Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 30, 2021

Zero-day and unpatched vulnerabilities are exploding and so are opportunities for threat actors who are always on the lookout for such security flaws. A new security flaw impacting Microsoft Exchange servers after the recent discovery of ProxyShell vulnerability has raised concerns about unknown attacks that are in the making. Dubbed ProxyToken, the vulnerability can allow remote attackers to bypass authentication and modify Exchange server configurations.

In different news, a new variant of Mirai botnet is exploiting a previously disclosed command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.

Top Breaches Reported in the Last 24 Hours

1 GB data leaked

Around 1 GB of data belonging to sportswear manufacturer Puma has been leaked on the dark web marketplace Marketo. The compromised data include source codes of internal management applications linked to the company’s Product Management Portal.

Bangkok Airways’ data breached

Bangkok Airways has disclosed a ransomware attack that occurred on August 23. The attack was launched by LockBit ransomware operators who later threatened the firm to leak the stolen data. The data stolen includes the names, nationalities, genders, phone numbers, contact information, email addresses, and credit card information of passengers.

Top Malware Reported in the Last 24 Hours

A new variant of Mirai discovered

A new variant of the Mirai botnet is being used in the wild to exploit a known command injection vulnerability affecting WebSVN. The flaw is tracked as CVE-2021-32305 and affects versions prior to 2.6.1. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues guidelines on ChaosDB

Microsoft has issued guidance on securing Azure accounts affected by ChaosDB. The flaw impacts Azure’s Cosmos DB which recently became the cause for the exposure of data of thousands of cloud customers.

New ProxyToken vulnerability

ProxyToken is a newly discovered vulnerability that affects Microsoft Exchange servers. This is the second vulnerability after the ProxyShell vulnerability that is being exploited in the wild. The ProxyToken vulnerability can allow remote attackers to bypass authentication and make changes to an Exchange email server’s backend configuration.

Related Threat Briefings