Welcome to the first daily threat briefing of 2022. Ransomware gangs are back in business with a new round of attacks launched by a brand new ransomware dubbed Lapsus$. The malware registered its first victim in December 2021 by targeting Brazil’s Ministry of Health. Over the New Year holiday, Lapsus$ added a second new victim named Impresa, a Portuguese media group.

In other news, researchers discovered six new high-risk vulnerabilities in widely used Netgear routers that pose a potential security threat for users. Meanwhile, beware of any phishing emails that offer you a huge discount for a McAfee antivirus subscription. Apparently, the offer is used as a lure to trick users into sharing their credentials and banking details.

Top Breaches Reported in the Last 24 Hours

Israel’s news site hacked

Israel’s Jerusalem Post newspaper disclosed that its website was defaced after it was hacked by Iranian threat actors. However, its mobile app and other Israeli news websites appear to work normally.

PulseTV discloses data breach

U.S. online store PulseTV was the victim of a data breach that affected more than 200,000 of its customers. The company became aware of the incident in July 2021. Toward November, the investigators revealed that attackers had gained unauthorized access to common points of purchase on the website.

Top Malware Reported in the Last 24 Hours

New Lapsus$ ransomware

A newly discovered Lapsus$ ransomware gang has hacked and is currently extorting the Portuguese media group, Impresa. The ransomware had first appeared in December 2021, with an attack on Brazil’s Ministry of Health. The latest attack on Impresa has affected the company’s online information technology server infrastructure, including the websites for SIC and Expresso. However, the broadcast and cable TV services remained unaffected.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched Netgear routers

Researchers uncovered six high-risk vulnerabilities impacting Netgear Nighthawk R6700v3 routers. The flaws are tracked as CVE-2021-20173, CVE-2021-20174, CVE-2021-20175, CVE-2021-23147, CVE-2021-45732, and CVE-2021-45077. They can be abused to take complete control of the device. The vendor is yet to address the flaws.

HCL issues patches

HCL Technologies has patched multiple serious vulnerabilities affecting its Digital Experience (DX) platform. All of these flaws are related to Server-Side Request Forgery (SSRF) and could have led to remote code execution attacks.

Top Scams Reported in the Last 24 Hours

McAfee phishing campaign

A new email phishing campaign was found tricking users with a fake McAfee antivirus subscription. The email appeared to come from McAfee and notified recipients about a subscription that has expired. It created a sense of urgency by offering the users a huge discount on a new subscription for a limited period of time. Once the users are convinced and click on the ‘Continue’ button, they are redirected to a phishing page that collects credentials and billing details.