Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 19, 2021

Bandook spyware is still at large. This variant of Bandidos malware is now making headlines for a new espionage campaign linked to a new threat actor group identified as TA2721. The campaign targets Spanish citizens via phishing emails. The infection chain features a PDF containing a URL that leads to an encrypted RAR file that installs Bandook.

The infamous Pegasus spyware has also been spotted in a zero-click attack that impacted over 50,000 smartphones worldwide. This enabled its operators to pilfer sensitive data related to activists, journalists, business executives, and politicians.

Top Breaches Reported in the Last 24 Hours

Comparis affected

Leading Swiss price comparison platform Comparis has disclosed a data breach following a ransomware attack. The company was attacked on July 7, after which it took several proactive measures to contain the attack.

Misconfigured AWS bucket issue

Artwork Archive secured its misconfigured AWS bucket after it became aware of the data leak. The bucket had exposed over 421GB of data containing 200,000 files associated with over 7,000 artists, collectors, and galleries. However, the firm said that there is no evidence of misuse of the data.

Campbell discloses a breach

Campbell Conroy & O'Neil, P.C. (Campbell) disclosed falling victim to a ransomware attack in February. Following the attack, the threat actors had pilfered the personal details of certain individuals.

Saudi Aramco hacked

Threat actors with the online name of ZeroX claimed to have stolen 1TB of sensitive data from Saudi Aramco. The stolen data has been put up for sale on multiple hacking forums. The attack was launched by exploiting a zero-day flaw in the Saudi Aramco infrastructure in 2020.

Top Malware Reported in the Last 24 Hours

Pegasus malware is back

Israel’s NSO Group and its Pegasus malware have been linked to a worldwide espionage campaign that targeted activists, journalists, business executives, and politicians. The spyware has managed to steal data from more than 50,000 smartphones.

Bandook malware spotted again

Bandook has been linked to a new espionage campaign that targets Spanish citizens via phishing emails. The campaign is carried out by a new group identified as TA2721.

Top Vulnerabilities Reported in the Last 24 Hours

Updates on WiFiDemon

Apple is working on a WiFi bug named WiFiDemon that can allow threat actors to infect a device without requiring any user interaction. The patch for the bug is expected to be pushed in the iOS 14.7 update. The flaw can also be exploited to achieve remote code execution on targeted devices.

New Windows Print Spooler flaw

Security researchers have unearthed a new Elevation of Privilege (EoP) bug in Windows Print Spooler after the devastating PrintNightmare vulnerability. Identified as CVE-2021-34481, the flaw exists because the Windows Print Spooler improperly handles privileged file operations.

Related Threat Briefings