Cyware Daily Threat Intelligence

Daily Threat Briefing • Apr 30, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Apr 30, 2021
A stitch in time can protect IoT and OT system vendors from a newly found BadAlloc vulnerability. A collection of 25 remote code execution vulnerabilities, BadAlloc can enable threat actors to bypass security controls, execute malicious code or cause a system to crash.
Meanwhile, a financially motivated threat actor group got hands-on a zero-day flaw in SonicWall VPN appliances with an intent to distribute a new FIVEHANDS ransomware on victims’ systems. The flaw was actively tapped until the vendor released security patches.
An unnamed ransomware was also sighted in an attack on the Resort Municipality of Whistler, Canada. Following the attack, the organization was forced to shut down its network, website, email, and phone systems.
Top Breaches Reported in the Last 24 Hours
Resort Municipality of Whistler affected
The Resort Municipality of Whistler in British Columbia, Canada, has suffered an attack from a new ransomware gang. This forced the organization to shut down its network, website, email, and phone systems. Due to this disruption, all online activities and certain in-person municipality activities have been suspended.
Rio Grande do Sul court hit
Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit in an attack by REvil ransomware. Following the attack, the gang encrypted employees’ files and forced the courts to shut down their network. A ransom demand of $5,000,000 has been made to decrypt files and prevent the leaking of data.
Top Malware Reported in the Last 24 Hours
New FIVEHANDS ransomware
A financially motivated threat actor group actively tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company. The flaw, tracked as CVE-2021-20016, was abused to deploy a new ransomware called FIVEHANDS into victims’ systems.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable F5 BIG-IP Networks
F5 Networks have released patches for an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM). Tracked as CVE-2021-23008, the vulnerability can allow threat actors to hijack a Kerberos KDC (Key Distribution Center) connection using a spoofed AS-REP (Kerberos Authentication Service Response).
New BadAlloc flaw
Microsoft security researchers have discovered a set of 25 remote code execution flaws, collectively known as BadAlloc, that affects many IoT devices and OT industrial systems. These flaws are caused by memory allocation Integer Overflow or Wraparound bugs. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on devices.
Faulty PHP Composer package addressed
The maintainer of the PHP Composer package has addressed a command injection flaw, CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. The flaw has been addressed in Composer versions 2.0.13 and 1.10.22.
New BIND vulnerabilities
The Internet Systems Consortium (ISC) has released an advisory for three vulnerabilities that impact the safety of ISC Berkeley Internet Name Domain (BIND). The vulnerabilities are tracked as CVE-2021-25216, CVE-2021-25215, and CVE-2021-25214. The flaws are addressed in versions 9.11.31, 9.16.15, and 9.17.12 of BIND.