Cyware Daily Threat Intelligence
Daily Threat Briefing • October 13, 2021
It’s that time of the month when security vendors and software companies are rolling out a huge number of security patches to address critical- to medium-severity vulnerabilities. Joining this month’s edition of bug fixes are Microsoft and SAP. While Microsoft issued security patches for over 71 vulnerabilities affecting Windows and other products, SAP announced the release of 13 security notes for flaws found in Environmental Compliance.
Threats of new malware continue to loom large over cyberspace. A new version of FreakOut botnet added a new exploit for Visual Tools DVR to deploy Monero miner. In another incident, threat actors leveraged a now-patched zero-day exploit for Microsoft Windows to distribute MysterySnail RAT.
Top Breaches Reported in the Last 24 Hours
Hariexpress exposes data
A Brazilian e-commerce firm Hariexpress inadvertently exposed close to 1.8 billion records due to a misconfigured Elasticsearch server. The affected data included personal information such as full names, email addresses, physical addresses, phone numbers of customers, and sellers.
SnapMC targets VPN and web server apps
A new threat actor tracked as SnapMC targeted a range of flaws in VPN and web server apps to breach into a target corporate network. The attackers exfiltrated the data without encrypting the files.
Meliá Hotels International affected
A cybersecurity incident crippled activities at Meliá Hotels International, affecting the internal network, some web-based servers, and reservation systems. So far, no ransomware gang has claimed responsibility for the attack.
Top Malware Reported in the Last 24 Hours
Malicious Python package removed
The PyPI repository removed a Python package called ‘mitmproxy2’ that could be abused to launch malware injection, typosquatting, and brandjacking attacks. The package mimicked the original package ‘mitmproxy’.
New FreakOut botnet
Operators of the FreakOut botnet have added a PoC exploit for Visual Tools DVR VX16 4.2.28.0 that can be abused to deploy a Monero miner. The malware script can run on both Windows and Linux systems.
MysterySnail RAT
A zero-day exploit for Microsoft Windows was exploited to deliver the new MysterySnail RAT malware to Windows servers. Microsoft patched the bug (CVE-2021-40449) as part of its October Patch Tuesday updates. The malware is capable of deleting files, killing arbitrary processes, pilfering directory lists, and terminating file-reading operations.
Top Vulnerabilities Reported in the Last 24 Hours
SAP announces patches
SAP has released 13 security notes for vulnerabilities affecting its Environmental Compliance. The most important of these are tracked as CVE-2021-10683 and CVE-2021-23926. Both are related to XML external entity injection issues.
Microsoft rolls out updates
Microsoft has rolled out security patches for a total of 71 vulnerabilities impacting Windows and other software. Two of these flaws are rated ‘Critical’, 68 are rated ‘Important’, and one is rated ‘Low’ in severity. Four of these are zero-day vulnerabilities—CVE-2021-40449, CVE-2021-41335, CVE-2021-40469, and CVE-2021-41338.
Industrial giants address flaws
Industrial giants Siemens and Schneider have issued advisories for over 50 vulnerabilities affecting their products. Siemens alone released 5 new advisories covering 33 vulnerabilities.
Flawed OpenSea NFT fixed
Flaws discovered in the OpenSea NFT marketplace could have allowed hackers to hijack user accounts and steal entire crypto wallets. The firm took immediate action by releasing security patches.
Top Scams Reported in the Last 24 Hours
Impersonating company logos
Phishers are leveraging mathematical symbols to impersonate company logos as a part of their new evasion technique. One notable case spotted by an analyst was at INKY. In this case, the actors used a square root symbol, a logical NOR operator, or the checkmark symbol to create a slight optical differentiation.