Threat Intelligence Cybersecurity Hacking News July 29, 2021
Threat Intelligence Hacking News
Nowadays cybercriminal targeting in the healthcare sector today as cybercriminal compromised an Ontario-based mental health services provider. Cybercriminals are aggressively rebuilding their malware which makes as an indicator for the more sophisticated attack in near future. Meanwhile, the source code of Brunhilda malware has been reused to create a new Vultur Android malware that has affected between 5,000 and 8,000 users, so far.
Top Breaches Reported in the Last 24 Hours
Data leaked British Columbians
Sophisticated information stole from British Columbians from Homewood Health. The affected clients include BC Housing, Translink, and the Provincial Health Services Authority. Some of the Sophisticated data has been put for auction on the Marketo dark web.
Top Malware Reported in the Last 24 Hours
Oscorp evolves
An one more dangerous android malware was observed abusing accessibility services in the devices to hijack user passwords from European banking app. Oscorp has been renewed as the new UBELandroid botnet that is being sold for a price of $980 on underground forums
New Vultur Android malware
A newly android malware called Vultur is also able to records smartphones via VNC to steal passwords. First spotted in March 2021 by Dutch security firm ThreatFabric, Cybersecurity estimated that Vultur has infected between 5,000 and 8,000 users so far.
DoppelPaymer rebrands itself
The DoppelPaymer ransomware operation was rebranding as Grief with identical encryption algorithms, i.e. 2048-bit RSA and 256-bit AES and other minor code changes.
Agent Tesla and Formbook Malware
Cybersecurity researchers reported that attackers are using the XAMPP web server solutions stack to host Agent Tesla and Formbook malware.
Top Vulnerabilities Reported in the Last 24 Hours
Security Flawed open-source project Cybersecurity researchers discovered major nine security sophisticated flaws in three open-source projects: Akaunting, EspoCRM, and Pimcore, according to The Hacker News. All of them are typically used by a wide range of small and medium-sized businesses. These flaws are used to execute arbitrary javascript code, and take control of operating systems, and trigger a DoS condition.
A critical flaw in Microsoft Hyper-V A major flaw in Microsoft Hyper-V can allow attackers to push a Dos condition or execute arbitrary code on systems. The flaw resides in Microsoft Hyper-V’s network switch driver (vmswitch.sys), it affects Windows 10 and Windows Server 2012 through 2019.
Foxit Plugs multiple security holes
Foxit software this week releases major security updates for its pdf reader and PDF editor app. some of the security holes can remote code execution. Vulnerabilities addressed by Foxit were identified by Cisco Talos researchers, all three leading to arbitrary code execution.
And tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893 the bugs also carry a CVSS severity score of 8.8.
Security vulnerability Moodle e-learning platform
A major sophisticated attack on Moodle e-learning platform could be abused to allow the access of student data and test papers and also possibly even manipulate exam results.
Vulnerable IP cameras
As per France-based cybersecurity firm, RandoricSec IP cameras sold by a dozen of vendors are vulnerable to remote assaults due to a slew of serious and high-severity flaws affecting UDP Technology firmware. Flaws were discovered after the study of IP cameras. Hackers can abuse the vulnerability to take full control of vulnerable cameras.