Threat Intelligence Cybersecurity Hacking News August 05, 2021
In recent vulnerabilities, millions of OT devices are at high risk of supply chain attack as a set of 14 new vulnerabilities unearthed in the widely used NicheStack TCP/IP stack. Target against most major telecommunications companies in Southeast Asia, the campaigns were launched by three distinct Chinese threat actor groups - SoftCell, Naikon, and Emissary Panda.
Top Breaches Reported in the Last 48 Hours
Misconfigured Elasticsearch database
Comparitech researchers published a report that revealed details of Elasticsearch's unsecured marketing database that leaked private details of about 35 million residents across Chicago, San Diego, and Los Angeles.
School District No. 73 hacked
KAMLOOPS — School District No. 73 (SD73, Kamloops-Thompson) insurance provider for international students suffers cybersecurity breach. The exposed sophisticated data included the identity and contact information of students.
Ransomware attack
In a recent attack, Lazio region in Italy has published are report of a ransomware attack that has disabled the regions' IT system including the COVID-19 vaccination registration portal.
Top Malware Reported in the Last 48 Hours
APT31 deploys new RAT
A new series of attacks linked with Chinese hacking group APT131 has been found using a new RAT to target Mongolia, Belarus, Canada, the United States.
Top Vulnerabilities Reported in the Last 48 Hours
INFRA:HALT vulnerability
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. These flaws can enable hackers to achieve remote code execution DOS, information leak, TCP spoofing, and DNS cache poisoning.
Google high-risk Patches
Google this week pushed a major security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The critical security vulnerability in the Media Framework component could enable a local malicious application to bypass operating system protections that isolate application data from other apps.
Chromium critical bugs
Security researchers found a dangerous bug in chromium that allowed malicious parties to inject malicious code into embedded site pages. This can further enable attackers to steal sophisticated information from the victim's device.
New Cobalt Strike bugs
Security researchers have disclosed Cobalt Strike denial of service (DOS) vulnerabilities that could allow blocking beacon command and control c2 communication channels and new deployments. DoS vulnerabilities collectively tracked as Hotcobalt (CVE-2021-36798) were patched in the Cobalt Strike beacon with the release of version 4.4.