NPM and promote the malware-laden files via Discord.   

In other realms of threats, a new version of the Rowhammer attack—dubbed Blacksmith exploit—is found to be affecting 40 TTR-enabled DRAM devices. As per researchers, the new attack technique can effectively compromise the security of numerous devices.          

Top Breaches Reported in the Last 24 Hours

High-profile organizations targeted
A series of watering hole attacks have been found to be launched against organizations in the U.K and the Middle East. Launched by an Israeli spyware vendor Candiru, the targeted organizations include media outlets, government organizations, internet service providers, and aerospace companies.

300 WordPress sites affected
Around 300 WordPress websites were targeted in a new wave of attacks displaying fake ransomware infection notices. The attack created a sense of urgency through the notice for the site owners to take action by fulfilling a ransom demand. The attackers demand 0.1 Bitcoin in ransom to restore a site.

StripChat leaks personal data
StripChat has suffered a security breach that resulted in the exposure of the personal data of millions of users and adult models. The leaked data includes usernames, email addresses, IP addresses, ISP details, and account status of users and adult models.

More details on Robinhood breach
Robinhood confirmed that users’ phone numbers, among other information, have also been stolen in the recent data breach. The incident occurred in early November, following which hackers pilfered the email addresses of five million users and the full names of another two million users.

Top Malware Reported in the Last 24 Hours

Malicious noblox.js package
Miscreants have been typosquatting the noblox.js package in an attempt to deliver ransomware to NPM and then promote the malware-laden files via Discord. So far, at least six malicious packages have been discovered downloading the malicious code.

Top Vulnerabilities Reported in the Last 24 Hours

New HTTP smuggling attack
A security researcher demonstrated a new HTTP header smuggling attack that could be used against the AWS API Gateway. The attack leverages the security weakness of the API to deploy malicious requests or launch attacks. The AWS team took notice of the issue and is working on resolving it.

Intel fixes a critical flaw
Intel is working on a fix for a critical vulnerability that can allow unauthorized people with physical access to its chips to launch supply chain attacks. The flaw affects older Intel processors, including Intel Pentium, Celeron, and Atom on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms. The flaw can also let hackers bypass various security measures, such as Bitlocker, TPM protection, and anti-copying blocks.

Microsoft patches an XSS flaw
Microsoft patched a reflected cross-site scripting vulnerability in Exchange Server. Tracked as CVE-2021-41349, the flaw could have allowed attackers to read/send emails or perform state-changing actions in the application.

A new version of Rowhammer attack
A new version of the Rowhammer attack affecting all DRAM chips can be abused to compromise the security of a large variety of devices. Dubbed as Blacksmith, the technique exploits the flaw CVE-2021-42114, with a CVSS score of 9.0 out of 10.

 Tags

discord channel
blacksmith exploit
http smuggling attack
robinhood
dram devices

Posted on: November 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.