Go to listing page

Cyware Daily Threat Intelligence, October 11, 2021

Cyware Daily Threat Intelligence, October 11, 2021

Share Blog Post

The wacky TLS security vulnerabilities have come under the notice of the NSA. The law enforcement agency has warned organizations against the use of poorly secured TLS certificates and the new Allowing Cross-Protocol Attacks (ALPACA) that can result in damage to brand reputation. Attackers can exploit these flaws to perform arbitrary execution and steal sensitive data.

What’s the most popular malware in October? TrickBot trojan. Despite the arrest of two members, the trojan continues to stride ahead via a recognizable chain of attack. Victims were tricked into opening malicious files sent via phishing emails.

Top Breaches Reported in the Last 24 Hours

Cox Media Group admits an attack
Cox Media has acknowledged a data breach due to a ransomware attack that occurred on June 3, 2021. The incident affected over 800 individuals, with impacted data including names, addresses, social security numbers, financial information, medical diagnosis numbers, and health insurance information of users.

Oregon Eye Specialist affected
A U.S. optometry group, Oregon Eye Specialist, disclosed a data breach involving unauthorized access to internal email accounts. The exposed data included customers’ names, dates of birth, dates of service, medical record numbers, financial account information, and health insurance information.

Pacific City Bank discloses an attack 
Pacific City Bank disclosed a ransomware incident that took place last month. During the incident, the attackers had gained access to loan application forms, tax return documents, payroll records of client firms, full names, addresses, and social security numbers of users. AvosLocker ransomware group has taken responsibility for the attack.

Top Malware Reported in the Last 24 Hours

TrickBot’s menace
Despite the arrest of two TrickBot members, researchers found that the trojan continues to spread across organizations. The attack process included victims opening a malicious Office file that is protected with a password. Once the file is opened, the macros are executed and cause the deployment of the trojan. 

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Medtronic pumps
Medical device makers Medtronics recalled the remote controllers-based insulin pumps following the discovery of severe vulnerabilities. An attacker can exploit the vulnerabilities to modify the quantity of insulin pumped into the patients and could lead to injury or death of patients. 

New TLS attack technique
NSA released guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols. Named Allowing Cross-Protocol Attacks (ALPACA), a new kind of attack can allow threat actors to perform arbitrary actions and access sensitive data. 

 Tags

cox media group
allowing cross protocol attacks alpaca
medtronic pumps
trickbot trojan

Posted on: October 11, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.