Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 13, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 13, 2021
A phishing campaign that went undetected for almost a year found a unique solution to hide malicious URLs. The attackers turned them into Morse code. That’s right, the 1800’s most popular form of telecommunication was used to convert the plaintext HTML file to bypass email filter systems. This ultimately enabled threat actors to harvest credentials from victims.
The plague of RATs continues to terrify organizations across the globe. In the last 24 hours, researchers have spotted two sophisticated attack campaigns that distributed ServHelper and Warzone RATs. While the former was used in a campaign associated with the TA505 threat actor group, the latter is linked to the Aggah attackers.
Top Malware Reported in the Last 24 Hours
ServHelper RAT returns
The TA505 threat actor group has been spotted in a new attack campaign that uses multiple tools and techniques to install ServHelper RAT on compromised systems. Some of the tactics include the use of variants of Amadey and Raccoon stealer. The ServHelper malware comes with multiple functionalities such as logging keystrokes, exfiltrating users’ confidential data, launching RDP sessions, and installing cryptomining software.
Warzone RAT spotted
The Pakistan-linked Aggah threat actor group is using compromised WordPress sites as a channel to deliver Warzone RAT to manufacturing companies in Taiwan and South Korea. The campaign, which began in early July, uses spoofed email addresses that appear to be from legitimate customers of the manufacturers.
**Top Vulnerabilities Reported in the Last 24 Hours **
Siemens and Schneider Electric address flaws
Siemens and Schneider Electric have released 18 advisories to address more than 50 vulnerabilities affecting their products. Siemens has issued patches for a total of 32 vulnerabilities, one of them being for a group of DNS vulnerabilities dubbed ‘NAME:WRECK’. Meanwhile, Schneider Electric has patched eight advisories for a total of 25 vulnerabilities.
Voltage glitching attack
A newly discovered voltage glitching attack on AMD’s Secure Encrypted Virtualization technology can lead to loss of confidential data in cloud environments. The attack can be launched by manipulating the input voltage to AMD chips.
Trend Micro confirms Zero-day attacks
Security vendor Trend Micro has issued a warning about in-the-wild zero-day attacks that target customers using Apex One and Apex One as a Service. The flaws are tracked as CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, and CVE-2021-36742. Trend Micro has rolled out patches for the critical vulnerabilities in question.
PrintNightmare vulnerability exploited
Another ransomware group named Vice Society has been found actively exploiting PrintNightmare vulnerabilities (CVE-2021-1675 and CVE-2021-34527) in Windows Print Spooler. The attackers are deploying a malicious Dynamic Link Library (DLL) to exploit the vulnerabilities.
Top Scams Reported in the Last 24 Hours
QR code scam
The Better Business Bureau is warning users about QR code scams that can empty their bank accounts. Several instances where users lost amounts in Bitcoin as well have been reported lately. The users are urged to check for the QR codes in public places thoroughly before scanning them.