Go to listing page

Cyware Daily Threat Intelligence September 14, 2021

Cyware Daily Threat Intelligence September 14, 2021

Share Blog Post

The usage of Cobalt Strike Beacon is exploding among cyber crooks and the latest finding reveals that a new Linux version of the penetration tool is being used to orchestrate attacks across the globe. Dubbed Vermillion Strike, it comes with the same configuration as the official Windows beacon and can speak with all Cobalt Strike servers.  

In another malware threat, Mexican banking users are being actively targeted by an Android/Banker.BT trojan that is distributed in the form of a security tool or an app. The campaign takes advantage of people’s fear,  tricking them into deploying the malicious tool or the app. 

Meanwhile, Google has addressed a new zero-day vulnerability in Chrome that is being exploited in the wild. 

Top Breaches Reported in the Last 24 Hours

Users’ records exposed
An unsecured database containing over 61 million records related to wearable technology and fitness services was left exposed online. The affected sources involved Fitbit, Misfit Wearables, Microsoft Band, Strava, and Google Fit. The compromised data included names, dates of birth, weights, heights, gender, and GPS logs of users. 

Texas Republican Party hacked
The website of the Texas Republican Party was hacked over the weekend after hackers defaced its page with a message. The website was restored after a brief shutdown.  

LifeLong Medical suffers attacks
LifeLong Medical is notifying users about a series of ransomware attacks that affected the personal data of over 100,000 patients. The attack occurred after hackers gained unauthorized access to one of its vendors’ networks.    

Top Malware Reported in the Last 24 Hours

A new version of Cobalt Strike
Security researchers have discovered an unauthorized Linux version of Cobalt Strike Beacon being used against companies across the world. Dubbed Vermillion Strike, the tool uses the same configuration as the official Windows beacon and can communicate with all Cobalt Strike servers.

Banking trojan distributed in Mexico
A malware identified as Android/Banker.BT is targeting Mexican users by posing as a security banking tool or as a bank application. The campaign relies on the sense of urgency to trick users into taking immediate action by using the malicious tool or the app. 

Top Vulnerabilities Reported in the Last 24 Hours

HP fixes a flaw in the driver
HP has issued security patches for a high severity vulnerability affecting a driver used by millions of OMEN laptops and desktop gaming computers. The flaw is tracked as CVE-2021-3437 and can let attackers trigger denial of service states or escalate privileges and disable security solutions. 

Apple issues an emergency patch
Apple has released security updates for macOS, iOS, iPadOS, and watchOS to address two zero-day vulnerabilities. One of these vulnerabilities, which exist due to integer overflow, was exploited to deploy Pegasus spyware. The flaw is tracked as CVE-2021-30860 and can be triggered by sending a specially crafted PDF file. 

Google addresses a new zero-day flaw
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to address 11 security issues. Two of these are zero-day vulnerabilities that are actively being exploited in the wild. The first zero-day is tracked as CVE-2021-30632 that resides in the V8 JavaScript engine, and the other is CVE-2021-30633 that impacts the Indexed DB API.

WooCommerce Multi-Currency plugin bug
A security flaw in the WooCommerce Multi-Currency plugin can be exploited to change the pricing details of products in online stores. The issue is a broken access-control vulnerability in versions prior to 2.1.1.7. The flaw exists in Multi-Currency’s ‘Import Fixed Price’ feature.  

 Top Scams Reported in the Last 24 Hours

Extortion scam
The FTC has warned about extortion scams targeting the LGBTQ+ community. The scams leverage online dating apps such as Grindr and Feeld to lure unsuspecting users. Eventually, they blackmail the victims to pay a ransom, usually in gift cards, under the threat of leaking inappropriate videos. Users are advised not to share personal information with strangers. 


 Tags

woocommerce
lifelong medical
androidbankerbt trojan
cobalt strike beacon
vermillion strike

Posted on: September 14, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.