Updated: Nov 23
Now a day fake ransomware attacks are now targeting WordPress website owners into paying ransom money. Cybersecurity researchers have disclosed that threat actors mainly targeted nearly 300 websites in a new wave of attacks that involved fake ransomware infections notices. In another vital ransomware attack, miscreants used the typosquatting technique to create names of a JS library in an attempt to deliver ransomware to NPM and promote the malware-laden files via Discord.
Be attention online shoppers! Digital card skimming attacks just got more and more sophisticated as hackers are turning to a new Golang Malware to evade detection. The malware basically dubbed the Linux_avp backdoor, is being deployed along with the card skimmer on compromised websites.
Top Breaches Reported in the Last 48 Hours
Pizza Kitchen data breached California-based Pizza kitchen exposed 100,000 employee social security numbers. The organization learned about the attack on September 15, in which attackers had infiltrated its systems and gained access to certain files.
North Korea hackers intensify attacks
Attacks on Frontier Software
Frontier software is currently facing a cyber-attack incident which has resulted in limited access to some of the computer systems and data. The incident is currently under investigation.
New Aggah campaign discovered
A new campaign linked with Aggah threat actor group hijacks clipboards to replace cryptocurrency addresses. Hacker uses clipboard hijacking code that is installed into the victim's host registry. so far malicious code has been replaced cryptocurrency addresses for seven different cryptocurrencies.
WordPress sites targeted by a hacker
Hundreds of WordPress base websites have been targeted in fake ransomware attacks. Approx
300 WordPress websites were targeted in a new wave of attacks displaying fake ransomware infection notices and demanding 0.1 Bitcoin in ransom to restore a site.
StripChat has suffered a major security breach that resulted in the data of millions of users and cam models. The leaked data also includes usernames, email addresses, IP addresses, ISp details, and accounts status of users and adult models.
Top Malware Reported in the Last 48 Hours
Malicious noblox.js package
Malicious has been typosquatting the noblox.js package in an attempt to deliver ransomware to NPM and then promote the malware-laden files via Discord. as per the report, at least six malicious packages have been discovered downloading the malicious code.
11 malicious libraries removed
The operators of the python package index have removed 11 malicious python packages. it's designed to collect user data, passwords, and Discord access tokens from infected systems. As per the report, these libraries were downloaded more than 30,000 times. One of these libraries also exposed the dependency confusion technique.
New Memento ransomware
New ransomware, dubbed Memento, takes full advantage of the vCenter vulnerability CVE-2021-21971 to spread across systems. After the reconnaissance stage, the hackers use WinRAR to create an archive of the stolen files and exfiltrate it. In the final stage, it encrypts the passwords and deletes the original files.
New linux_avp backdoor spotted
Security researchers discovered that hackers are also deploying a Linux backdoor on a compromised e-commerce server after injecting a credit card skimmer into an online shopping website. PHP-coded web skimmer designed to steal and exfiltrate customers' payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder.
Top Vulnerabilities Reported in the Last 24 Hours
New HTTP smuggling attack
A cyber security researcher has explained how a weakness Amazon Web Services (AWS) API Gateway could be exploited via a HTTP header smuggling attack. The hacker leverages the security weakens of the API to execute the malicious request or launch attacks. The AWS team took notice of the issue and is working on resolving it.
Intel fixes a critical flaw
Intel is fixing a major vulnerability that unauthorized people with physical access can exploit to install malicious firmware on the chip to defeat a variety of measures, including protections provided by Bitlocker, trusted platform modules, anti-copying restrictions, and others. The flaw also can let hackers bypass various security measures such as Bitlocker, TMP protection and anti-coping blocks.
Microsoft patches an XSS flaw
Microsoft has patched a reflected cross-site scripting (XSS) vulnerability in Exchange Server. Tracked as CVE-2021-41349, the flaw could have allowed attackers to read/send emails or perform state-changing actions in the application.
A new version of Rowhammer attack
Cybersecurity researchers have disclosed yet another variation of the Rowhammer attack affecting all DEAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. Dubbed as Blacksmith, the technique exploits the flaw CVE-2021-42114, with a CVSS score of 9.0 out of 10.