Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 6, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 6, 2021
The infamous Lazarus has sprung back to life with a new attack campaign. The adversary group is targeting applicants and employees seeking jobs in engineering companies across the U.S. and Europe. This new development is touted to be a part of the continued attack campaign targeting defense contractors.
While attack campaigns continue to loom over organizations, do not forget to address the vulnerabilities to stay safe. In this aspect, QNAP and SonicWall have issued security patches for vulnerabilities found in their HBS 3 Hybrid Backup Sync and Network Security Manager (NSM) products.
Top Breaches Reported in the Last 24 Hours
Engineering employees targeted
A new attack campaign that targets job applicants and employees across the U.S. and Europe has been attributed to the Lazarus threat actor group. The campaign is carried out via phishing emails that lure victims with job opportunities at Boeing and BAE systems. Moreover, the APT gang has attempted to create documents that impersonate new defense contractors and engineering companies such as Airbus, General Motors (GM), and Rheinmetall.
Formula 1 app hijacked
Users of Android and iOS versions of the Formula 1 racing app received an unexpected notification on the Austrian Grand Prix after a hacker hijacked the app. The company is continuing to investigate, review, and improve safety measures.
Massive cryptomining scheme
Researchers exposed a global cryptojacking scheme that targeted over 1,300 organizations. The main targets of the attack included organizations in the health, tourism, media, and education sectors. The attacks were mostly launched in the U.S., Vietnam, and India.
Top Vulnerabilities Reported in the Last 24 Hours
Flawed SonicWall NSM product
A critical command injection vulnerability affecting SonicWall’s Network Security Manager (NSM) product has been patched recently. Tracked as CVE-2021-20026, the flaw can allow attackers to execute malicious commands on the operating system with root privileges. The flaw impacts the versions prior to 2.2.0-R10 of the SonicWall NSM product.
QNAP fixes a critical bug
NAS maker QNAP has addressed a critical security issue that could have enabled attackers to compromise NAS devices. Tracked as CVE-2021-28809, the improper access control vulnerability exists in HBS 3 Hybrid Backup Sync. Attackers can abuse the flaw to gain access to system resources, escalate privileges, execute commands remotely, and read sensitive information without authorization.
GitLab releases a new version
GitLab has resolved several vulnerabilities by releasing an updated version of its software platform. The issues addressed include a CSRF vulnerability and a DoS vulnerability.
**Flaw in OWASP project **
A flaw tracked as CVE-2021-35368 was present in the OWASP ModSecurity Core Rule Set project for many years. The flaw that could have enabled attackers to bypass the security mechanism has been fixed with a new version.