We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 2, 2021

One of the many software companies targeted in a large-scale supply chain attack spree is Autodesk that identified a compromised server. In other news, the Mozi botnet was found targeting vulnerable devices and a new malware family was seen leveraging CLFS files. Why should cybercrime newbies stay behind when they can leverage the dropper-as-a-service at a minimum price to push their malware onto thousands of victims’ PCs? Find out!

Vulnerabilities continue to plague devices and software applications. While billions of devices were impacted by a new set of Bluetooth vulnerabilities, a flaw was discovered in a popular messaging platform that allowed attackers to read sensitive information from its memory. Another recent vulnerabilities news is about a bug in Enterprise NFV Infrastructure Software (NFVIS) that could be exploited to bypass authentication and login as an administrator to a compromised device.

Top Breaches Reported in the Last 24 Hours

Autodesk, a victim of Sunburst

Almost after nine months of the large-scale SolarWinds Orion supply chain attack conducted by the Russian state hackers, Autodesk confirmed being a victim. The software company discovered one of its servers that was backdoored with Sunburst malware.

Hackers exploit Confluence vulnerability

Recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product was exploited by attackers. Tracked as CVE-2021-26084, the flaw could allow remote hackers to execute arbitrary code on affected Confluence Server and Data Center instances. In some cases, the vulnerability can be exploited without authentication.

LockBit attacks Bangkok airlines

After Bangkok Airways revealed being hit by LockBit 2.0, the ransomware gang published what it claims to be the airline’s encrypted files on its leak site. Allegedly, the ransomware gang launched successful attacks at two airlines and one airport by gaining insights from the attack that it conducted on Accenture.

Top Malware Reported in the Last 24 Hours

Mozi continues to spread

According to Netlab, one of the advantages of the Mozi botnet is its robustness and even if some of the nodes of its P2P network go down, the remaining nodes will continue to infect other vulnerable devices. Moreover, the discovery of malware, Mozi_ssh, suggests that the botnet is also being employed to cash in on illegal cryptocurrency mining.

New malware uses CLFS files

Newly discovered malware family, PRIVATELOG, and its installer, STASHLOG, have been relying on the common log file system (CLFS) to conceal a second-stage payload in registry transaction files. Most of the strings leveraged by PRIVATELOG and STASHLOG are obfuscated and they perform XOR’ing on each byte with a hard-coded byte inline without any loops.

Dropper-as-a-service providers push malware

While investigating Raccoon Stealer, researchers uncovered a network of websites providing dropper-as-a-service. Such services are relatively inexpensive for cybercrime newbies and cost just $2 for 1,000 malware installs via droppers.

Top Vulnerabilities Reported in the Last 24 Hours

Bluetooth flaws impact billions of devices

Security researchers found 16 vulnerabilities known as BrakTooth affecting the Bluetooth software stack of several popular SoC vendors, including Qualcomm, Intel, Texas Instruments, Silicon Labs, and Infineon (Cypress). The vulnerabilities can be leveraged to crash, freeze, or take over vulnerable devices.

Cisco fixes a critical flaw

Cisco releases security patches for a critical authentication bypass flaw, CVE-2021-34746, in Enterprise NFV Infrastructure Software (NFVIS). The PoC exploit code for the flaw is already available. This flaw could be exploited to avoid authentication and log in as an administrator to an infected device.

WhatsApp patches vulnerability

An out-of-bounds read-write vulnerability has been discovered in WhatsApp. Related to image filter functionality, this vulnerability allowed hackers to read confidential information from the messaging platform’s memory. However, WhatsApp released a fix for it in February.

Bugs infest WordPress sites

Two vulnerabilities have been found in the WordPress plugin, Gutenberg Template Library & Redux Framework, which is installed on over one million websites. The two flaws could allow arbitrary plugin installation, post deletions, and access potentially critical information related to a site’s configuration.

Related Threat Briefings