CyberIntelMag's Weekly Cyber Threat Report

Weekly Cyber Threat Report, March 22-26

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week we’ve seen new protection measures from Microsoft, AI-based cloud services from IBM, patches for multiple vulnerabilities, and more.

  • Microsoft’s Windows Defender now automatically protects against exploitation of ProxyLogon CVE-2021-26855 vulnerability in the Exchange Server. The critical vulnerability has been being actively exploited in the wild and led to tens of thousands of private and state companies attacked. The most recent security update for Defender and System Center Endpoint Protection means that Windows will start to protect vulnerable Exchange servers after a user updates the software. 
  • IBM announced new services that leverage AI and automation and are meant to help enterprises that have dispersed hybrid cloud environments identify and prioritize risks and respond to potential threats across cloud environments. The expanded Security Services for Cloud portfolio allows companies to unify cloud security across ecosystems, such as IBM Cloud, AWS, Google Cloud, and Microsoft Azure.
  • The FBI released an alert to organizations about Mamba ransomware with security recommendations and instructions on how to avoid paying a ransom. The window of opportunity that allows removing the malware is open between the first and second reboots of the compromised system.
  • Maintainers of OpenSSL have released patches for two high-severity security vulnerabilities that could allow attackers to carry out denial-of-service (DoS) attacks and bypass certificate verification.
  • Microsoft shared intelligence on post-compromise activities related to Exchange exploits. The company warns about potential follow-up attacks especially if the attackers used web shell scripts to gain persistence or stole credentials during the previous attack(s).

From the bad news:

This week brought more attacks on Microsoft Exchange Servers, flaws in popular WordPress plugins, new malware, and more.

  • New research by AdaptiveMobile uncovered a security flaw in 5G architecture that could be exploited to allow data access and denial of service attacks. The flaw stemmed from the 5G’s slicing model that according to the mobile security firm, opens the door to a multitude of attacks, including DoS and unauthorized access.
  • Data belonging to millions of users stolen from the marketing platform and put up for sale online. The leaked database allegedly contains 11 million user records stolen from Apollo, a US-based digital marketing company.
  • Astoria Company suffered a data breach that exposed 30 million records belonging to American customers, 400 million Facebook users, a database of Instagram user details, and 300 million records of Astoria Company customers, including 40 million US social security numbers.
  • MalwareHunterTeam reported REvil has upgraded its ransomware to allow them to reboot infected devices. They do this with two new command lines called ‘AstraZeneca’ and ‘Franceisshit’ in Windows Safe Mode. 
  • Criminals were dropping malware via malicious links shared under fake personas on Facebook. Facebook’s cyber-espionage investigations team linked hackers to China.
  • An ESET malware researcher detected BlackRock trojan that can steal login credentials for more than 450 apps and bypass SMS-based 2FA. The malware posed as Clubhouse, a popular audio chat app.
  • Babuk Locker operators leaked data from US military contractor the PDI Group, a major supplier of military equipment to the US Air Force and militaries across the globe. The gang threatens to male public 700 GB of data they claim to have stolen from PDI’s internal network.
  • The Australian Cyber Security Centre said “tens of organizations” have reached out to them with reports about vulnerable Microsoft Exchange servers. It is suspected there are 7,000 unpatched servers in Australia.
  • Bitdefender researchers alerted about a new version of a well-known bot written in Golang. The vulnerability scanner bot exploits a specific flaw in the “Ultimate GDPR & CCPA Compliance Toolkit” plugin for WordPress. 
  • Guardicore Labs security researchers reported a new strain of Purple Fox malware. The virus got a worm module that allows it to infect Windows systems reachable over the Internet.
  • Michigan-based Flagstar Bank was hacked by a ransomware gang that stole Social Security Numbers, home addresses, full names, phone numbers, and home addresses of the bank’s customers. The attackers exploited the flaws in Accellion Orion software.
  • Energy giant Shell reported a data breach in which cybercriminals got away with data belonging to stakeholders and subsidiaries. The attackers compromised the company’s Accellion’s File Transfer Appliance. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.