Go to listing page

Cyware Daily Threat Intelligence, October 07, 2021

Cyware Daily Threat Intelligence, October 07, 2021

Share Blog Post

While the healthcare sector is committed to our well-being, who takes care of their infrastructure? OSF HealthCare experienced a computer systems outage due to a breach that exposed the PHI of some of its patients. In a recent turn of events, researchers extracted 950GB of data from Agent Tesla’s Command & Control (C2) servers that allowed for the recovery of knowledge about the victims. 

Major vulnerabilities that came under the limelight include authentication bypass vulnerabilities in unpatched Dahua cameras, CAPTCHA-breaking bug in MyBB software, and high-severity code injection vulnerability in Yamale. A multi-million dollar real estate scam operation that incurred a loss of around $4 million was also busted by European police forces.

Top Breaches Reported in the Last 24 Hours

Data security incident at OSF HealthCare
Earlier this year, Illinois-based OSF HealthCare suffered an attack on its IT systems due to unauthorized access that exposed the PHI of its patients for over six weeks. The health system is notifying its patients about the exposed information that included some patients’ names, birthdates, SSNs, financial information, and the details of their treatment, prescription, and health insurance. 

Indian Spyware targets Togo activist
Cyber mercenaries employed fake Android applications and emails laden with Indian-made spyware to target a notable Togolese human rights activist. The investigation revealed links between the hacker group Donot Team and Innefu Labs, an Indian cybersecurity company.

Top Malware Reported in the Last 24 Hours

HC3 warns against LockBit variant
The Health Sector Cybersecurity Coordination Center (HC3) released a threat briefing about a new variant of the LockBit ransomware. According to HC3, while targeting healthcare entities, a LockBit affiliate appeared to have a “contradictory code of ethics.”

Agent Tesla suffers a data leakage
Researchers pulled out more than 950GB of logs—from Agent Tesla’s C2 servers (C2)—comprising compromised Internet user credentials, files, and other critical information stolen by malicious code. The extracted information supported the recovery of information about the victims and the timeline of the campaigns launched by threat actors leveraging Agent Tesla. 

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched cameras prone to exploitation
Unpatched Dahua cameras are susceptible to two authentication bypass vulnerabilities tracked as CVE-2021-33044 and CVE-2021-33045, and a PoC exploit. Both the flaws are remotely exploitable during the login process by sending specially-crafted data packets to the target device. 

CAPTCHA bug in MyBB software
MyBB warns users about the latest version of its software that has a CAPTCHA-breaking bug, which could impact forum functionality. In a recent notice, the project’s developers informed that the bug affects reCAPTCHA v3 and hCaptcha invisible, two services that stop malicious bots from flooding online resources with illegal traffic.

Code execution bug impacts Yamale
A high-severity code injection vulnerability in Yamale, a schema and validator for YAML, could be exploited by threat actors to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 manipulates the schema file provided as input to the tool to avoid protections and achieve code execution. 

Top Scams Reported in the Last 24 Hours

Multi-million dollar fraud gang busted
Allegedly, the European police cracked an international organized crime group (OGC) that made millions from real estate fraud. The leader of the fraud gang used fake ads for properties up for sale or rent, tricking victims into sending deposit money and rent. The OGC is estimated to have caused losses of around $4m for more than 470 victims.

 Tags

agent tesla rat
osf healthcare
donot team
yamale
mybb
lockbit ransomware
dahua cctv
real estate fraud

Posted on: October 07, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.