Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 05, 2021 - Featured Image

Daily Threat Briefing Aug 5, 2021

A new and scary Cybercrime-as-a- Service is haunting several organizations with a variety of malware. Dubbed Prometheus TDS (Traffic Distribution System), the tool has been designed to spread malicious Word documents and Excel Sheets that ultimately drop a Prometheus backdoor. So far, threat actors have distributed malware such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish by leveraging the service.

Vulnerable Industrial Control Systems (ICS) continue to plague several manufacturing industries. While Mitsubishi is working on addressing five vulnerabilities affecting its PLCs, Wibu Systems has issued patches for several DoS vulnerabilities impacting its CodeMeter product.

Top Breaches Reported in the Last 24 Hours

ERG suffers a ransomware attack

Italian energy company ERG has disclosed minor disruptions following a ransomware attack on its systems. While the attackers behind the attack are yet to be ascertained, some reports suggest that it is a work of the LockBit 2.0 ransomware group.

Misconfigured Amazon S3 bucket

A misconfigured Amazon S3 bucket belonging to Reindeer has leaked sensitive data of nearly 300,000 individuals. The bucket contained 32GB of data such as full names, dates of birth, profile pictures, email addresses, hashed passwords, and Facebook IDs of users.

Top Malware Reported in the Last 24 Hours

New Prometheus TDS

A new cybercrime service dubbed Prometheus TDS is available for sale on underground platforms for $250 a month. It is designed to distribute malware-laced Word and Excel documents that divert users to phishing and malicious sites. Researchers have observed multiple campaigns leveraging the service to deploy Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

**Top Vulnerabilities Reported in the Last 24 Hours **

Five flaws in Mitsubishi PLCs

Researchers have discovered five vulnerabilities affecting Mitsubishi safety PLCs. These flaws are related to the authentication implementation of the MELSOFT communication protocol. Three of these security issues are tracked as CVE-2021-20594, CVE-2021-20598, and CVE-2021-20597. The patches for these flaws are yet to be released.

Cisco addresses pre-auth vulnerabilities

Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers. These flaws can allow remote attackers to launch DoS attacks or execute arbitrary code on vulnerable devices.

Decade-old bypass flaw

A decade-old authentication bypass flaw, tracked as CVE-2021-20090, could have left millions of business network routers open to malicious attacks. The flaw affects 20 different routers from 17 vendors, including Buffalo, Arcadyan, Verizon, Vodafone, O2, and HughesNet. It can be exploited to conduct MitM attacks. The vendors are taking steps to mitigate the impact of the flaw.

Another faulty ICS

Germany-based Wibu Systems has published advisories to address a couple of serious DoS vulnerabilities affecting its CodeMeter product. The more serious of these is tracked as CVE-2021-20093 and affects the CodeMeter Runtime network server. The flaws have been patched with the release of CodeMeter Runtime version 7.21a.

Vulnerable Online Hotel Reservation System

A cross-site scripting vulnerability has been identified in the Online Hotel Reservation System. The flaw exists due to insufficient sanitization of user-supplied data in the arrival parameter and can be exploited by sending a specially crafted link.

Chrome 92 update

Google has patched 10 vulnerabilities with the release of the Chrome 92 update. Two of these—CVE-2021-30590 and CVE-2021-30592—are high-severity flaws.

Related Threat Briefings