Go to listing page

Cyware Daily Threat Intelligence, October 01, 2021

Cyware Daily Threat Intelligence, October 01, 2021

Share Blog Post

A new cybercriminal gang is rearing its head to wreak havoc on organizations. Named ChamelGang, the gang has been tied up with a cyberespionage campaign that distributed malware using legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google. In other news, the Conti ransomware gang has disrupted the business of JVCKendwood by deploying the ransomware and has asked for a ransom of $7 million in exchange for restoring the affected systems.

In the last 24 hours, new malware threats have also left security analysts bewildered. Two newly discovered malware—Sarwent and trojanSpy.Python.ZURU.A—are being used by the attackers to harvest sensitive data from users’ machines.

Top Breaches Reported in the Last 24 Hours

Neiman Marcus Group affected
Dallas-based Neiman Marcus Group is notifying 4.6 million of its online customers about a data breach that occurred in May 2020. The compromised data included usernames, passwords, security questions, and answers linked with online accounts.

ChamelGang attack campaign
An attack campaign targeted against an energy company was the work of a new threat actor group named ChamelGang. The gang disguised its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google. Some of the well-known malicious programs used by the attackers include FRP, Cobalt Strike, and Tiny shell.

Misconfigured Wi-Fi network issue
Multiple configuration issues in the EAP protocol used in free Wi-Fi networks can put numerous universities across Europe at risk. The flaws can be abused by attackers to access the usernames, and passwords of students and faculty.

Bookstores disrupted
Hundreds of bookstores across France, Belgium, and the Netherlands have been disrupted following the ransomware attack. The impacted store chains include Libris, Aquarius, Malperthuis, Donner, Atheneum, and Bookhandels.

JVC Kenwood hit
The Conti ransomware gang has claimed responsibility for attacks on JVCKendwood. The attackers have stolen 1.7 TB of data and are demanding $7 million in ransom.

Top Malware Reported in the Last 24 Hours

Sarwent malware discovered
A brand new malware dubbed Sarwent has been associated with a campaign that pretended to safeguard users from the Pegasus mobile spyware. The campaign impersonated the Amnesty International website to lure users. The Sarwent malware contains the usual abilities of a RAT.

New details about Ranion ransomware
Lesser-known Ranion ransomware is going strong, even after four years of its discovery. The latest version of ransomware, version 1.21, was released in July 2021. It includes updates for detection evasion.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Apple AirTag
A cross-site scripting (XSS) vulnerability in the Apple AirTag product can be exploited by attackers to lure users to malicious websites. A security researcher demonstrated the attack using a payload to redirect the victim to a fake iCloud login page.

Google patches two zero-day flaws
Google has pushed urgent security fixes for two more zero-day vulnerabilities affecting its Chrome browser. The vulnerabilities, tracked as CVE-2021-37975, and CVE-2021-37976, are related to a use-after-free flaw in V8 JavaScript and WebAssembly as well as an information leak flaw in the core.

Vulnerable Corel products
FortiGuard researchers have released details for 15 zero-day vulnerabilities affecting several Corel products. Most of these flaws are related to memory corruption vulnerability and remain unpatched.

Top Scams Reported in the Last 24 Hours

Proxy Phantom fraud
A massive fraud operation called Proxy Phantom zeroed in on several online merchants using over 1.5 million sets of stolen account credentials. The fraudsters relied on unprotected credentials from previously leaked databases and bot-based login attempts to conduct as many as 2691 login attempts per second.

 Tags

chamelgang
sarwent malware
trojanspypythonzurua
neiman marcus group
jvckendwood

Posted on: October 01, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.