Go to listing page

Cyware Daily Threat Intelligence, September 24, 2021

Cyware Daily Threat Intelligence, September 24, 2021

Share Blog Post

Malware authors have devised a clever way to hoodwink Windows 10 by using deliberately malformed signatures on valid certificates. This tactic is being actively used to push OpenSUpdater adware into victims’ systems. Most of the victims are from the U.S.

A revamp in evasion techniques has also been observed in a new version of Raccoon Stealer that uses a new set of crypters. Additionally, it includes a module to steal funds from new cryptocurrency wallets and has added Discord to the list of targeted applications.

Amidst these raining malware threats, Apple took action against three actively exploited zero-day vulnerabilities by releasing security patches for iOS and macOS systems.

Top Breaches Reported in the Last 24 Hours

Debt-IN confirms attack
Africa-based Debt-IN has disclosed details about a ransomware attack that occurred in April. The attackers stole the personal data of certain customers, including those who were under debt review.

Port of Houston hit
A state-sponsored hacking group breached the network of the Port of Houston by using a zero-day vulnerability in a Zoho user authentication appliance. The flaw is tracked as CVE-2021-40539, for which patches were released on September 8.

Second data leak incident at the U.K’s MoD
The U.K’s MoD has suffered a second data leak incident, risking the safety of dozens of Afghans who were likely to relocate to the U.K. The mishap occurred after staff had inadvertently sent emails to 55 people, making their personal information exposed to all recipients.

Top Malware Reported in the Last 24 Hours

OpenSUpdater distributed
Threat actors are using malformed signatures on valid certificates to distribute OpenSUpdater malware to victims’ systems. The malicious certificates are used as a tool to bypass security checks on Windows 10 systems.

Raccoon Stealer updates itself
A new version of Raccoon Stealer uses new crypters that can help the malware bypass security solutions. Other updates include a module for stealing several new cryptocurrency wallets and the addition of Discord to the list of targeted applications.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches three zero-day flaws
Apple has patched three actively exploited zero-day flaws that could allow attackers to execute arbitrary code with kernel privileges. The flaws are tracked as CVE-2021-30869, CVE-2021-30858, and CVE-2021-30860. Older iPhone and iPod are some of the devices affected by the flaws. In a different incident, iPhone users are at risk of exposing their IP addresses and location data due to a design flaw in Apple’s iCloud Private Relay feature.

SonicWall patches SMA appliances
SonicWall has published a security advisory to inform customers about a critical vulnerability affecting some of its Secure Mobile Access (SMA) appliances. The flaw, identified as CVE-2021-20034, can be exploited by attackers to delete arbitrary files from the targeted appliance.

 Tags

sonicwall
discord channels
port of houston
secure mobile access sma appliances
raccoon stealer
opensupdater adware

Posted on: September 24, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.