Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 16, 2021

It’s a game of whack-a-mole for security teams addressing one of the worst security flaws of the year, Log4Shell. Researchers have now warned about a third separate security weakness in Log4j version 2.15.0 that can allow the exfiltration of sensitive data in certain circumstances. Unfortunately, the recently discovered second flaw affecting the logging utility has grabbed the attention of threat actors and is currently being exploited in the wild.

A new backdoor named Aclip has surfaced in the last 24 hours. One of the latest entries in the MuddyWater group’s arsenal, the malware is being used in an attack campaign to steal airline data.

The notorious Emotet malware is back again on the threat heatmap as it resumes direct deployment of Cobalt Strike beacons for rapid cyberattacks.

Top Breaches Reported in the Last 24 Hours

Hackers steal $135 million

Users of the blockchain gaming company Vulcan Forged have been affected by a hacking incident. Following the attack, the attackers made away with around $135 million. They stole the private keys to access 96 wallets.

Top Malware Reported in the Last 24 Hours

New Aclip backdoor

Aclip is a new backdoor malware that is being used by MuddyWater threat actor group to steal airline data. The attack campaign abuses Slack API to evade detection. The malware is executed via a Windows batch script named ‘aclip.bat’. Upon execution, the backdoor collects basic system information such as hostname, username, and external IP address.

Emotet returns

Emotet is back in a new campaign. It is directly installing Cobalt Strike beacons in an attempt to expand cyberattacks. The penetration tool can be used by threat actors to spread laterally through a network, steal files, and deploy malware.

New variant of Phorpiex botnet found

A new variant of the Phorpiex botnet, called Twizt, was found targeting cryptocurrency users in 93 countries, including Ethiopia, Nigeria, and India. As many as 969 transactions have been intercepted by the new malware.

Top Vulnerabilities Reported in the Last 24 Hours

Third new flaw discovered affecting Log4j

A new separate security weakness affecting the Log4j version 2.15.0 has been found by researchers. The flaw, for which technical details are yet to be disclosed, can be exploited to exfiltrate sensitive data in certain circumstances. It is not clear if the issue has been fixed in version 2.16.0.

New combo-chips attack

Researchers have demonstrated a new attack technique called ‘combo-chips’ that leverages both Wi-Fi and Bluetooth chips. The attack can allow attackers to exfiltrate passwords and manipulate traffic on a user’s phone.

Related Threat Briefings