Newsletter

Weekly Threat Pulse (11/30)

November 30, 2021

Introducing The Fletch Expert Series

We’re excited to introduce The Fletch Expert Series featuring conversations with some of the top minds in cybersecurity shining light on the most pressing issues facing the industry.

As the world is changing at the speed of code, our processes, our systems, and our people simply can’t keep up. To solve the challenges of today, we have to look beyond the thinking of the past. The reality is the good guys can’t get ahead in this fight against cybercriminals. WE need a new perspective to build a better future.

With that in mind, over the next several weeks, we are excited to share a series of conversations with cybersecurity experts bringing diverse views to topics like:

Why aren’t current approaches/processes/technologies working?
What is broken and why?
How do we solve these issues?
What does the future look like?

Here is the first segment with Erik Swan - Founder of Splunk and Board Member at Fletch covering the connection between technology and the cybersecurity talent gap.

Top Trending Threats

Below are the top 5 trending cyber threats in the news last week. Was your organization impacted?

Join dozens of other organizations like ezCater, Xolv, ClearView Healthcare Partners, and Included Health using Fletch’s Trending Threats app to evaluate if your company was impacted.

Watch this video to learn more and use this link to skip our waitlist.

If you have any questions or would like to learn more, send us an email at info@fletch.ai.

Below learn more about the top trending cyber threats in the news last week.

Attackers exploiting zero-day vulnerability in Windows Installer

Cisco Talos is releasing new SNORTⓇ rules to protect against the exploitation of a zero-day elevation of privilege vulnerability in Microsoft Windows Installer. ... Security researcher Abdelhamid Naceri initially discovered this elevation of privilege vulnerability and worked with Microsoft to address it.

CVEs: CVE-2021-41379

View Article

Over nine million Android devices infected by info-stealing trojan

The trojan is detected by Dr.Web as 'Android.Cynos.7.origin' and is a modified version of the Cynos malware designed to collect sensitive user data. ... The aggressive nature of the trojan becomes apparent right from the installation phase when it asks for permission to perform activities that are not generally associated with a game, such as making phone calls or detecting users' locations.

Malware: Cynos

View Article

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

While InfoSec forums have noted the spike in detections during the third quarter, we noticed two new arrival mechanisms included in the existing roster of delivery techniques that malicious actors abused for data theft and ransomware. ... While the initial delivery mechanism has yet to be identified, it’s possible that the use of these packages are part of a wider social engineering technique to deceive users into downloading and implementing the compromised installers.

Malware: BazarBackdoor

View Article

New CronRAT malware infects Linux systems using odd day cron jobs

Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. ... The researchers note that the malware contacts a command and control (C2) server (47.115.46.167) using an “exotic feature of the Linux kernel that enables TCP communication via a file.”

Malware: CronRAT

View Article

VMware addresses SSRF, arbitrary file read flaws in vCenter Server

VMware has released security updates for vCenter Server after fixing arbitrary file read and server-side request forgery (SSRF) vulnerabilities in the vSphere Web Client (FLEX/Flash). ... The 7.x release line, which cannot use vSphere Web Client (FLEX/Flash), is unaffected by the flaws.

CVEs: CVE-2021-21980, CVE-2021-22049