Go to listing page

Cyware Daily Threat Intelligence October 12, 2021

Cyware Daily Threat Intelligence October 12, 2021

Share Blog Post

The use of bad password practices continues to put organizations in a pressing state. And, this becomes more imminent as emerging threat actor groups make the most out of poor password hygiene. A newly discovered threat actor gang, tracked as DEV-0343, made attempts to exfiltrate intellectual and proprietary information using password spraying attacks against US, EU, and Israeli defense companies.

Malicious apps also continue to cause mayhem as threat actors evolve their tactics to sneak past security checks. Researchers have uncovered a maligned photo editor app that steals Facebook credentials to run ad campaigns on victims’ profiles. In another significant attack, Olympus suffered a sophisticated ransomware attack for the second time in a year.

Top Breaches Reported in the Last 24 Hours

Password spraying attack
An emerging threat actor gang, tracked as DEV-0343, has been associated with a password spraying campaign targeting US, EU, and Israeli defense companies. The attack campaign, first observed in July 2021, is aimed at stealing intellectual and proprietary information. The attack is triggered via Firefox and Google Chrome browsers and relies on a series of unique Tor proxy Ip addresses.

DDoS attacks detected
Microsoft mitigated a record of 2.4 Tbps DDoS attack targeting a European Azure customer in August. The attack was launched using roughly 700,000 bots from across the Asia-Pacific region and the U.S.

ReproSource hit
Quest Diagnostics informed the SEC about a ransomware attack that hit one of its subsidiaries, ReproSource. The attack led to a data breach, affecting the health and financial information of about 350,000 patients.

Olympus affected
Olympus, a leading medical technology company, was again forced to shut down its IT systems in the Americas following a ransomware attack on October 10, 2021. This incident follows the attack that hit the firm in early September.

Top Malware Reported in the Last 24 Hours

Malicious photo editor app
A malicious photo editor app called Blender Photo Editor-Easy Photo Background Editor has been found stealing users’ Facebook credentials to run ad campaigns without their knowledge. The app has over 5,000 downloads to date and is found on the Google Play Store. Users should be wary when downloading such apps.

Top Vulnerabilities Reported in the Last 24 Hours

Apple releases an emergency patch
Apple has issued an emergency patch for a zero-day vulnerability affecting iOS and iPadOS systems. The flaw is assigned with the identifier CVE-2021-30883 and is related to a memory corruption issue in the ‘IOMobileFrameBuffer’. It can be exploited to execute arbitrary code with kernel privileges. The patches have been issued with the release of version 15.0.2 of iOS and iPadOS.

Vulnerable InHand routers
Several serious vulnerabilities discovered in OTORIO in IR615 LTE routers manufactured by InHand Networks can expose many organizations to remote attacks. The list of vulnerabilities includes cross-site request forgery, remote code execution, command injection, and weak password policy issues. The patches for a total of 13 flaws are yet to be released.

Flaws in video surveillance systems
Various critical and high-severity vulnerabilities discovered in video surveillance systems made by Exacq Technologies could be abused to launch remote attacks. The flaws are related to DoS, privilege escalation issues. Users can update to version 21.9 to prevent exploitation of the flaws.

 Tags

exacq technologies
reprosource
inhand routers
dev 0343 threat actor
ddos attacks
olympus

Posted on: October 12, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.