Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 3, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 3, 2021
DeadRinger threat cluster identified! Researchers have unfolded three sophisticated cyber-espionage campaigns that went undetected since 2017. Targeted against major telecommunications companies in Southeast Asia, the campaigns were launched by three distinct Chinese threat actor groups - SoftCell, Naikon, and Emissary Panda. The actors made use of China Chopper web shell, Mimikatz, and Cobalt Strike beacon to exfiltrate data.
Meanwhile, Raccoon information-stealer is all set to provide more opportunities for its operators as it now comes with inbuilt cryptocurrency stealing capabilities. According to researchers, the new malware variant is distributed via droppers disguised as cracked and pirated software.
Top Breaches Reported in the Last 24 Hours
Misconfigured Elasticsearch database
An unsecured Elasticsearch database had left the details of about 35 million residents across Chicago, San Diego, and Los Angeles exposed online. The data, which included gender, full names, dates of birth, and marital status of users, was publicly accessible till July 27 before it was secured.
School District No. 73 affected
Canada’s School District No.73 has suffered a security breach that impacted the personal information of students. The exposed data included the identity and contact information of students.
Top Malware Reported in the Last 24 Hours
Raccoon Stealer upgraded
Raccoon Stealer has been upgraded by its authors to steal cryptocurrency alongside financial information. According to researchers, the new malware variant is distributed via droppers disguised as cracked and pirated software.
**Top Vulnerabilities Reported in the Last 24 Hours **
Cisco addresses FDM flaw
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that can be exploited to remotely execute malicious code on affected devices. Tracked as CVE-2021-1518, the remote code execution flaw has a CVSS score of 6.3.
Flaws in PyPI repository fixed
Developers of the PyPI repository have fixed three severe vulnerabilities, one of which could allow threat actors to take full control of the portal. The flaws can also be abused to launch supply chain attacks by deleting documentation files and running bash commands in the PyPI codebase using GitHub Actions.
Microsoft Exchange flaws targeted
Three Chinese threat actor groups—SoftCell, Naikon, and Emissary Panda—were found targeting Microsoft Exchange vulnerabilities in a high-profile attack campaign, active since 2017. The attack is targeted against several government entities and telecom companies in Southeast Asia.
Blocking PetitPotam attack
Security researchers have devised a new way to block the new PetitPotam attack that can allow attackers to take control of a Windows domain controller. This involves using NETSH filters without affecting local EFS functionality.
Top Scams Reported in the Last 24 Hours
Scammers masquerading FINRA
Scammers are masquerading as members of the SEC, FINRA, and other state securities regulators to trick investors into sharing more information. They created fake social media profiles and fake websites as a part of the phishing campaign. In order to make it look convincing, scammers are further using fake documents that include real names and Central Registration Depository (CRD) numbers.