Go to listing page

Cyware Daily Threat Intelligence, July 21, 2022

Cyware Daily Threat Intelligence, July 21, 2022

Share Blog Post

The urge of cybercriminals to exploit Linux environments has gotten a new push by a new malware framework, dubbed Lightning Framework. The malware is capable of fully compromising and backdooring new devices launched recently. A free-to-use RaaS operation is also on our today’s watchlist. Known as Redeemer, its authors make it handy for unskilled threat actors to pursue encryption-backed extortion attacks.

Moreover, Apple released patches for dozens of security vulnerabilities for iOS, iPadOS, macOS, tvOS, and watchOS platforms. It has once again urged users to keep software updated to maintain device security.

Top Breaches Reported in the Last 24 Hours

Neopets loses control over data
A hacker allegedly stole nearly 460MB (compressed) of source code from the virtual pet website Neopets and the sensitive records of over 69 million customers from one of its databases. The leak is being sold for 4 BTC in underground marketplaces. It isn’t clear how the hacker obtained access to the website. Password change may not be a solution right now as hackers may still be sitting in the network.

Canada school board breach
A cyberattack on the Waterloo Region District School Board, Canada, has sabotaged its IT network system. The personal information pertaining to students and their families and staff has been impacted. However, the extent of the breach is yet to be determined. According to experts, it could take weeks to completely investigate the incident.

Top Malware Reported in Last 24 Hours

LockBit affiliates use server mode
While tracking a threat actor, Symantec researchers found that LockBit behaves differently on server machines with domain controllers than on Windows 10 machines. On servers, it can spread through the network using Group Policy. In one instance, it lurked on the victim’s enterprise network with RDP access for weeks before dropping the ransomware payload.

New GoMet variant enters Ukraine networks
Cisco Talos discovered a new version of GoMet backdoor targeting a large software development company in Ukraine. Hackers are in the hope to carry out a supply chain-style attack on the other smaller firms deploying or leveraging products of the targeted firm. The malware has probably been released by Russian state-sponsored actors.

Redeemer 2.0 launched on dark web
Cyble has stumbled across the latest Redeemer ransomware variant being promoted on dark web cybercrime forums. The new ransomware builder version boasts multiple additions, including support for Windows 11, GUI tools, and more communication options such as Tox Chat and XMPP.

Lightning Framework targets Linux
Linux has a new security challenge in the name of Lightning Framework. Described as a “Swiss Army Knife" in its report, Intezer noted that the malware uses typosquatting and imitates Seahorse, a GNOME app for managing passwords and encryption keys, to evade detection on infected systems. No infection has been reported so far, hence, some functionalities and capabilities of the malware are yet to be gauged.

Top Vulnerabilities Reported in the Last 24 Hours

Apple bugs fixed across platforms
Apple has patched multiple bugs for iOS, iPadOS, macOS, tvOS, and watchOS. At least 37 flaws were addressed in different components of iOS and macOS. These range from privilege escalation and code execution to data disclosure and DoS condition. The most critical among these is CVE-2022-2294, a memory corruption flaw in the WebRTC component.

Cisco products receive patches
A total of 45 vulnerabilities were patched in a variety of Cisco products. Some of the vulnerabilities could be abused by hackers for arbitrary code execution and rise through elevated permissions on compromised systems. The top three vulnerabilities have been identified as CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, with a CVSS score of 8.2 and above.

Security hole at a security firm
Netwrix, a data security firm, has patched a critical insecure object deserialization flaw in its Auditor product. The issue, caused due to an unsecured .NET remoting service, could let unauthorized individuals execute arbitrary code and even compromise an organization’s AD domain server. A CVE identifier for the issue is awaited.


redeemer ransomware
gomet backdoor
lightning framework
waterloo region district school board
cisco products
apple flaws

Posted on: July 21, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite