Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 21, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 21, 2021
Threat actors, who are never at rest, are constantly giving security experts a run for their money. In a new cyberespionage campaign discovered recently, Sload aka Starslord loader has been found targeting users in Europe. This time, the attackers are using malicious VBS and PowerShell scripts to drop the loader which subsequently deploys Ramnit and Trickbot as the final payload.
Misconfigured databases drew major flak for the U.S. supermarket chain Wegmans Food Markets as this resulted in the exposure of customer details. The databases contained names, addresses, phone numbers, birth dates, and Shoppers Club numbers of customers.
Top Breaches Reported in the Last 24 Hours
Wegmans affected in a data breach
U.S. supermarket chain Wegmans Food Markets has suffered a data breach that occurred due to misconfigured databases. The databases included customer details such as their names, addresses, phone numbers, birth dates, and Shoppers Club numbers. However, the passwords are safe as they were hashed and salted.
KAERI confirms about an attack
The South Korean Atomic Energy Research Institute (KAERI) has confirmed a cyberattack from the Kimsuky threat actor group. The adversary had exploited a vulnerability in the VPN system used within the research institute’s environment to enter into the network.
Top Malware Reported in the Last 24 Hours
Starslord loader is back
Sload, or Starslord loader, has been spotted in a new cyberespionage campaign targeting users in Europe. This time, the attackers are using VBS and PowerShell scripts instead of relying on malicious documents to gain an initial foothold. The final payload of the downloader includes Ramnit and Trickbot trojans.
Top Vulnerabilities Reported in the Last 24 Hours
New iPhone bug
A new bug discovered in iPhone’s wireless functionality can be exploited to join a nearby hotspot with an unusual name, after which the wireless functionality of the device gets disabled. The flaw has been successfully on iPhone XS, running iOS version 14.4.2.
Vulnerable Cisco switches
Researchers have identified multiple vulnerabilities in Cisco’s Small Business 220 series smart switches. Attackers can abuse one of these flaws (CVE-2021-1542) to hijack a user’s session and gain access to the switch’s web interface. It is rated high severity.
https://www.securityweek.com/researcher-finds-several-vulnerabilities-cisco-small-business-switches
Top Scams Reported in the Last 24 Hours
Beware of Amazon Prime Day scams
Security experts have warned online shoppers about Amazon Prime Day scams that are underway. These scams are carried out via emails and text messages, where the cybercriminals lure consumers into entering their details into fake websites. These messages include fake deals or prize offering to encourage recipients into clicking malicious links.