Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 15, 2021

Yet, there’s another Chrome exploit in the wild. A security researcher has published a PoC exploit on a recently discovered zero-day vulnerability Google Chrome, Microsoft Edge, and other Chromium-based browsers. Tracked as a remote code execution vulnerability, the flaw resides in the v8 JavaScript engine used by Chromium. Although a patch for the flaw has been issued, it's still unclear as to when Google will add it to Chrome.

A new case of misconfigured Amazon AWS bucket has grabbed the eyeballs of security experts. The unprotected database which reportedly belongs to an online packaging marketplace, Bizongo, had leaked 643 GB worth of data online.

Top Breaches Reported in the Last 24 Hours

Babuk ransomware posts 500 GB of data

Babuk ransomware operators have reportedly posted 500 GB worth of Houston Rockets’ internal business data on its dark web forum. The alleged data includes contracts, non-disclosure agreements, and financial data.

Bizongo leaks data

An online packaging marketplace, Bizongo, was affected by a data leak incident that occurred in December 2020. During this time period, approximately 2,532,610 files were exposed due to misconfigured AWS S3 data bucket.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Kubernetes

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to Denial of Service (DoS). The flaw (CVE-2021-20291) affects the Go library called ‘containers/storage’. Patches for the bug have been issued in version 1.28.1 of containers/storage, CRI-O version v1.20.2, and Podman version 3.1.0.

SAP issues patches

SAP has issued 14 new security notes and 5 updates as part of April 2021 Security Patch Day. One of the fixes is for a critical issue in SAP commerce. The critical vulnerability, tracked as CVE-2021-27602, could be exploited by remote attackers to execute code on vulnerable installs. It is rated a CVSS score of 9.9.

PoC for Unpatched Chromium flaw

A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge, and other web browsers. The flaw resides in the v8 JavaScript engine used by Chromium and can be exploited for arbitrary code execution in the browser process. The flaw has been patched in the code but the patch is yet to be shipped to Chrome or Edge users.

Top Scams Reported in the Last 24 Hours

Fake LinkedIn email leads

Users of employment-oriented services are being targeted with customized phishing emails that attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads. According to the Bitdefender Antispam Lab telemetry, over 500 million scam emails selling premium LinkedIn leads have been spotted across the U.S., the Middle East, and Canada. The emails advertise the delivery of “verified and 100% accurate LinkedIn leads” but rarely stick to their word, siphoning off thousands of dollars from targets.

Related Threat Briefings