Go to listing page

Cyware Daily Threat Intelligence, October 29, 2021

Cyware Daily Threat Intelligence, October 29, 2021

Share Blog Post

In the fast-paced world of cybersecurity, cybercriminals are always in an offensive mode, launching massive and sophisticated cyberattacks using new malware. The past 24 hours have been one such timeline when the cyber threat landscape witnessed several new malware being deployed in different attack campaigns. This includes the names of DECAF ransomware and AbstractEmu Android malware. In addition to this, new variants of Chaos ransomware and FakeCop info stealer have emerged to infect users in Japan.

Meanwhile, the SEO poisoning attack is gaining traction among ransomware gangs as researchers uncover a new attack campaign associated with the REvil threat actors. The attackers leveraged legitimate WordPress sites with good Google search ranking to distribute the payloads.

Top Breaches Reported in the Last 24 Hours

NRA hit
The National Rifle Association (NRA) was reportedly hit in a ransomware attack that resulted in stealing their data. The stolen data was eventually leaked on the dark web. Sources revealed that the attack was launched by the Grief gang linked to Evil Corp.

Over 68 GB of medical data exposed
An unprotected medical database had leaked 68.53 GB of medical data on the internet. The exposed data included patients’ IDs, physician names, lab results, medicines, and dates of service. The leaked data belonged to patients in the U.S.

PracticeMax affected
A ransomware attack at PracticeMax allowed attackers to gain unauthorized access to the health information of patients. The attack had occurred between April 12 and May 5. The affected individuals are all members of VillageHealth, a care coordination program associated with the firm.

PNG Finance Ministry attacked
Ransomware gangs infiltrated and compromised a core server of the PNG Finance Ministry on October 22. The department took action diligently to restore its affected systems.

Top Malware Reported in the Last 24 Hours

New variant of Chaos ransomware
Researchers uncovered a new variant of Chaos ransomware that targeted Minecraft gamers in Japan. The variant not only encrypts certain files but also destroys others, making themany file unrecoverable. The malware variant is distributed in the form of a file pretending to be a list of ‘Minecraft Alt’ accounts.

New DECAF ransomware
DECAF is new ransomware written in the Go language. The malware variant appeared in late September and has been under development through October. DECAF uses the AES-CBS-128 algorithm to encrypt the files. Once it encrypts the files, it creates a README.txt file inside each directory.

New AbstractEmu malware
A new Android malware strain named AbstractEmu was found to be distributed via 19 applications uploaded on Google Play Store, the Amazon Appstore, the Samsung Galaxy Store, and other unofficial third-party app stores. Once installed on a device, the malware downloads and executes one of five exploits for vulnerabilities affecting older Android phones.

SEO poisoning attack
Researchers spotted two campaigns linked to the REvil ransomware gang or SolarMarker backdoor that used the SEO poisoning attack to serve payloads. The threat actors leveraged legitimate WordPress sites that had a good Google search ranking. These sites were hacked by abusing an undisclosed flaw in the ‘Formidable Forms’ WordPress plugin.

New variant of FakeCop infostealer
A new variant of the FakeCop Android infostealer has been spotted to be distributed in phishing campaigns impersonating KDDI. The malware is capable of collecting SMSes, contact details, and app lists. It can also pilfer device hardware information.

Top Vulnerabilities Reported in the Last 24 Hours

Flaw in GoCD tool
A critical flaw discovered in the GoCD tool could potentially pave the way to supply chain attacks. The attackers can exploit the flaw to extract encrypted secrets and poison software build processes. Rated ‘Critical’, the flaw has been fixed in version v21.3.0 of the tool.

Chrome 95 updated
Google has updated Chrome 95 by patching two actively exploited vulnerabilities. The flaws are tracked as CVE-2021-38003 and CVE-2021-38000. While the first is related to insufficient validation of untrusted input in Intents, the second is an inappropriate implementation issue in the V8 JavaScript engine.

New LPE zero-day vulnerability
Security experts released technical details for an unpatched zero-day privilege escalation vulnerability affecting Windows systems. The flaw, tracked as CVE-2021-34484, affects all versions of Windows including Windows 10, Windows 11, and Windows Server 2022. It can be abused to gain SYSTEM privileges under certain conditions.

Cisco releases new security patches
Cisco has released a new set of security patches to address multiple vulnerabilities affecting Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. The most severe of these vulnerabilities is CVE-2021-40116.

 Tags

national rifle association nra
seo poisoning attack
practicemax
chaos ransomware
revil threat actors
fakecop info stealer

Posted on: October 29, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.