This weekend has kept the organizations busy in mitigating the infamous Log4Shell vulnerability. Most of the giant companies such as Apple, Twitter Amazon, Pulse Secure, Google, and VMware have begun responding to the critical vulnerability that is being currently exploited in the wild.

Cyber Race between cybercriminals and cyber security teams continues with the discovery of new swanky mechanisms used by attackers to bypass the existing defenses. The last 7 days' threats were the first Rust-baed ransomware used in world attacks and a malware campaign by an infamous APT group distributing a keylogger through malicious installers.

Top Breaches Reported in the Last 7 days - Hacking News

Cox Communication hacked

Cox Communication has been disclosed they have been suffered a data breach after a hacker impersonated a support agent to gain access to customers' personal information. The cybercriminal may have accessed the details of some customers, including their names, addresses, telephone numbers, Cox account numbers, Cox.net email addresses, usernames, PIN codes, account security questions and answers, and the types of services they are subscribed to.

Hellmann ransomware

German-based logistics providers have announced a the end of last week that some of their servers have been affected by a sophisticated ransomware attack.

Government workers breached

Frontier Software was hit by a ransomware attack recently. Lucas said the company has informed the government that some of the data have been published online, with at least 38,000 employees and up to 80,000 government employees possibly having their data accessed.

Volvo attacked

Swedish manufacturer Volvo Cars announced on Friday that hackers had stolen research and development data from its systems in a cyberattack.

Top Malware Reported in the Last 7 Days - Hacking News

Malicious PyPI packages removed

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machine. These packages were downloaded almost 15,000 times were named aws-login0tool, dpp-client, and dpp-client1234.

First Rust-based ransomware

A first ransomware strain was discovered this week which was written in the Rust programming language. Discovered by security researchers from Recorded Future and MalwareHunterTeam, the ransomware is named ALPHV (or BlackCat). The ransomware is technically the third ransomware strain written in Rust programming language after a proof-of-concept strain was released on GitHub in 2020 and an experimental and now-defunct strain named BadBeeTeam was also seen later in the same year.

WordPress plugins Alert

Cybersecurity researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. Instead of injecting skimmers into ‘wp-admin’ and ‘wp-includes’ core directories, hackers are using the plugin files to hide their malicious scripts or inject a backdoor to gain persistence even after installation of the latest security updates.

Malware campaign by StrongPity APT

The sophisticated StrongPity hacker group was found using malware-laced Notepad++ installers to infect their targets with a keylogger coupled with persistence capabilities. The group, also known as APT-C-41 and Promethium, was previously known for distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018.

Microsoft stop QBot’s attack process

As QBot campaigns increase in size and frequency hence researchers are looking into ways to break the trojan's distribution chain and tackle the threat. In a new report, Microsoft breaks down the QBot attack chain into distinct "building blocks."

Top Vulnerabilities Reported in the Last 7days - Hacking News

Log4Shell attacks

Basically, Apache Log4j is java based logging tool that is disclosed critical vulnerability affecting the widely used Log4j logging utility. The flaw can be tracked as CVE-2021-44228 and dubbed Log4Shell — which can be exploited to gain complete access to the targeted system by getting the affected application to log a specially crafted string. The list of affected companies includes Apple, Twitter, Baidu, IBM, Google, LinkedIn, Cisco, and VMware, among others