Updated: Oct 2
A two-year-long cyberattack against the aviation sector has left researchers bewildered. Called ‘Operation Layover’, the campaign spearheaded by a group of Nigerian threat actors was used to spread njRAT and AsyncRAT through a malicious PDF file. There is a high-level chance that the attackers can put stolen data up for sale on underground forums to gain monetary benefits.
The espionage nightmare continues. Telcos and government agencies in Southeast Asia have also been targeted in a cyberespionage campaign that is active since March. The Mustang Panda APT group, the mastermind of the campaign, had hacked into the networks of the organizations to deploy PlugX backdoor. Meanwhile, financial institutions must be cautious of the newly found Numando banking trojan capable of stealing financial credentials.
Top Breaches Reported in the Last 7 days
Last week, the Russian technology and search engine giant Yandex revealed that it suffered the world’s largest DDoS attacks ever recorded. Now, in what seems to be a continuation of targeted DDoS attacks; Russia’s remote electronic voting system has become the latest victim of the campaign. These attacks originated from several countries such as India, China, Brazil, Russia, Germany, Thailand, Lithuania, Bangladesh, and the U.S.
Blackmatter ransomware gang over the weekend hit Marketron and New Cooperative. The attackers have demanded $5.9 million in ransom from New Cooperative.
Simon Eye data breach
More than 144,000 data breach that impacted all the patient's records. The possibly compromised data includes names, medical histories, treatment, diagnosis information, and health policy number of patients. The incident had occurred between May 12 and 18.
Austin Cancer Center breached
Cyberattack led to IT outage at 8 Texas cancer clinics: 36,000 exposed. Austin Cancer has notifying over 36,000 patients about the data breach that exposed all their sophisticated personal details.
Telcos and government agencies targeted
Again Mustang Panda targets telcos and government agencies in Southeast Asia. The attack that has been active since March, is being used to distribute the PlugX backdoor to gain persistence over systems.
Aviation industry targeted
A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos. Nigerian threat actor, the campaign was launched using malicious emails containing a PDF file purporting to be aviation-related information. The main purpose of the campaign was to spread AsyncRAT and njRAT.
Republican Governors Association targeted
After the hacker abused vulnerabilities in Microsoft Exchange email servers Republican Governors Association has sent out letters to notify 500 people about a security breach that exposed their PII Could.
Yonkers attacked by ransomware
Government employees at the City of Yonkers were denied access to their computers last week after cybercriminals launched a ransomware attack.
The city said that it refused to pay the ransom and would restore as much data as possible from backups. In the meantime, all the employees have been doing as much work as possible manually. This often means keeping pen and paper records that are transferred into databases when the systems are back online.
Top Vulnerabilities Reported in the Last 7 days
The FBI, CISA, and CGCYBER agencies have issued a critical warning about the mass exploitation of a critical vulnerability in the Zoho ManageEngine ADSelfService Plus software. The vulnerability is tracked as CVE-2021-40539 and impacts password management and SSO solution.
‘OMIGOD’ vulnerabilities put Azure customers at risk
A series of four vulnerabilities involving software agent Open Management Infrastructure has left Microsoft Azure customers exposed to remote code execution.
AMD has advised Windows users this week to update their operating systems in order to receive a patch for a dangerous vulnerability in one of its CPU chipset drivers that can be exploited to dump system memory and steal sensitive information from AMD-powered computers. The flaw, identified as CVE-2021-26333