Go to listing page

Cyware Daily Threat Intelligence, October 26, 2021

Cyware Daily Threat Intelligence, October 26, 2021

Share Blog Post

Double whammy for organizations across the world as ransomware gangs put a new spin to their extortion strategies. In a new finding, researchers have revealed that the infamous Conti ransomware gang has begun selling access to the networks of victim organizations to boost their profits. This unique strategy is likely to raise the stakes for organizations.

However, that’s not all. Multiple ransomware gangs have been found abusing a yet-to-be patched zero-day flaw in EntroLink VPN appliances that allows them to conduct remote code execution attacks. The EntroLink PPX-AnyLink exploit becomes the 54th zero-day vulnerability that ransomware gangs are currently known to abuse and unfortunately, it is available on an underground cybercrime forum.

Top Breaches Reported in the Last 24 Hours

SCUF website breached
SCUF Gaming International is notifying customers about a hacking incident that affected its websites. It took place in February. Hackers behind the attack had planted a malicious script to steal the credit card information of users.

Fullerton Health discloses data breach
Fullerton Health has disclosed a third-party security breach that resulted in the compromise of the personal data and bank account information of patients. The intrusion occurred on October 19. Currently, the healthcare provider is investigating the extent of the attack.

Top Malware Reported in the Last 24 Hours

Malicious UAParser.js
Attackers managed to compromise and infect several versions of UAParser.js, a popular JavaScript library, by injecting malicious code. These infected versions included 0.7.29, 0.8.0, and 1.0.0 of the JavaScript library. As a precautionary measure, users have been urged to update the library to versions 0.7.30, 0.8.1, and 1.0.1, respectively.

Conti ransomware changes strategy
The Conti ransomware gang has changed its extortion strategy by selling victim organizations’ network access. The threat actors plan to execute the strategy after the victims fail to pay the ransom within 48 hours.

Mozilla disables malicious add-ons
Mozilla has disabled malicious Firefox add-ons that were installed by around 455,000 users. These malicious add-ons were found misusing the proxy API that prevented users from obtaining updates or accessing updated blocklists.

Top vulnerabilities Reported in the Last 24 Hours

Exploiting zero-day flaw
Multiple ransomware gangs have been found abusing a yet-to-be patched zero-day flaw in EntroLink VPN appliances that allows them to conduct remote code execution attacks. Unfortunately, the exploit for the flaw is available on an underground cybercrime forum for free since the beginning of September 2021.

Top Scams Reported in the Last 24 Hours

Premium SMS scam
Around 80 fake apps disguised as photo editor, camera filter, games and Instagram were used in a premium SMS scam campaign that tricked victims into losing their funds. As a part of the scam, the scammers asked victims to sign up for premium SMS services to avail extra benefits. Instead, it leaves the victims completely empty-handed. Google took swift action by removing these apps from the Play Store.

 Tags

firefox add ons
uaparserjs
malicious npm package
entrolink vpn appliances
scuf gaming international

Posted on: October 26, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.