We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 29, 2021

Even in the last few days of the year, the discovery of new malware threats has gone on relentlessly. This time, a new malware named Flagpro was found to be used in attacks against Japanese companies by the BlackTech APT group. Another group of cybercriminals were discovered abusing the Microsoft Build Engine (MSBuild) to execute Cobalt Strike on compromised systems.

In a noteworthy incident, one of the largest news publishers in Norway was forced to halt its newspaper printing operations due to a cyberattack. Meanwhile, the Log4j vulnerability saga continues with a new update released to fix the fifth security vulnerability to be discovered in the open-source tool in the span of a month.

Top Breaches Reported in the Last 24 Hours

Norwegian media targeted

One of the largest news publishers in Norway, Amedia, announced that several of its central computer systems were apparently taken offline due to a cyberattack. The attack forced the publisher to halt its printing presses. According to the company, it is unclear whether any personal information of customers has been compromised in the incident.

Fintech firm suffers Log4j attack

A Vietnamese crypto trading platform, ONUS, recently suffered a cyberattack on its payment system running a vulnerable version of Log4j. Threat actors demanded a $5 million sum from ONUS and threatened to publish the customer data if the firm refused to comply.

T-Mobile customers breached

In a new report, T-Mobile disclosed that cyberattackers recently accessed a small number of customers’ accounts. Some T-Mobile customers either fell victim to a SIM swapping attack, had their personal plan information exposed, or both.

Top Malware Reported in the Last 24 Hours

Flagpro malware uncovered

NTT researchers found the BlackTech cyberespionage group targeting Japanese companies using a novel malware that researchers call Flagpro. The APT group uses Flagpro for network reconnaissance, to evaluate the target’s environment, and to download a second-stage payload and execute it.

MSBuild abused by cybercriminals

Researchers at Morphus Labs and SANS Internet Storm Center observed attack campaigns abusing MSBuild to execute a Cobalt Strike payload on compromised systems. The malicious MSBuild project was being used to compile and execute specific C# code that in turn decodes and executes Cobalt Strike.

Riskware apps on Android

A slew of malicious apps were spotted on the Samsung Galaxy Store, triggering security warnings from Google Play Protect for numerous users. The apps request access to risky permissions that could allow the installation of malware on the Android device.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in EVlink charging stations

Schneider Electric issued patches for several vulnerabilities that put its EVlink electric vehicle charging stations at risk of remote hacking attempts. The security flaws include cross-site request forgery and cross-site scripting bugs that can be exploited to carry out actions on behalf of a legitimate user. The most severe flaw, having a CVSS score of 9.3, is a server-side request forgery vulnerability.

New Log4j update

The Apache Software Foundation rolled out fresh patches to fix an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4.

Related Threat Briefings