No ifs no buts! Disable HTTP and HTTPS traffic to MOVEit Transfer, said the maker of the file-sharing software after being apprised of a third flaw in the application. The bug is an SQL injection issue that can lead to privilege escalation and unauthorized access to the affected environment. Meanwhile, a new Android malware campaign has surfaced to spread the latest variant of GravityRAT. Cybercriminals developed fake chat apps for BingeChat and Chatico to infect mobile devices and steal data from them.

A VPN application is a boon, but only if it’s genuine. Researchers have confirmed the existence of numerous counterfeit LetsVPN websites while conducting a routine threat-hunting exercise. The sites attempt to drop at least three different malware strains.

Top Breaches Reported in the Last 24 Hours

More victims appear in MOVEit incident

The victim count for MOVEit Transfer incident continues to rise. The Cl0p threat actors have published a list of thirteen companies, including British multinational oil and gas company Shell, UnitedHealthcare Student Resources (UHSR), the University of Georgia (UGA) and University System of Georgia (USG), Heidelberger Druck, and Landal Greenparks, as its victims on the leak site.

Defense data leak

Rhysida ransomware actors leaked the data they stole from the network of the Chilean Army (Ejército de Chile). They have leaked approximately 360,000 documents (~ 30% of all the stolen data). The attack originally took place on May 27 and, days after, an Army corporal was apprehended and formally accused of being involved in the cyberattack.

Real estate firm risks patient data

Onix Group, Pennsylvania, reported a ransomware incident to HHS that impacted its over a dozen addiction recovery centers and other medical facilities across states. This has resulted in the exposure of sensitive records of approximately 319,500 patients and employees. Attackers may have pilfered SSNs, billing and clinical information pertaining to the patient's medical care, health plan enrollment information, and more.

Top Malware Reported in the Last 24 Hours

Fake messaging apps drop GravityRAT

Security experts at ESET stumbled across an updated version of the Android GravityRAT spyware being distributed under the disguise of messaging applications such as BingeChat and Chatico. The BingeChat campaign is ongoing since August 2022, whereas the Chatico campaign doesn't seem active anymore. BingeChat is distributed through a website that promotes free messaging services. GravityRAT can extract WhatsApp backups and receive commands for file deletion.

Vidar received an upgrade

In response to public disclosures about their operations, the threat actors behind the Vidar malware have stepped up and modified their backend infrastructure. Team Cymru reported that the cybercriminals are rotating their backend IP infrastructure, favoring providers in Moldova and Russia to retool and hide their online activities. The information-stealing malware has been operational since late 2018, as a commercially available hacking tool.

Top Vulnerabilities Reported in the Last 24 Hours

Third Flaw in MOVEit Transfer

Progress Software has reported a third vulnerability in its MOVEit Transfer application. The bug, which still awaits a CVE identifier, is an SQL injection vulnerability. The company strongly advised customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443. This precautionary measure is recommended until a patch is prepared to address the identified weakness and provide enhanced security.

Top Scams Reported in the Last 24 Hours

Malware distribution via fake site

An attacker group has been discovered developing a number of fraudulent LetsVPN websites to deceive victims and direct them to download malware payloads. These deceptive websites distribute different harmful payloads such as the BlackMoon banking trojan, Farfli Backdoor, and Potentially Unwanted Applications (PUAs).