Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence June 30, 2021 - Featured Image

Daily Threat Briefing Jun 30, 2021

Sigh of relief for victims affected by Lorenz ransomware. A decryption tool that can enable them to decrypt their files without paying a ransom is now available for free to the public. The ransomware uses a blend of RSA and AES-128 algorithms to encrypt files on a compromised device.

However, there are some new threats as well. A zero-day vulnerability in Adobe Experience Manager (AEM) can be a matter of concern for several large companies if patches are not applied in time. Identified as an authentication bypass flaw, it can enable attackers to conduct remote code execution attacks on the CRX Package Manager. In other news, a version of PJobRAT is being used in an ongoing attack campaign to pilfer contact details, SMSes, and GPS locations of individuals.

Top Breaches Reported in the Last 24 Hours

UofL Health notifies patients

A healthcare system located in Kentucky, UofL Health, is notifying more than 40,000 patients about a data breach that affected their PHI. The incident occurred after the healthcare system erroneously sent sensitive data to an email address outside it’s network.

Denmark’s Nationalbank compromised

Russian-linked Nobelium APT group compromised Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The attack is the result of the SolarWinds supply chain attack that occurred last year.

New updates on WD data loss

Reports suggest that threat actors abused a zero-day vulnerability in Western Digital My Book Live NAS devices to perform a mass-factory reset, leading to loss of data. The vulnerability is tracked as CVE-2018-18472 and has not been fixed since.

Top Malware Reported in the Last 24 Hours

PJobRAT spyware

An ongoing malware campaign, active since January 2021, is leveraging famous dating and instant messaging apps to distribute a version of PJobRAT spyware. The campaign is targeted against Indian military personnel. The data collected by the spyware includes contacts, SMSes, and GPS location of individuals.

Decryption key for Lorenz ransomware

A decryption tool available for free publicly can help victims recover their files encrypted by Lorenz ransomware. The ransomware uses a blend of RSA and AES-128 algorithms to encrypt files on a compromised device.

Top Vulnerabilities Reported in the Last 24 Hours

Bypass flaw in Adobe patched

An authentication bypass flaw found in Adobe Experience Manager (AEM) was found impacting multiple large organizations using CRX Package Manager. The flaw can be abused by attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution attacks.

Related Threat Briefings