Share Blog Post
- An APT actor named Patchwork accidentally exposed its tools and infrastructure after it infected its own machine with a new variant of the BADNEWS backdoor. The group was using the malware to target faculty members and researchers associated with defense, molecular medicine, and biological science.
- The U.S. Cyber Command announced a partnership with 84 colleges and universities from 34 states and the District of Columbia to bridge the cybersecurity talent gap in the U.S. military. The partners include nine minority-serving institutions, 13 community colleges, 69 universities, four military war and staff colleges, and four military service academies.
- The U.S. Senate passed two cybersecurity-related bills to address cyber risks in the supply chain security and offer new federal resources to state and local governments affected by threat actors. The Supply Chain Security Training Act focuses on implementing a training program for federal procurement employees. This would prepare them to conduct supply chain risk management activities and mitigate the risks.
- Ukrainian officials arrested five members of a ransomware gang responsible for conducting attacks against at least 50 organizations across the Americas and Europe. As per the Ukrainian Cyber Police, the group amassed almost $1 million from the attacks. The raids were conducted with the collaboration of the U.K and the U.S. law enforcement.
- The FBI warned against a cybercrime group that mailed out USB thumb drives in an attempt to infect users with ransomware. Dubbed BadUSB, the attacks leveraged the name of the U.S. Department of Health and Human Services and Amazon to trick users with COVID-19-related warnings and gift cards, respectively. It is believed that the Fin7 threat actor group is responsible for the attacks and the malicious drives were being shipped on LILYGO-branded devices and targeted organizations in the transport, insurance, and defense sectors.
- Around 39 million patient records leaked from Bangkok-based Siriraj Hospital have been offered for sale on a dark web forum. These records contain names, addresses, Thai IDs, phone numbers, gender details, and dates of birth of users. Some of the data also belongs to the Siriraj Piyamaharajkarun Hospital, containing records of VIP patients.
- A malicious dnSpy app was found targeting developers and cybersecurity researchers, last week. The threat actors’ goal was to steal cryptocurrency miners, and launch RATs. The attack had used multiple SEO techniques to promote the malicious apps.
- French cosmetic company Clarins was hit by a data breach that affected the personal information of Singapore customers. The incident occurred as the company failed to patch the Log4Shell vulnerabilities on time. The data affected include names, addresses, email, phone numbers, and loyalty program status of customers.
- The Medical Review Institute of America (MRIoA) notified some 134,000 individuals about a data breach that affected their personal information. The incident was discovered on November 9, 2021. The compromised data included names, gender, email addresses, phone numbers, birth dates, social security numbers, and financial information of users.
- Tech giant Panasonic revealed that cybercriminals hijacked one of their servers and accessed sensitive information of job applicants. The hackers illegally accessed a server in Japan on June 22, 2021 and ended on November 3, 2021. The data stolen also included details of personnel and business partners and business-related details.
- The Commission on Elections, the Philippines, suffered a breach and lost nearly 60GB of data to hackers, just four months before the national elections. The files exfiltrated by the attackers include usernames and PINs of vote counting machines, network diagrams, list of privileged users, IP addresses, passwords, domain addresses and policies, and QR code capture of canvassers with login and passwords.
- Around 50 top-notch FIFA Ultimate Team traders were the subjects of a cyberattack, in which the attackers made off with the victims’ FIFA points and coins. Electronic Arts (EA) blamed the attack on human error that resulted in the loss of access to accounts and thousands of dollars of in-game currency for the victims.
- A ransomware attack led to an unplanned lockdown of the Metropolitan Detention Center, Bernalillo County, New Mexico. The attack impacted the local government systems, including the ones used to manage the prison. It is suspected that the attack corrupted several databases, including an incident tracker.
- Researchers were finally able to associate the Abcbot botnet with a cryptocurrency-mining attack that occurred in December 2020. The infrastructure of the emerging DDoS botnet resembles the Xanthe cryptocurrency mining botnet, following which researchers claim that the Abcbot borrows its code and features from Xanthe.
- A new attack campaign is leveraging a new version of FluBot malware posing as a fake Flash Player APK to target Polish users. The malware is distributed via a message that contains a link to a video. Upon clicking, the recipients are redirected to a page offering the fake software that delivers the malware.
- A new Linux version of the AvosLocker ransomware that targets VMware ESXi servers has been spotted by researchers. Once launched on a Linux system, the ransomware terminates all ESXi machines on the server. Later it begins the encryption process and appends the .avoslinux extension to the encrypted files.
- The Charming Kitten threat actor group attempted to exploit one of the Log4Shell vulnerabilities (CVE-2021-44228) to distribute a new PowerShell-based modular backdoor dubbed CharmPower. The attackers chose JNDI Exploit kits to send a well-crafted request to the victim’s publicly facing resource as part of the infection chain.
- A new multi-platform backdoor, named SysJoker, that targets Windows, Mac, and Linux has been discovered by researchers. The malware was first discovered in December 2021 during an active attack against a leading educational institution. It masquerades as a system update and generates its C2 by decoding a string retrieved from a text file hosted on Google Drive.
- A new attack campaign that leveraged the COVID Omicron variant as a lure was found distributing the RedLine Stealer. Based on the researchers’ telemetry, the campaign has infected users across 12 countries. The malware harvests credentials and cookies from different browsers, as well as other system information.
- Researchers discovered that threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver a variety of RATs. The malware distributed are Nanocore, Netwire, and AsyncRAT, which are used to siphon sensitive information from compromised systems.
- Microsoft patched a wormable critical flaw that affects the latest desktop and server Windows versions, including Windows Server 2022 and Windows 11. Tracked as CVE-2022-21907, the vulnerability was discovered in the HTTP Protocol Stack. Upon successful exploitation, the attackers can remotely execute arbitrary code in low complexity attacks without the use of any user interaction.
Posted on: January 14, 2022
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...