CyberIntelMag's Threat report

Weekly Cyber Threat Report, February 14 – February 18, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

The good news: This week’s good news includes Adobe issuing an emergency fix regarding a 0-day flaw, tools trio being released to protect JavaScript apps, VMware fixing severe high-severity flaws, master decryption keys for three ransomware being provided by a malware developer, and much more.

  • Adobe warned Adobe Commerce and Magento users about a severe 0-day bug exploited in cyberattacks via an emergency notice. The flaw (CVE-2022-24086) is an issue with incorrect input validation, leading to arbitrary code execution.
  • JFrog has released a trio of tools (npm-secure-install, package-checker, and npm issues statistic) to help JavaScript developers prevent malicious packages from entering their apps.
  • Security experts claim to have thwarted the most significant bot attack they’ve ever seen, which scraped online data using 400,000 hijacked IP addresses.
  • QNAP will provide security updates for some end-of-life (EOL) network-attached storage (NAS) devices until October 2022. This will help customers with unsupported devices upgrade and protect their data from “evolving security risks.”
  • VMware has fixed many high-severity vulnerabilities in VMware ESXi, Workstation, and Fusion. The flaws were discovered during a Chinese hacking event last year.
  • An apparent malware developer, dubbed Topleak, has provided the master decryption keys for Maze, Egregor, and Sekhmet ransomware.
  • Amazon Web Services has updated ‘detectors’ in its CodeGuru Reviewer tool to hunt for log injection flaws like the recently discovered Log4Shell vulnerability in the popular Java logging library Log4J.

 

The bad news: This week’s bad news includes Europe’s biggest car dealer facing ransomware attack, ransomware attack hitting sports brand Mizuno, Squirrelwaffle and Microsoft Exchange server flaws are being used to steal money, RedCross disclosing that state hackers exploited a Zoho bug, and much more.

  • In January, a ransomware gang attacked the largest car dealer in Europe – Emil Frey. A few days after the attack, they restored and restarted their commercial activity on January 11, 2022.
  • A ransomware attack caused phone outages and order delays at Mizuno, a Japanese sports equipment and apparel company.
  • Cisco Talos has uncovered a flaw in Hancom Office, a popular software suite in South Korea. It might allow attackers to corrupt the memory or execute remote code on the victim device.
  • A new MyloBot version spreads malicious payloads to send sextortion emails and seek $2,732 in cryptocurrency from victims. MyloBot features anti-debugging tools and propagation tactics that link infected devices to a botnet and remove traces of rival malware. 
  • ProxyLogon, Squirrelwaffle, and ProxyShell are employed against unpatched Microsoft Exchange Servers to commit financial fraud through email hijacking.
  • Joint advice from the FBI and the US Secret Service revealed that the BlackByte ransomware gang infiltrated the networks of many US-based critical infrastructure firms in the last 3 months.
  • Phishing efforts impersonating LinkedIn emails have surged by 232% since the beginning of February. Cybersecurity firm Egress’s report reveals that display name spoofing and styled HTML templates are used to socially engineer victims into accepting phishing links and providing their credentials.
  • The International Committee of the Red Cross (ICRC) disclosed that state hackers exploited a bug in ZOHO to launch a cyberattack on its systems last month.
  • Malicious hackers are launching a new round of ‘MFA fatigue attacks,’ blasting Office 365 customers with 2FA push alerts in an attempt to fool them into verifying their login attempts. 
  • DDoS attacks on Ukraine’s Ministry of Defense and Armed Forces, as well as two state-owned banks, Privatbank and Oschadbank, have been inflicting havoc in the country this week.
  • Customers of 5 leading Canadian banks lost access to online banking, mobile banking, and e-transfers for many hours. The outage impacted Royal Bank of Canada (RBC), TD Bank Canada, Scotiabank, BMO (Bank of Montreal), and the Canadian Imperial Bank of Commerce (CIBC).
  • The Conti ransomware group has taken over the TrickBot malware operation. It is because Conti had become the only recipient of TrickBot’s supply of high-quality network accesses in 2021. 
  • Updates were released when a vulnerability in UpdraftPlus, a popular WordPress plugin, was discovered. The weakness allows any logged-in user, even subscriber-level users, to download the plugin’s backups containing sensitive information.

 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: