Go to listing page

Cyware Daily Threat Intelligence, November 30, 2021

Cyware Daily Threat Intelligence, November 30, 2021

Share Blog Post

Organizations that do not prioritize securing their MultiFunction Printers (MFPs) like other endpoints leave themselves exposed to attacks like the one discovered recently. In a concerning revelation, HP revealed that more than 150 of its MFPs were vulnerable to attacks that could enable anyone to steal information and infiltrate the victim’s network. The firm has proactively worked on the matter by issuing patches in time.

In the past 24 hours, there have been several developments in the malware threat landscape. While BazarLoader is being actively used in a campaign targeting U.S organizations, a new variant of the EwDoor botnet has been spotted being used against AT&T customers. Malicious apps continue to hound Android users as details of a new trojan attack infecting more than 300,000 users surface.

Top Breaches Reported in the Last 24 Hours

DDC discloses breach incident
DNA Diagnostic Center (DDC) disclosed a security breach incident that affected over 2 million individuals. The incident occurred between May and July, but the firm discovered it in October 2021. The exposed data includes full names, platform account passwords, and payment information of people.

IKEA attacked
IKEA has been attacked in a new phishing email reply-chain attack that affected its suppliers and business partners. The supply retail chain firm has launched an investigation to understand the scope of the attack.

German banks targeted
German banks, notably Volksbank and Sparkasse, are being targeted in an ongoing attack campaign. The campaign is disseminated via phishing emails purporting to be account administration information. These emails contain links or QR codes that direct victims to credential harvesting pages.

U.S. organizations under attack
Thieflock ransomware operators, an affiliate of Yaunluowang ransomware, have been associated with a series of attacks against U.S. corporations. The attackers are distributing BazarLoader in the reconnaissance stage of the attack.

Top Malware Reported in the Last 24 Hours

New Chinotto malware
A new espionage campaign from ScarCruft APT group targeted Windows and Android devices. The campaign was launched using a newly found malware named Chinotto. The victims were mostly located in South Korea. The malware is capable of exfiltrating data, taking screenshots, removing files, and recording call logs, among others.

Malicious apps infect users
Researchers disclosed that more than 300,000 Android users were affected by banking trojans after installing apps from the Google Play Store. The malicious code was hidden in apps pretending to be code scanners, PDF scanners, security tools, fitness apps, and two-factor authenticators.

EwDoor botnet evolves
EwDoor botnet has been evolved to target AT&T customers. The latest version includes more BT trackers, along with functionalities. The current version of the botnet can also launch DDoS attacks and steal sensitive data. It propagates via CVE-2017-6079, a flaw affecting EdgeMarc Enterprise Session Border Controller devices belonging to AT&T.

Top Vulnerabilities Reported in the Last 24 Hours

Zoom issues patches
Zoom has shipped patches for two high-severity flaws that could expose Windows, macOS, Linux, iOS, and Android users to malicious attacks. The flaws, tracked as CVE-2021-34423 and CVE-2021-34424, are related to buffer overflow and memory corruption issues.

Flaws in HP printers
Over 150 HP MFPs are open to attacks due to two vulnerabilities - CVE-2021-39237 and CVE-2021-39238. Attackers can exploit these flaws to seize control of vulnerable devices, steal information, and further infiltrate networks. The firm has issued patches for the said vulnerabilities.

Workaround for a Windows flaw
Microsoft has issued a temporary fix to address a zero-day flaw CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare bug. The flaw can also allow attackers to read arbitrary files on Windows systems with restricted privileges.

 Tags

dna diagnostic center ddc
bazarloader
scarcruft apt group
ewdoor botnet
hp multifunction printers mfps
thieflock ransomware operators

Posted on: November 30, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite