Share Blog Post
A new malware threat was added to the cybercrime world by a subset of APT41. It was spotted deploying the UNAPIMON malware for stealthy operations. Employing LOLBins and custom tools, it targets diverse sectors globally. Meanwhile, a prolific threat actor continues to target different sectors in Latin America by deploying Venom RAT via phishing emails. Operating since 2018, the group has attacked various verticals in Spain, Mexico, and the U.S.
Several notable cyberattack victims, including Prudential Financial, OWASP Foundation, PandaBuy, and a British council, have surfaced in the past 24 hours. The OWASP incident endured for approximately eight years, with server misconfiguration identified as the root cause.
Top Breaches Reported in the Last 24 Hours
Shopping platform hack impacted millions
A threat actor claimed responsibility for hacking the PandaBuy online shopping platform, affecting the data of over 1.3 million customers. The breach involved exploiting critical vulnerabilities in PandaBuy's platform and API. Stolen data includes user IDs, names, phone numbers, emails, login IPs, order details, addresses, and more. The leaked data is being sold on a cybercrime forum, with a sample provided as proof.
U.K City council compromised
Leicester City Council is held at ransom by the INC Ransom group that claims to have stolen 3TB of data. The council continues to withhold comment on whether any data was compromised during the incident, citing ongoing criminal investigations. Services, including waste management and schooling, have been restored after a month-long shutdown.
Eight-year-long cyberattack unveiled
The OWASP Foundation, aiding software security globally, disclosed a breach due to an old Wiki server misconfiguration. It exposed members’ resumes containing names, emails, and addresses, spanning from 2006 to 2014. While most of the data was outdated, the Foundation later disabled directory browsing, securing resumes, and purging cache. OWASP reportedly ceased resume collection in 2014, prioritizing member security.
BlackCat hits Fortune 500 firm
In an update on the recent cyberattack, Prudential Financial revealed that over 36,000 individuals’ personal information was compromised by the Alphv/BlackCat ransomware group. The stolen data included names, addresses, driver’s license numbers, and non-driver identification card numbers. As per the investigation, an unauthorized third party gained access to its network in February and extracted customers’ personal information from infected systems.
Top Malware Reported in the Last 24 Hours
Massive phishing campaign deploys Venom RAT
The threat actor TA558 launched a significant phishing campaign targeting diverse sectors in Latin America, aiming to distribute Venom RAT. Sectors such as hospitality, travel, finance, manufacturing, and government in Spain, Mexico, the U.S., and other countries are being singled out. Through the campaign, attackers employ phishing emails to introduce the RAT which is equipped with functionalities for harvesting sensitive data and remotely controlling the infected systems.
Earth Freybug deploys UNAPIMON
Cyber espionage group Earth Freybug (aka APT41) recently launched a phishing campaign utilizing a new malware called UNAPIMON. The attack, reminiscent of previous campaigns, targeted various sectors across several countries. UNAPIMON, detected in the attack flow, utilizes DLL hijacking and API unhooking techniques to evade detection. The malware, deployed through batch files and service manipulation, prevents child processes from being monitored, allowing malicious activity to go undetected.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerability in Ibis Budget hotel kiosks
Swiss IT security assessment firm Pentagrid uncovered a security flaw in self check-in kiosks at Ibis Budget hotels across Europe, potentially exposing keypad access codes for room entry. Discovered in late 2023, the flaw allowed access to room numbers and keypad codes by entering dashes instead of booking IDs. While the vulnerability required physical access to the kiosk, it posed a risk for theft and raised concerns over the security of low-budget hotel rooms without safes.
Tags
Posted on: April 02, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
