Ransomware continues to dominate the cyber threat ecosystem, with attackers wanting fast cash. In the last 24 hours, researchers have uncovered new ransomware, dubbed YunLuowang, that is being used in highly targeted attacks against organizations. It uses the extension with the same name to append the files after encrypting the data.
In other news, the MyKings botnet continues to strike its victims stealthily as researchers come up with new details. It has been found that the botnet has amassed approximately $24.7 million in cryptocurrencies by targeting victims in Russia, India, and Pakistan. Additionally, the botnet has added a new monetization technique that involves the Steam gaming platform.
Top Breaches Reported in the Last 24 Hours
Unprotected database leaks data
A misconfigured database had leaked over 82 million records belonging to customers of multiple companies, including Whole Food Market and Skaggs public safety and uniform company. The exposed data contained order records, names, physical addresses, email addresses, and partial credit card numbers.
Thingiverse data on a hacker forum
A 36 GB backup file belonging to Thingiverse was leaked on a popular hacking forum. The data contained 228,000 unique email addresses and other PII. The data leak occurred due to a misconfigured S3 bucket.
Acer confirms breach
Acer confirmed a data breach that affected its after-sales service systems in India. The allegedly stolen data includes the financial and login details of customers and clients.
Top Malware Reported in the Last 24 Hours
MyKings botnet thrives
MyKings botnet has amassed approximately $24.7 million in cryptocurrencies by targeting victims in Russia, India, and Pakistan. Additionally, the botnet has added a new monetization technique that involves the Steam gaming platform.
Newly discovered Yunluowang ransomware
A new ransomware strain dubbed YunLuowang is being used in highly targeted attacks against enterprise entities. Once deployed, the ransomware stops hypervisor virtual machines and harvests all data before encrypting them.
Top Vulnerabilities Reported in the Last 24 Hours
Security flaw in GitHub
A security flaw in GitHub Actions allowed software code to be automatically passed prior to review from peers or supervisors. This bypass action can be destructive, potentially allowing malicious code that can be used by other users or flow down the pipeline to production.
Flawed Nagios XI software
Three flaws discovered in Nagios XI have been fixed with the release of new versions. The flaws are tracked as CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179.
Sideloading threats on iOS
Apple has released a detailed report about the risks posed by sideloading on iOS. One of the threats includes the installation of apps from third-party stores and websites.
Adobe issues security patches
In October’s Security Patch Tuesday Update, Adobe has announced patches for a total of 10 vulnerabilities affecting its Acrobat and Reader, Connect, Commerce, and Campaign Standard products.
Misconfigured FHIR APIs
Misconfigured APIs used by Healthcare Fast Healthcare Interoperability and Resources (FHIR) can lead to a variety of attacks by abusing compromised apps and automated scripts. The exploitation of flaws can allow threat actors to access more than 4 million patients and clinical records.
Faulty Brizy Page Builder plugin
Stored XSS and arbitrary file-uploading flaws in the Brizy Page Builder WordPress plugin can be exploited to take over a website. These flaws can become even more dangerous when combined with authorization bypass and privilege escalation flaws. They are tracked as CVE-2021-38345, and CVE-2021-38344, and have been fixed with the release of a new version of the plugin.
Intel and VMware release updates
Both Intel and VMware also joined the Patch Tuesday parade by addressing patches for various security vulnerabilities. While Intel fixed two flaws, VMware had released updates for three flaws affecting their products.