Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 14, 2021 - Featured Image

Daily Threat Briefing Apr 21, 2021

Unpatched zero-day flaws have led to a spike in cyberattacks and a majority of these is attributed to a critical zero-day authentication bypass vulnerability discovered in the Pulse Secure Connect gateway. The flaw has been used as a part of the initial infection vector to distribute 12 malware families across multiple government and law enforcement agencies.

Moreover, exploitation of three zero-day vulnerabilities affecting SonicWall ES/Hosted Email Security has also come to the light. Users are advised to apply security patches to stay safe from these attacks.

Amid these threats, major security updates that compromise fixes for around 390 flaws have been announced by Oracle. Around 200 of these flaws can be exploited remotely without authentication.

Top Breaches Reported in the Last 24 Hours

REvil gang after laptop manufacturers

REvil ransomware gang has claimed to steal a huge trove of data from several laptop and other gadget manufacturers. The data accessed include large quantities of confidential drawings and gigabytes of personal data belonging to the likes of Apple, Dell, HPE, Lenovo, and Cisco.

Eversource suffers a breach

Misconfigured database belonging to Eversource has leaked names, addresses, phone numbers, social security numbers, and account numbers of users. The database also contained unencrypted files from August 2019 and included the personal information of 11,000 Eversource Eastern Massachusetts customers.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle fixes 390 flaws

Oracle has released fixes for 390 vulnerabilities as part of the April 2021 Critical Patch Update. Around 200 of these flaws can be exploited remotely without authentication. The highest number of patches (77) has been received by Oracle’s E-Business Suite. Other impacted Oracle products include Communications, PeopleSoft, Financial Services Applications, JD Edwards, Database, Communications Applications, Construction and Engineering, Enterprise Manager, and Siebel CRM.

SonicWall warns about mass exploitation

SonicWall has warned customers about three zero-day vulnerabilities that are being exploited in the wild. The flaws are tracked as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. SonicWall has urged its customers to apply patches for these vulnerabilities that impact ES/Hosted Email Security versions 10.0.1 and above.

Pulse Secure 0-day exploitation

A newly discovered zero-day authentication bypass vulnerability found in Pulse Connect Secure gateway is currently being exploited in the wild, for which there is no patch yet. Tracked as CVE-2021-22893, the flaw has been linked with multiple attack campaigns that deployed nearly 12 malware families against different government and law enforcement agencies.

Mozilla fixes 13 flaws

Mozilla Foundation has fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communication icon. Successful exploitation of the flaw (CVE-2021-23998) could have allowed a rogue website to intercept browser communications.

Flaw in debug toolbar fixed

Developers have fixed a serious security flaw in a debug toolbar for the popular Django framework. Tracked as CVE-2021-30459, the flaw arises because due to the change in the code of the SQL ‘explain’, ‘analyze’, or ‘select’ forms supported by the tool.

Top Scams Reported in the Last 24 Hours

Bloomberg impersonated

Hackers are impersonating Bloomberg employees in an attempt to install RAT on target computers. The perpetrators send fake Bloomberg invoices laced with the trojan that could be used to surveil computer networks or steal data. Researchers claim that the phishing campaign has been active since last year and involved the use of a tool named NanoCore.

Related Threat Briefings