The New Year is here, let’s start it off right by saving you hours each day.
Wouldn’t you like to know if the top threats in the news impact you the second you read about them? That’s just what Fletch does for you every day.
For example, here are last week’s top trending threats. With the Fletch Trending Threats app, you would already know if these threats affect your company.
- Chinese Hacker Group Uses Log4j Exploit to Target Academic Institution
- New Flagpro malware linked to Chinese state-backed hackers
- Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
- Threat Actor Uses Novel HP iLO Rootkit to Wipe Servers
- Log4j 2.17.1 out now, fixes new remote code execution bug
In fact, here is a handy guide featuring some of our favorite Vulnerability Management and Endpoint Detection & Response (EDR) products Fletch connects with to put the news in context for you.
Happy New Year,
Fletch Team
P.S. see below for more information on the top trending cyber threats in the news last week.
Chinese Hacker Group Uses Log4j Exploit to Target Academic Institution
A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday . ... Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology.
Malware: Cobalt Strike, njRAT
New Flagpro malware linked to Chinese state-backed hackers
BlackTech cyber-espionage APT (advanced persistent threat) group has been spotted targeting Japanese companies using novel malware that researchers call ‘Flagpro’. ... The threat actor uses Flagpro in the initial stage of an attack for network reconnaissance, to evaluate the target’s environment, and to download second-stage malware and execute it.
Malware: Flagpro, SelfMake Loader, SpiderRAT
Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
The attacks exploited misconfigured Docker APIs that allowed them to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency, researchers said. ... Though attackers use the same entry point and tactics to achieve their ultimate goal of cryptomining during the attack vector, what changed most about the attack over the years is how threat actors constantly have evolved evasive maneuvers to avoid detection, researchers said.
Malware: Autom
Threat Actor Uses Novel HP iLO Rootkit to Wipe Servers
An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations. ... But Amnpardaz said that since 2020, it investigated several incidents where a mysterious threat actor compromised targets and hid inside iLO as a way to survive OS reinstalls and maintain persistence inside the victim’s network.
Malware: iLOBleed
Log4j 2.17.1 out now, fixes new remote code execution bug
Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. ... While the critical risk posed by the original Log4Shell exploit is paramount, milder variants of the vulnerability emerged in Log4j versions, including 2.15 and 2.16—previously believed to be fully patched.
CVEs: CVE-2021-44832, CVE-2021-44228
