Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 23, 2021 - Featured Image

Daily Threat Briefing Jun 23, 2021

A major blow for law enforcement authorities as the Cl0p ransomware gang is back in business to haunt organizations! A week after the announcement of several members’ arrest by the Ukrainian authorities, the gang has made headlines by listing new victims on their data leak site again.

In other news, patches for serious one-year-old flaws discovered in SonicWall VPNs and Internet Message Access Protocol (IMAP) have been issued recently. These flaws left unpatched for a long time, could have allowed attackers to perform arbitrary code execution attacks and snoop users’ messages respectively.

Top Breaches Reported in the Last 24 Hours

City of Tulsa impacted

Officials disclosed that the City of Tulsa was hit by a ransomware attack in May. Following the attack, the attackers have posted more than 18,000 stolen files, including police citations and internal department files on the dark web. These files included names, dates of birth, addresses, and driver’s license numbers.

Cl0p ransomware releases a new list

Cl0p ransomware gang is back in action after laying low for one week. In its latest act, the gang has published the list of new victims along with their data on its data leak site. The circumstance suggests that the people arrested by the police in the name of the Cl0p ransomware gang were not members of the core team.

Top Malware Reported in the Last 24 Hours

Microsoft tracks BazarCall malware

Microsoft has traced a phishing campaign that distributes BazarCall malware. The campaign uses emails that lure recipients to call on a number to cancel their subscription to a certain service. Once recipients call the number, they are instructed to visit a website and download an Excel file (which contains the BazarCall downloader) in order to cancel the service.

New Ever101 ransomware

A newly discovered Ever101 ransomware has been spotted targeting Israeli companies. When encrypting files, the ransomware appends .ever101 extension and later drops a ransom note named !=READMY=!.txt.

Top Vulnerabilities Reported in the Last 24 Hours

Palo Alto Networks issues patches

Palo Alto Networks has issued a security patch for a critical vulnerability affecting the company’s Cortex XSOAR. Tracked as CVE-2021-3044, the flaw is rated 9.8 on the CVSS scale and arises due to an improper authorization issue. It can enable attackers with network access to perform unauthorized actions through the REST API.

Zephyr Bluetooth flaws

Multiple flaws found in Zephyr’s Bluetooth LE stack have been patched recently. Six of these flaws can be exploited to cause denial of service conditions. These flaws can be abused by sending malformed input that would cause the device to freeze, or gain access to sensitive data. The flaws have been addressed with the release of Zephyr 2.6.0.

NVIDIA in the process of fixing flaws

NVIDIA is patching nine high-level vulnerabilities in the Jetson SoC framework that affects millions of graphics cards. These flaws can allow hackers to perform DoS attacks and data theft. Some of the affected products include Jetson Nano 2GB, Xavier NX/TX1, AGX Xavier, Jetson TX2, and Jetson TX2 NX.

A year-old-flaw patched

A year-old-flaw that could have allowed attackers to bypass TLS email protections to snoop on messages, has been patched. The flaw, tracked as CVE-2021-33515, is centered around the implementation of the email instruction called START-TLS.

Another old vulnerability patched

A critical SonicWall vulnerability disclosed last year, has also been patched. Identified as a stack-based buffer overflow vulnerability (CVE-2020-5135), the issue affects over 800,000 SonicWall VPN devices.

Related Threat Briefings