Threats due to Log4j vulnerability continue to scare organizations and one such incident has been reported in the last 24 hours. The Iran-based TunnelVision APT group was found exploiting the critical Log4Shell flaw to infect unpatched VMware Horizon instances with ransomware. Organizations running the vulnerable software are on the target list of this notorious hacking group.

There’s a major update on the PseudoManuscrypt botnet that is on a mission to build armies of infected IoT devices. A majority of these infected devices, especially Windows machines, were found in South Korea and were infected since May 2021. Meanwhile, scammers are taking advantage of the crypto fever as a new scam dubbed FreeCryptoScam comes to light.

Top Breaches Reported in the Last 24 Hours

Vaping store suffers breach

Element Vape, a prominent online seller of e-cigarettes and vaping kits, has been hacked after threat actors loaded a malicious JavaScript file to steal credit card details. The infostealer deployed on the site was found collecting customers’ payment cards and billing information on checkout. The details included email addresses, phone numbers, and ZIP codes of users.

Fertility clinic attacked

A New York-based fertility clinic, Extend Fertility, is notifying patients about a recent security breach that compromised their personal details. The incident was discovered on December 20, 2021, and the compromised data includes dates of birth, usernames, dates of service, medical account number, medical history, and treatment information of patients.

Top Malware Reported in the Last 24 Hours

Update on PseudoManuscrypt botnet

In a significant revelation, researchers found that numerous Windows machines located in South Korea have been targeted by the PseudoManuscrypt botnet since at least May 2021. The botnet employs the same tactics as CryptBot. It is distributed in the form of an installer for cracked software.

Top Vulnerabilities Reported in the Last 24 Hours

Intel patches 18 flaws

Intel has issued 22 security advisories for 18 security flaws, seven of which are rated high severity. Most of these flaws can be exploited for privilege escalation. Others can lead to information disclosure or a Denial of Service (DoS). The flaws impact Kernelflinger open source project, Intel Quartus Prime components, PROSet/Wireless WiFi and Killer WiFi products, AMT SDK, Setup and Configuration Software (SCS), and Management Engine BIOS eXtensions (MEBx).

Log4j flaw exploited

Researchers have tracked a new campaign in the wild that exploits the Log4j vulnerability. The campaign is linked with the Iran-based TunnelVision APT group and is being used to deploy ransomware on machines running vulnerable VMware Horizon instances.

A serious flaw in the UpdraftPlus plugin

A patch has been issued to address a serious flaw in the UpdraftPlus plugin that has over 3 million installations. The flaw, tracked as CVE-2021-0633, could allow a logged-in user to download backups made with the plugin. It has a CVSS score of 8.5.

Flawed Snap software fixed

Six vulnerabilities discovered in Canonical’s Snap software system can be exploited to escalate privilege to an administrator level. The most severe issue is tracked as CVE-2021-44731. Users are urged to patch the software to stay protected.

Top Scams Reported in the Last 24 Hours

FreeCryptoScam

In January, researchers identified a scam, dubbed FreeCryptoScam, that targeted cryptocurrency users. The scam lured users into downloading Dark Crystal RAT by luring them into an offer of free cryptocurrency. The Dark Crystal RAT further downloaded Redline and TVRat for the further infection process.