Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 12, 2021

TrickBot’s sibling, BazarBackdoor, has already begun its foray into the threat landscape. It was only yesterday that the malware downloader was in the news for its new obfuscation technique capabilities. Now, a new email phishing attack that disseminates BazarBackdoor has come to the light.

In other developments, the Avaddon ransomware gang is back in action after fixing a flaw that could have let their victims decrypt the files. Also, Lampion trojan has made a comeback with a new set of targets located in Portugal.

Top Breaches Reported in the Last 24 Hours

PrivatBank’s database on sale

A database belonging to Ukraine’s PrivatBank is being offered for sale on a popular hacking forum. It contains 40 million records that include full names, dates of birth, places of birth, passport details, and phone numbers of customers.

Vastaamo affected

Finnish therapy psychotherapy practice firm, Vastaamo, has declared bankruptcy after falling victim to a horrific security breach. The problem first began in 2018, when the firm discovered that a database of customer details and notes had been accessed by hackers.

Top Malware Reported in the Last 24 Hours

Lampion trojan returns

A new version of Lampion trojan is being used in the wild to target users in Portugal. Threat actors are leveraging the ongoing vaccination process as a channel to disseminate the trojan. It is carried out via a phishing email that includes a link impersonating ‘min-saude.pt’.

BazarBackdoor in new attack

Several people have received emails that pretend to confirm hefty orders from Ajour Lingerie and Rose World. These emails are actually part of a spear-phishing attack, which ultimately causes the download of the BazarBackdoor malware.

Avaddon ransomware fixes a flaw

The Avaddon ransomware gang has fixed a flaw that lets victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. The ransomware uses the AES256 algorithm to encrypt victims’ files.

Top Vulnerabilities Reported in the Last 24 Hours

Faulty Responsive Menu plugin

Three vulnerabilities found in the Responsive Menu WordPress plugin can lead to a site takeover, installation of backdoor, spam injections, malicious redirects, and other malicious activities. As the issues impact the versions from 4.0.0 to 4.0.3, users are advised to update to version 4.0.4.

Thirty vulnerable mHealth apps

Around 30 popular mHealth apps are vulnerable to API attacks that can allow unauthorized access to full patient records, including protected health information. While 77% of the apps contain hardcoded API keys, some of which don’t expire, 7% contain hardcoded usernames and passwords.

SQL injection flaw addressed

A severe unauthenticated SQL injection vulnerability has been patched by developers of Evolution CMS. This security flaw was caused by how the application processes SQL queries. If a user was to send crafted data, the query could be modified before landing in an Evolution database.

PayPal fixes an XSS flaw

PayPal has resolved a reflected cross-site scripting (XSS) vulnerability found in the currency converter feature of user wallets. The bug arose due to improper sanitization of user input.

Zero-day flaw receives a micropatch

A zero-day vulnerability in Internet Explorer 11, which is being exploited in the wild, has received an unofficial micropatch. Last month, the North Korean state-sponsored hacking group Lazarus had abused the flaw to target security researchers.

Microsoft fixes a 12-year-old flaw

Microsoft has also fixed a 12-year-old privilege escalation vulnerability in Windows Defender. The flaw could allow attackers to gain admin rights on unpatched Windows systems. The flaw is tracked as CVE-2021-24092 and impacts Windows Defender versions going back as far as 2009.

Related Threat Briefings