Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 12, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 12, 2021
Major security update alert! Kaseya has rolled out patches for VSA vulnerabilities including the zero-day vulnerability that was successfully exploited in the recent REvil ransomware attack. Organizations should duly patch the flaws to prevent further espionage attacks.
Meanwhile, threats in the form of new malware and new attack techniques continue to wreak havoc on organizations and users. An undocumented Python-based backdoor called BIOPASS RAT is being used in a watering hole attack that targets online gaming companies in China. Magecart Group 7 has evolved its attack technique to harvest more payment card details by encoding the malware within command blocks.
Top Breaches Reported in the Last 24 Hours
Mint Mobile discloses a breach
Mint Mobile has disclosed a data breach that exposed subscribers’ account information and ported phone numbers to another carrier. The incident occurred between June 8 and June 10. As a result, the hacker gained unauthorized access to the call history, names, addresses, email addresses, and passwords of a small number of subscribers.
Magecart’s new evasion technique
Magecart hackers have now come up with a new technique to evade detection while harvesting payment card details. They have encoded the malware code within comment blocks and are hiding stolen credit card data in images and other files hosted on the server. The attack is attributed to Magecart group 7 based on tactics, techniques, and procedures.
LinkedIn data on sale
Attackers are selling information from 600 million LinkedIn profiles on a hacker forum. The samples include full names, email addresses, social media accounts, and other user data points.
Bank of Oak Ridge affected
Bank of Oak Ridge, has revealed that an attacker may have viewed banking customer data after hacking into a system. The breach took place between April 26 and 27.
Another data breach reported
Clients of Spreadshirt, Spreadshop, and TeamShirts have been warned of a security breach that resulted in the leak of their details. An attacker gained unauthorized access to the details by hacking into the company’s servers.
Top Malware Reported in the Last 24 Hours
BIOPASS RAT
An undocumented Python-based backdoor called BIOPASS RAT is taking advantage of Open Broadcaster Software (OBS) Studio’s live-streaming app to pilfer the screen of its victims. The malware is being used to target online gambling companies in China via a watering hole attack. The BIOPASS is said to be under active development.
Top Vulnerabilities Reported in the Last 24 Hours
Kaseya releases patches
Kaseya has rolled out urgent updates to address critical vulnerabilities in its VSA servers. These include a patch for the zero-day vulnerability that was exploited in a massive ransomware attack. The vulnerabilities are tracked as CVE-2021-30116, CVE-2021-30117, CVE-2021-30118, CVE-2021-30119, CVE-2021-30120, CVE-2021-30201, and CVE-2021-30121. The firm has shipped VSA version 9.5.7a.
Mitsubishi Electric patches vulnerabilities
Mitsubishi Electric has patched multiple vulnerabilities affecting many of its AC products. One of these includes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection (XXE) attacks. The issue is tracked as CVE-2021-20595 and has a CVSS score of 9.3.