Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence August 27, 2021 - Featured Image

Daily Threat Briefing Aug 27, 2021

BazaLoader backdoor is back with a new trick**** up its sleeve. The operators behind the malware are sending website owners fake notifications about DDoS attacks in an attempt to deploy the Cobalt Strike Beacon. The tool further enables attackers to deploy the backdoor that delivers other payloads.

Meanwhile, U.S. federal agencies have raised concerns about two major threats looming over organizations. One of them is related to the attacks by the Hive ransomware group and the other is associated with vulnerable Pulse Secure devices.

Amidst the proliferation of ransomware threats, there’s good news for victims affected by Ragnarok ransomware. The gang has called quits and released decryption keys.

Top Breaches Reported in the Last 24 Hours

ChaosDB exposed data

A misconfiguration flaw in Microsoft Azure’s flagship Cosmos DB had exposed the data of thousands of cloud customers. Meanwhile, the tech giant confirmed that there was no evidence of the exploitation of the flaw. The flaw, which existed in a visualization tool Jupyter Notebook, was fixed soon after the company became aware.

Players data exposed

Around 134GB of data containing 365 million records have been accidentally exposed due to an unsecured server. The compromised data belonged to players of fantasy games such as Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok.

Top Malware Reported in the Last 24 Hours

Ragnarok shuts its operation

The Ragnarok ransomware gang has shut down its operations and released a free decryption key for its victims. The gang was known for targeting multiple organizations across France, Estonia, Sri Lanka, Turkey, Thailand, the U.S., Malaysia, Hong Kong, Spain, and Italy.

BazaLoader is back

The attackers behind the BazaLoader malware are scaring website owners with a fake DDoS notification that results in the deployment of the Cobalt Strike tool. The tool further enables attackers to deploy the backdoor that delivers other payloads.

Top Vulnerabilities Reported in the Last 24 Hours

NVIDIA fixes a flaw

NVIDIA has fixed a remote code execution flaw affecting its NVCaffe. The flaw, tracked as CVE-2021-39158, can allow attackers to execute arbitrary code on the targeted system. The flaw has been fixed with the release of the 0.17.3 version of the NVCaffe.

Flaws fixed in elFinder

Five vulnerabilities discovered in elFinder web file manager have been patched with the release of a new version. The flaws are collectively tracked as CVE-2021-32682 and have a CVSS score of 9.8.

Kaseya issues patches

Kaseya has issued a security update to patch server-side zero-day vulnerabilities in Unitrends. The flaws can lead to remote code execution and privilege escalation.

Compromised Pulse Secure devices identified

The CISA has shared details about malicious files discovered on compromised Pulse Secure devices. Some of the flaws targeted include CVE-2021-22893 and CVE-2021-22937. The malware sample identified from compromised devices allowed threat actors to gain remote access to a target system and modify users’ credentials, among others.

Vulnerable Synology products

Synology has revealed that some of its products are affected by the recently disclosed OpenSSL vulnerabilities. The flaws can be abused to launch remote code execution attacks and DoS attacks. Patches for the affected products are yet to be released.

Top Scams Reported in the Last 24 Hours

Scammers impersonate Europol head

Scammers are impersonating the European Union’s law enforcement agencies in an attempt to trick victims into handing over their financial information. The email accuses recipients of multiple criminal charges and threatens to initiate cases against them unless they reply within 72 hours.

Related Threat Briefings