Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 17, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 17, 2021
IoT inspectors are sounding the alarm on recently discovered vulnerabilities that affect millions of IoT devices. In one incident, IP cameras, routers, Wi-Fi repeaters, and residential gateways manufactured by around 65 vendors are at risk of DDoS attacks due to three serious vulnerabilities in Realtek 8xxx chips. In a different instance, more than 83 million IoT security cameras can let attackers silently spy on users due to a critical remote code execution flaw in Kalay protocol. Upgrading to the latest versions is highly recommended to protect devices and networks from attacks.
Besides the rising IoT security threats, security researchers have noticed a spike in malware attacks. Some of the prominent attack campaigns observed in the last 24 hours were designed to deploy a new version of Neurevt and FluBot Android trojan.
Top Breaches Reported in the Last 24 Hours
Memorial Health System affected
Memorial Health System in Ohio was hit by Hive ransomware that disrupted patient care services. However, the healthcare system confirmed that no patient or employee data was compromised in the attack. The firm has implemented extensive security protocols to restore its impacted systems.
An accidental data expose
An unprotected Elasticsearch database belonging to a secret terrorist watchlist had exposed 1.9 million records that include sensitive data related to airlines and multiple agencies. The affected agencies are the Department of State, Department of Defense, Transportation Security Authority, and Customs and Border Protection. The database was exposed for around three weeks before it was taken down on August 9.
Brazilian Ministry attacked
The Brazilian Ministry of Economy disclosed a ransomware attack that occurred last week. The government took necessary security measures to contain the attack.
JP Morgan Chase Bank leaked data
JP Morgan Chase had accidentally leaked customer banking information due to a technical flaw in its website and app. The leaked data included transaction lists, names, and account numbers of customers. The data was left exposed for around a month before it was fixed on July 14.
Top Malware Reported in the Last 24 Hours
New version of Neurevt trojan spotted
A new version of the Neurevt trojan with spyware and backdoor capabilities has been spotted. The version of the trojan targets users in Mexican financial institutions.
Surge in FluBot
FluBot Android malware has expanded its activity to target users associated with Polish and German banks. The malware is distributed via text messages containing fake links.
New TrickBot attack
A new TrickBot attack deploys a fake 1Password manager designed to infect a victim’s computer and collect data. Furthermore, the fake installer deploys Cobalt Strike to harvest information about multiple systems in the network.
**Top Vulnerabilities Reported in the Last 24 Hours **
Linux glibc flaw
A previously patched vulnerability in the Linux GNU C Library (glibc) has led to a new security vulnerability tracked as CVE-2021-38604. The flaw has a CVSS score of 7.5 and can trigger DDoS attacks on the application using the library.
Serious flaws in Realtek chips
Around 65 vendors using Realtek chips are impacted by serious vulnerabilities that can allow attackers to gain complete access to the device. The flaws tracked as CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, and CVE-2021-35395, affect several versions using Realtek RTL8xxx chips. Realtek has issued patches for the vulnerabilities.
Security cameras at risk
More than 83 million security cameras using the Kalay network are at risk following the discovery of a critical vulnerability CVE-2021-28372. The flaw can be exploited to watch and listen to live feeds, as well as compromise credentials. Upgrading to the latest version of the Kalay protocol is highly recommended to protect devices and networks from attacks.
XSS bug in SEO plugin
A cross-site scripting flaw in the SEOPress WordPress plugin could allow attackers to inject arbitrary code into websites. The bug (CVE-2021-34641) stems from the inappropriate security applied to the REST-API endpoint.
Fortinet issues a patch
Fortinet has issued security updates for a command injection vulnerability affecting its Web Application Firewall (WAF). It can let attackers take complete control of servers running the vulnerable WAF.