We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Oct 19, 2021

Imagine the data of all the citizens of your country in the hands of a hacker who plans on selling and leaking it. This is exactly what happened in Argentina. An individual gained access to the National Registry of Persons and stole ID cards for the entire population. The data also includes details of the country’s president, several politicians, and journalists.

While Argentina is dealing with this massive breach, Acer suffered its second and third attacks this year at its subsidiaries in Taiwan and India. The attack was conducted by DESORDEN, who was previously linked to Chaos. While we are on the topic of hacker gangs, TeamTNT, the notorious group that has previously targeted major cloud platforms, was spotted using malicious Docker images to propagate its attacks to more targets.

Top Breaches Reported in the Last 24 Hours

Argentinian government database stolen

A hacker made off with the entire Argentinian government’s ID database by breaching the National Registry of Persons (RENAPER). The data is now being sold in private circles and even contains the details of Lionel Messi, Sergio Aguero, and Alberto Fernández.

Two attacks hit Acer

Acer underwent two cyberattacks in the span of a week, reportedly, conducted by DESORDEN. The attacks affected Acer Taiwan and India and the PC and device maker is notifying its customers. The gang claimed to have pilfered 60GB of databases and files from the India-based servers.

Chinese hackers attack Israeli hospitals

As per a joint announcement by the Ministry of Health and the National Cyber Directorate in Israel, ransomware attacks spiked in the weekend and targeted the systems of nine health facilities. The local media has pointed fingers toward Chinese hackers using the DeepBlueMagic ransomware variant.

Top Malware Reported in the Last 24 Hours

Joint advisory on BlackMatter

The FBI, CISA, and NSA published joint advisory offering details on BlackMatter operations and how to defend against them. The advisory also provides info on the tactics, techniques, and procedures used by the gang.

New TeamTNT campaign

Researchers from Uptycs identified a new TeamTNT campaign in which the threat actor executed a malicious image hosted on Docker hub to download masscanner and Zgrab scanner. The gang leverages these scanner tools to scan for more targets in the victims’ cloud and conduct further activities.

New gang conducts cyberespionage

Harvester, a previously undocumented state-sponsored threat actor, was spotted deploying unique toolsets to target telcos and IT firms in South Asia. The group has been conducting highly targeted espionage campaigns against IT, government, and telecom entities to gather intelligence. No connection with any known adversary has been found yet.

TA505 conducts new campaign

A mass volume email campaign by the notorious TA505 gang has been impacting industries mostly in Germany and Austria. The campaign is propagating a new FlawedGrace strain, which is a fully-featured RAT.

Top Vulnerabilities Reported in the Last 24 Hours

HRS flaws in Node.js

Node.js maintainers have patched two HTTP Request Smuggling (HRS) flaws in the runtime environment. While CVE-2021-22959 is a classic HRS technique, the other one—CVE-2021-22960—is a unique one.

Patch PowerShell, urges Microsoft

Microsoft has urged admins to patch PowerShell 7 and PowerShell 7.1 against two bugs that enable bad actors to bypass Windows Defender Application Control enforcements and access plain text credentials. The vulnerabilities are tracked as CVE-2020-0951 and CVE-2021-41355.

WordPress plugin rife with bugs

WP Fastest Cache, a renowned WordPress plugin, has been found vulnerable to an Authenticated SQL Injection flaw and a Stored XSS via CSRF issue. The XSS issue is tracked as CVE-2021-24869 and has been assigned a CVSS score of 9.6. The vulnerabilities have been eliminated in WP Fastest Cache plugin version 0.9.5.

Related Threat Briefings