Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 29, 2021 - Featured Image

Daily Threat Briefing Jun 29, 2021

Looks like virtual machines are the new gold for ransomware attackers. One of the most infamous ransomware named REvil aka Sodinokibi has been found using a Linux encryptor to target and encrypt VMware ESXi virtual machines.

Aviation companies are the latest target of cybercriminals aiming to steal credentials and other sensitive data. Researchers have uncovered that such companies are being targeted in a widespread spear-phishing campaign that distributes AsyncRAT. Meanwhile, the digital skimmer threat landscape continues to evolve as details about a skimmer malware called Lil’ Skim resurface.

Top Breaches Reported in the Last 24 Hours

LinkedIn data leaked

Data for 700 million LinkedIn users have been leaked on RaidForums dark marketplace. This is the work of a hacker who goes with the online name ‘GOD User TomLiner’. The hacker claims to have posted the records that include full names, gender, email addresses, phone numbers, and industry information. According to LinkedIn, no breach of its networks has occurred this time. However, the investigation is ongoing.

Top Malware Reported in the Last 24 Hours

Linux version of REvil detected

Researchers have discovered a Linux version of the REvil ransomware that targets VMware ESXi virtual machines. This new addition is a part of its evasion tactic. The new variant is in the form of an ELF64 executable with configuration options similar to those utilized by other common Windows executables.

AsyncRAT spotted

A new spear-phishing campaign that targets aviation companies is using a malicious link to distribute AsyncRAT. The email pretends to be from the federal aviation authority and uses a spoofed sender address that matches with a ‘foreign operators affairs’ email address. The content is carefully crafted to create a sense of urgency among the recipients.

Lil’ Skim malware

A skimmer malware named Lil’ Skim has been identified on a number of compromised websites that impersonate Google. The skimmer has been around for a year and was used for stealing credit card data.

Top Vulnerabilities Reported in the Last 24 Hours

PoC for Windows Print Spooler leaked

The PoC for a vulnerability in the Windows Print Spooler service that can allow a total compromise of Windows systems has been accidentally leaked. Tracked as CVE-2021-1675, the flaw was patched in the Microsoft June 2021 Patch Tuesday security updates. It is a remote code execution issue.

Phoenix Contact issues fixes

Germany-based Phoenix Contact has issued fixes for 10 vulnerabilities identified across several of its products. Some of the affected products include Phoenix Contact’s TC router, FL MGUARD modules, ILC 2050 BI building controllers, and PLCNext. The vendor has addressed some of these issues with firmware updates, and in some cases, it has provided mitigation measures.

Unpatched vulnerability reported

An unpatched vulnerability in Google’s Compute Engine platform can be abused to take over virtual machines on cloud networks. This is done by impersonating the metadata server from the targeted virtual machine’s point of view. The issue was first reported in September 2020, but the patch has not been released yet.

Related Threat Briefings