Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 26, 2021 - Featured Image

Daily Threat Briefing Aug 26, 2021

It’s raining security updates. Various organizations are on a spree to address critical to medium severity flaws that can be exploited by attackers to take control of affected systems. Cisco, F5, and VMware among others, have rolled out security patches for over 30 flaws that impacted their multiple products.

Unfortunately, the state of malware attacks looks grim as two new malware come to light in the last 24 hours. One of them is the new Sardonic backdoor malware that has found a place in FIN8’s arsenal and the other is the VIPSpace malware that is distributed via Discord.

Top Breaches Reported in the Last 24 Hours

Eskenazi Health confirms attack

Eskenazi Health has confirmed that it suffered a ransomware attack on August 4. As a result, threat actors exfiltrated patient data and leaked the stolen data on the internet. The organization took several preventive measures to contain the spread of the attack.

Ransomware attack on eye clinic

A ransomware attack on Eye & Retina Surgeons clinic has affected the personal and clinical information of nearly 73,500 patients. However, the firm confirmed that no credit card or bank account information was accessed in the attack.

Atlanta Allergy & Asthma affected

Atlanta Allergy & Asthma (AAA) is notifying over 9000 patients about a data breach that occurred in January. The affected data included full names, birth dates, Social Security numbers, treatment information, and financial account information of patients.

ULA data leak incident

Six internal emails belonging to senior officials of United Launch Alliance (ULA) have been leaked on a popular hacker forum. Investigation regarding the leak of the email is ongoing.

Top Malware Reported in the Last 24 Hours

VIPSpace.exe traced in the wild

A new malware tracked as VIPSpace.exe is being distributed in the wild through the Discord channel. The malware uses DLL side-loading attack to evade detection. Moreover, the malware’s authors have implemented a multithreaded downloading algorithm in order to speed up the infection process.

New Sardonic backdoor

FIN8 threat actor group has added a new backdoor named Sardonic to its arsenal. The malware appears to be in development mode. Written in C++, the Sardonic backdoor can allow its operators to collect system information, execute arbitrary commands, and load and execute additional plugins.

Top Vulnerabilities Reported in the Last 24 Hours

Ethereum’s flaw fixed

A chain-split vulnerability found in the Ethereum protocol has been fixed recently. The flaw is tracked as CVE-2021-39137 and can cause corruption in blockchain services and lead to massive outages.

Atlassian patches a critical flaw

Atlassian has issued a security patch for a critical code execution vulnerability affecting its Confluence product. The flaw is tracked as CVE-2021-26084 and has a CVSS score of 9.8. It can be exploited by an attacker to execute arbitrary code on Confluence Server and Data Center instances.

Cisco releases patches

Cisco has addressed a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) interface. The flaw, identified as CVE-2021-1577, exists due to improper access control and could have allowed threat actors to upload malicious files onto the affected device.

F5 fixes 35 flaws

F5 has fixed 35 security vulnerabilities that impact its multiple products. Thirteen of these flaws are high-severity vulnerabilities, 15 are rated medium and 7 are rated low. The affected products include BIG-IP Advanced Web Application Firewall (WAF) and Web Application Firewall (ASM) Traffic Management User Interface (TMUI).

VMware issues patches

VMware has shipped security updates for six vulnerabilities that affected its multiple products. These flaws could be exploited to take control of affected products. The affected products include VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

Related Threat Briefings