CyberIntelMag's Threat report

Weekly Cyber Threat Report, January 10-14, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

  • The good news: This week’s good news includes the latest WordPress update resolving SQL injection and XSS vulnerabilities, Microsoft resolving crucial Office vulnerability, Amazon fixing security vulnerabilities in AWS Glue service, FSB arresting REvil ransomware group members, session hijacking issue in Moodle e-learning platform being resolved, and much more.
    • WordPress 5.8.3 security update has addressed four vulnerabilities – an SQL injection through WP_Query, an admin object injection, an XSS attack using post slugs, and a blind SQL injection via WP_Meta_Query – that could be exploited for attacks.
    • Microsoft released a fix for CVE-2022-21840, a high severity Office vulnerability that might allow attackers to remotely execute dangerous malware on vulnerable PCs. A cybercriminal might exploit this flaw in email attacks.
    • In the latest patch Tuesday of January 2022, Microsoft resolved 90 security flaws, out of which six were zero-day vulnerabilities. Others were remote code execution (RCE) exploits, spoofing issues, cross-site scripting (XSS) flaws, and privilege escalation vulnerabilities.
    • The famous e-learning platform Moodle has been updated to solve a session hijack weakness that allowed attackers to steal any user’s session and acquire remote code execution (RCE). Versions 3.11.3, 3.10.7, and 3.9.10 are free from this issue.
    • Amazon Web Services (AWS) has patched the AWS Glue security flaw that allowed attackers to access and change data connected to other AWS customer accounts.
    • Cisco has released updates for a major vulnerability in the Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that may be abused remotely to grant administrator rights.
    • The Russian Federal Security Service (FSB) had raided and terminated the activities of the REvil ransomware gang. FSB invaded 25 homes owned by 14 suspected members of the REvil squad in Moscow, St. Petersburg, Lipetsk, and Leningrad.

    The bad news: This week’s bad news includes malware cocktail being dropped via dnSpy app, FluBot malware started targeting Europe, Microsoft alerting about the powerdir flaw, Cloud services being abused to spread Nanocore, Netwire, and AsyncRAT malware, phishers targeting high-profile EA gamers, and much more.

    • Hackers executed a complicated malware campaign in which they used a malicious version of the dnSpy.NET program to distribute bitcoin stealers, miners, and remote access trojans to cybersecurity professionals and developers.
    • FluBot, a famous banking malware for Android devices, is now being posed as a Flash player application to target the Android users of European nations. It obtains users’ credentials by displaying overlay login forms against several banks globally.
    • A hacking attack at Ciox Health, a healthcare data management company in Georgia, may have compromised thousands of people’s protected health information (PHI).
    • Microsoft alerted that threat actors might exploit a macOS vulnerability called powerdir (marked as CVE-2021-30970) to bypass Transparency, Consent, and Control (TCC) security and get access to users’ protected data.
    • A new multi-platform backdoor malware – SysJocker – has been discovered in the wild. It is written in C++ and targets Windows, Linux, and macOS. The biggest concern is that it may defy detection on all these operating systems.
    • After hackers breached customer service and took control and took over less than 50 top FIFA Ultimate Team player accounts, Electronic Arts accused “human error.”
    • According to a study from Cisco Talos researchers, Microsoft and Amazon’s public cloud services are being exploited to spread commodity RATs like Netwire, Nanocore, and AsyncRAT. The objective is to steal sensitive information from victims’ devices.
    • As part of a new barrage of massive cyberattacks to distribute malware on affected systems, GootLoad hackers are now targeting staff of accounting and law firms. This indicates that they are shifting their emphasis to additional high-value targets.
    • On Monday, hackers acquired access to the operational hot wallet of Animoca’s Lympo NFT platform and stole 165.2 million LMT (of $18.7 million).
    • Because of a flaw in Microsoft Defender antivirus, attackers may be able to figure out which folders to plant malware in to evade AV scanning.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.