Go to listing page

Cyware Daily Threat Intelligence, October 04, 2021

Cyware Daily Threat Intelligence, October 04, 2021

Share Blog Post

A county is in trouble, operations at a publication giant are disrupted, and an aerospace organization has suffered a loss of a massive trove of data. Blame it on ransomware attacks running rampant. While Pottawatomie county is working on restoring its affected systems, the publication giant Sandhills Global had to temporarily take down its website. To make it worse Israel-based E.M.I.T aerospace was threatened by LockBit 2.0 operators if the firm failed to pay the ransom. 

Meanwhile, a new ransomware named Atom Silo has also been attempting to make a strong foothold in the threat landscape. Researchers observed the ransomware being deployed in a campaign that exploited a recently patched Confluence Server and Data Center vulnerability.

Top Breaches Reported in the Last 24 Hours

Coinbase notifies about a breach
U.S. cryptocurrency exchange Coinbase is notifying its customers about a data breach that took place between March and May. The attack occurred after attackers gained unauthorized access to Coinbase customer accounts and moved their funds from the platform.

Sandhills Global disrupted
Publication giant Sandhills Global has shut down its operations following a ransomware attack. The attack disrupted the website, making it inaccessible to everyone.  

Pottawatomie County targeted
Pottawatomie County is working on restoring its systems after being targeted in a ransomware attack. The county paid a ransom to hackers to restore the systems. 

E.M.I.T hit
Israeli Aerospace and Defence firm E.M.I.T became the latest victim of LockBit 2.0 ransomware. Following the attack, the threat actors have threatened to leak the data on the dark web in case the company fails to pay the ransom. 
 
Top Malware Reported in the Last 24 Hours

New Atom Silo ransomware
Atom Silo is a newly spotted ransomware that is deployed by exploiting a recently patched Confluence Server and Data Center vulnerability. The ransomware uses several novel techniques such as DLL side-loading techniques to evade detection. Atom Silo shares similarities with LockFile ransomware. 

Top Vulnerabilities Reported in the Last 24 Hours

PoC for macOS Gatekeeper bypass released
A researcher has released PoC for a macOS Gatekeeper bypass vulnerability that was patched this April. The flaw is tracked as CVE-2021-1810 and can allow attackers to download malicious files. Successful exploitation needs attackers to trick users into downloading and opening the archive containing a specially crafted file.  

Exploitation of OMIGOD flaws
Experts warn that one of the OMIGOD flaws affecting IBM QRadar Azure can be exploited by attackers to execute arbitrary code. The flaw is tracked as CVE-2021-38647 and can be triggered by executing a specially crafted program on vulnerable systems. 

 Tags

coinbase
macos gatekeeper bypass
sandhills global
atom silo
emit aerospace

Posted on: October 04, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.