Cyware Daily Threat Intelligence

Daily Threat Briefing • May 4, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 4, 2021
Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. Taking into consideration this potential threat, Apple has issued security patches for WebKit zero-day vulnerabilities that might have been exploited in the wild. The flaws could be abused through specially-crafted web content. Meanwhile, the flaw addressed by Dell is not a zero-day threat but a 12-year-old bug that had left millions of desktops, laptops, notebooks, and tablets at risk.
Newly discovered malware including a new variant of Buer loader and the Pingback malware have also been unearthed in the past 24 hours. While the former is distributed via phishing emails, the latter is propagated through DLL hijacking attacks.
Top Breaches Reported in the Last 24 Hours
Raychat app data leaked
Raychat app has apparently suffered a data breach in which personal data and records of over 150 million users have been leaked online. The leaked data includes full names, IP addresses, email addresses, and Telegram messenger IDs of users.
Glovo breached
Spanish rapid-delivery startup Glovo was hit by a cyberattack last week. The attackers had gained unauthorized access through an old administrator platform.
Scripps Health technology hacked
Scripps Health technology servers were hacked, disrupting the patient portals. As a result, some patients were forced to reschedule their appointments.
Top Malware Reported in the Last 24 Hours
New variant of Buer loader
A new variant of the Buer malware loader is being distributed via phishing emails since early April. The emails purport to be from DHL Support and contain a link to a malicious Microsoft Word or Excel document. Dubbed RustyBuer, the new variant has been distributed to over 200 organizations across 50 verticals. The new strain is written in Rust language and is capable of delivering Cobalt Strike Beacon as a second-stage payload.
New Pingback malware
A new Windows malware called Pingback has been found using DLL hijacking attack to target Microsoft Windows 64-bit systems. The malware takes the advantage of ICMP for its command-and-control activities.
Top Vulnerabilities Reported in the Last 24 Hours
Apple fixes zero-days
Apple has released patches for four WebKit zero-day vulnerabilities that might have been exploited in the wild. The flaws are tracked as CVE-2021-30663, CVE-2021-30665, CVE-2021-30666, and CVE-2021-30661. While three of these flaws have been patched in macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1, the fourth flaw (CVE-2021-30661) has been patched with the release of iOS 12.5.3.
Dell fixes a 12-year-old flaw
Dell has fixed a 12-year-old vulnerability that exposed hundreds of millions of Dell desktops, laptops, notebooks, and tablets to risks. The bug, tracked as CVE-2021-21551, could allow threat actors to access driver functions and execute malicious code with SYSTEM and kernel-level privileges.
HP issues a patch
Hewlett Packard is urging customers to patch Edgeline Infrastructure Manager (EIM) instances that are open to remote authentication bypass attacks. The flaw (CVE-2021-29203) is rated critical and impacts EIM prior to version 1.21.