Go to listing page

Cyware Daily Threat Intelligence, November 23, 2021

Cyware Daily Threat Intelligence, November 23, 2021

Share Blog Post

The detection of new malware samples indicates the level at which cyber threats are evolving. In the last 24 hours, security researchers have released details about two new malware that are being used in the wild. One of them is a new variant of the BazarLoader dropper that comes with two new malware delivery techniques. The second is a new Tardigrade malware loader that bears resemblance to Smoke Loader. While the former has affected users in the U.S., the latter is being actively used against biotech companies, with the latest attack being detected in October.

And just like that, the list of stealthy malware loaders continues to expand with the discovery of another new malware dubbed RATDispenser. It gets its name from the type of payloads (RATs) it distributes.

Top Breaches Reported in the Last 24 Hours

GoDaddy discloses a breach
GoDaddy has disclosed a data breach that exposed the data of 1.2 million customers. The incident occurred after attackers used compromised passwords to access the company’s Managed WordPress hosting environment. The attack is believed to have taken place on September 6.

Top Malware Reported in the Last 24 Hours

New Tardigrade malware
BIO-ISAC has raised an alarm about cyberattacks against biomanufacturing facilities. The campaign is launched using a new malware dubbed Tardigrade. It bears resemblance to Smoke Loader and is capable of downloading payloads, including ransomware, and manipulating files on compromised systems.

BazarLoader upgraded
Threat actors have added two new malware delivery tactics in the latest version of BazarLoader. One of the methods involves the use of compromised software installers and the second one involves the use of an ISO file with LNK and DLL payloads.

New RATDispenser malware
A new JavaScript malware loader named RATDispenser has been found distributing RATs as payloads in multiple stealthy attacks. The infection chain of the campaign begins with phishing emails sent to users.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in Imunify360 patched
A critical PHP deserialization vulnerability has been patched in the Imunify360 Linux server. The flaw, tracked as CVE-2021-21956, can be exploited to execute malicious code and has been issued a CVSS score of 8.2. The flaw affects versions 5.8 and 5.9 of the server.

PoC for Oracle VM flaw disclosed
Researchers disclosed details for a now-patched vulnerability affecting Oracle VM VirtualBox. Tracked as CVE-2021-2442, the flaw affects all versions of the product prior to 6.1.24. It can be abused to compromise the hypervisor and cause a DoS attack.

Code execution flaws discovered
A series of flaws affecting OpenVPN-based applications can allow attackers to achieve code execution attacks by tricking victims into visiting maliciously crafted pages. The flaws affect products from HMS Industrial Networks, MB connect line, PerFact, and Siemens.

Flawed Philips products
Philips is working on patches for several vulnerabilities impacting some of its medical products. The flaws have been identified in Philips IntelliBridge, Patient Information Center iX (PIC iX), and Efficia CM series products. Two of these flaws are related to the use of hardcoded credentials and authentication bypass.

PoC for privilege escalation flaw released
A PoC for Windows zero-day privilege escalation vulnerability has been released by researchers. Tracked as CVE-2021-41379, the flaw can allow threat actors with limited access to a compromised device to elevate their privileges and help spread laterally within the networks.

 Tags

godaddy
philips
ratdispenser
bazarloader dropper
tardigrade malware
imunify360

Posted on: November 23, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite