Cyware Daily Threat Intelligence
Daily Threat Briefing • Oct 28, 2021
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Oct 28, 2021
Ransomware is shaking up the threat landscape as more organizations continue to fall victim to such attacks. However, there’s good news amid this rising threat. Avast has released free decryption keys to recover files encrypted by three ransomware strains - AtomSilo, Babuk, and LockFile. While the decryptor for AtomSilo and LockFile are the same, the decryption key for Babuk will work on files encrypted with .babuk or .babyk file extensions.
In another news, Adobe released a patch for over 90 security vulnerabilities. These flaws can be abused to launch remote code execution attacks and create denial-of-service conditions.
However, on the not-so-bright-side, two malicious NPM packages were found delivering ransomware and password-stealing trojans to victims’ machines.
Top Breaches Reported in the Last 24 Hours
Cream Finance hit again
Decentralized Finance (DeFi) platform Cream Finance has been hacked again, allowing hackers to steal an estimated $130 million worth of cryptocurrency assets. The attack occurred after hackers found a vulnerability in the platform’s flash loaning system. This is the third time that the platform has been hacked this year.
Private key leaked
The private key used to sign EU Digital Covid certificates has been reportedly leaked on online data breach marketplaces. Threat actors can get their hands on the private key and forge digital certificates or QR codes that may be then recognized as legitimate by the official government apps.
Scoolio leaks data
Approximately 400,000 users of Scoolio had their information exposed due to an API flaw in the platform. The data exposed includes nicknames, parent email addresses, interests, UUID details, and personality traits of users.
Top Malware Reported in the Last 24 Hours
Free decryption released
Avast has released free decryption utilities to recover files encrypted by three ransomware strains - AtomSilo, Babuk, and LockFile. The decryptors for AtomSilo and LockFile are the same because they share similarities. However, the decrypter will only work for past Babuk victims that had files encrypted with either the .babuk or .babyk file extensions only.
Malicious NPM packages
Malicious NPM packages pretending to be Roblox libraries are found delivering ransomware and password-stealing trojans to unsuspecting users. The two packages are named noblox.js-proxy and noblox.js-proxies.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable OptinMonster
Several vulnerabilities discovered in OptinMonster could have allowed attackers to export sensitive information and add malicious JavaScript to WordPress sites. One of these flaws is tracked as CVE-2021-39341 and has a CVSS score of 7.2. The flaws have been patched in version 2.6.5.
Apple updates iOS15
Apple has released another iOS15 update that addresses 22 serious security vulnerabilities. The flaws affect a wide range of iPhone and iPad software components. The flaws can be triggered via specially crafted PDF and image files. They can lead to arbitrary code execution or privilege execution attacks.
Adobe addresses 92 flaws
Adobe, has released a huge out-of-band security update for 92 vulnerabilities that affect 14 products. Sixty-six of these vulnerabilities can be abused to conduct remote code execution attacks. The abuse of other flaws can lead to information disclosure, privilege escalation issue, and denial-of-service attacks.
Fuji Electric issues patches
Fuji Electric has issued patches for half a dozen vulnerabilities affecting its factory monitoring software. The flaws affect versions prior to 4.0.12.0. The vulnerabilities are related to various memory corruption issues and arbitrary code execution.
New attack technique against WiFi
A new attack demonstrated on weak WiFi passwords can allow attackers to take control of devices. The attack leverages the flaw to retrieve PMKID hashes and crack network passwords.