Go to listing page

Cyware Daily Threat Intelligence, October 06, 2021

Cyware Daily Threat Intelligence, October 06, 2021

Share Blog Post

Meet MalKamak, another cyberespionage group spewing its malicious activities against the aerospace and telecommunications industry. The gang has been associated with a newly discovered Operation GhostShell campaign that primarily targeted organizations in the Middle East, the U.S., and Russia.

Over 100,000 Apache HTTP servers vulnerable to a zero-day vulnerability are at risk of attacks as threat actors have started taking aim at the vulnerability. Therefore, users are urged to immediately patch the flaw to stay safe from the attacks. In other news, researchers have found the wild use of XBALTI phishing kit against customers of JP Morgan Chase and Amazon.

Top Breaches Reported in the Last 24 Hours

Welland Park Academy affected
A security breach at the U.K’s Welland Park Academy affected the data stored on computers. The intruder attempted to wipe data on systems, forcing the institution to change the passwords.

Fimmick targeted by REvil
Hong Kong-based security firm Fimmick was attacked by REvil operators recently. Following the attack, the attackers have claimed to steal information from the company’s website as well as data from a number of global brands.

Operation GhostShell
Iran-based hacking group MalKamak has been associated with the Operation GhostShelll cyberespionage campaign. The purpose of this campaign was to compromise the networks of companies in the aerospace and telecommunications industries to steal sensitive information. The victims include organizations from the U.S., Europe, the Middle East, and Russia.

Source code of Twitch leaked
Source code and other sensitive information belonging to Twitch have been allegedly leaked on the 4chan forum. This includes 125 GB of data containing roughly 6,000 internal Git repositories.

The Telegraph exposes data
The Telegraph exposed 10 TB of subscriber data and server logs due to misconfigured Elasticsearch databases. This included full names, email addresses, devices details, IP addresses, URL requests, and authentication tokens of customers.

Next Level Apparel affected
A data breach at Next Level Apparel had affected the personal data of both employees and customers. The breach had occurred between February and April 2021.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Axis products
Three security vulnerabilities discovered in Axis video products can be abused to launch arbitrary code execution attacks. The affected products include the company’s Companion Recorder, a compact network video recorder (NVR). The flaws are tracked as CVE-2021-31987, CVE-2021-31986, and CVE-2021-31988.

Vulnerable Canopy
A vulnerability in parental control app Canopy can allow attackers to gain unauthorized access to recorded feeds. The flaw can be triggered by planting JavaScript into the parent portal. Besides gaining access, it can also enable attackers to mine cryptocurrencies.

Flaws in Honeywell products
Three flaws affecting Honeywell DCS products can be abused to launch remote code execution and denial of service attacks. The flaws are tracked as CVE-2021-38395, CVE-2021-38397, and CVE-2021-38397.

Top Scams Reported in the Last 24 Hours

Chase Bank hit
A phishing attack targeted against Chase Bank leveraged a unique XBALTI phishing kit to target users. Researchers also spotted the use of the phishing kit against Amazon users. The kit has been designed to collect banking and credit card information, social security numbers, home addresses, and other sensitive data.


apache http servers
xbalti phishing kit
welland park academy
operation ghostshell

Posted on: October 06, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.