Cyware Daily Threat Intelligence

Daily Threat Briefing • Dec 22, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Dec 22, 2021
The shady world of ransomware extortion is experiencing a significant upheaval as researchers notice a surge in attacks from PYSA ransomware. It has been found that the relatively new ransomware was behind 50% of attacks that occurred in November. In another concerning revelation, threat actors have created a new exploit that bypasses the patch for the MSHTML remote code execution flaw. Apparently, the updated exploit was used in a recent attack to deliver Formbook malware.
There’s an alert for WordPress admins using the ‘All in One SEO’ plugin as well. The plugin is affected by two serious vulnerabilities that can be abused by threat actors to take over unpatched websites. So, update the plugin to the latest version to prevent attacks.
Top Breaches Reported in the Last 24 Hours
Misconfigured AWS bucket issue
A misconfigured AWS S3 bucket exposed data of 700,000 citizens in Ghana. The unprotected bucket, which contained 55GB worth of data, belonged to Ghana’s National Service Secretariat. The exposed data included program membership cards, Ghana National Health Insurance scheme, and professional IDs of individuals.
Virginia working on ransomware attack
The IT agency that serves Virginia’s legislature is still struggling with the aftermath of a ransomware attack that occurred earlier this month. The attack had disrupted operations set up for a legislative session that is set to start on January 12.
Top Malware Reported in the Last 24 Hours
PYSA dominates the threat landscape
There has been an uptick in attacks by PYSA ransomware. Research reveals that ransomware was behind 50% of attacks that occurred in November. Until September, PYSA was believed to be targeting Windows systems, but later it was found that the ransomware was ready to target Linux machines as well.
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft patches four flaws
Microsoft has patched four vulnerabilities found in its Teams video conferencing app. The flaws could allow attackers to spoof link previews, leak IP addresses, and even access internal services. The flaws are related to SSRF vulnerability and DoS flaw, among others.
Exploit for MSHTML flaw updated
Researchers found an updated exploit for the MSHTML remote code execution flaw that bypassed the patch meant for the flaw. Threat actors had leveraged the flaw to deliver Formbook malware to Windows machines.
Flawed All in One SEO plugin fixed
Two severe vulnerabilities affecting the ‘All in One SEO’ plugin could have put more than three million WordPress websites at risk of cyberattacks. Described as authentication privilege escalation (CVE-2021-25036) and SQL injection (CVE-2021-25037), the flaws have been addressed with the release of a new version of the plugin.
Top Scams Reported in the Last 24 Hours
Users scammed of $150,000
Scammers stole $150,000 worth of crypto in a scam that leveraged a limited edition NFT from Fractal. The scam was executed through a link posted on the project’s official Discord channel. Users who followed the link were prompted to connect their crypto wallets in order to receive an NFT.