Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 4, 2021

Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. Taking into consideration this potential threat, Apple has issued security patches for WebKit zero-day vulnerabilities that might have been exploited in the wild. The flaws could be abused through specially-crafted web content. Meanwhile, the flaw addressed by Dell is not a zero-day threat but a 12-year-old bug that had left millions of desktops, laptops, notebooks, and tablets at risk.

Newly discovered malware including a new variant of Buer loader and the Pingback malware have also been unearthed in the past 24 hours. While the former is distributed via phishing emails, the latter is propagated through DLL hijacking attacks.

Top Breaches Reported in the Last 24 Hours

Raychat app data leaked

Raychat app has apparently suffered a data breach in which personal data and records of over 150 million users have been leaked online. The leaked data includes full names, IP addresses, email addresses, and Telegram messenger IDs of users.

Glovo breached

Spanish rapid-delivery startup Glovo was hit by a cyberattack last week. The attackers had gained unauthorized access through an old administrator platform.

Scripps Health technology hacked

Scripps Health technology servers were hacked, disrupting the patient portals. As a result, some patients were forced to reschedule their appointments.

Top Malware Reported in the Last 24 Hours

New variant of Buer loader

A new variant of the Buer malware loader is being distributed via phishing emails since early April. The emails purport to be from DHL Support and contain a link to a malicious Microsoft Word or Excel document. Dubbed RustyBuer, the new variant has been distributed to over 200 organizations across 50 verticals. The new strain is written in Rust language and is capable of delivering Cobalt Strike Beacon as a second-stage payload.

New Pingback malware

A new Windows malware called Pingback has been found using DLL hijacking attack to target Microsoft Windows 64-bit systems. The malware takes the advantage of ICMP for its command-and-control activities.

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes zero-days

Apple has released patches for four WebKit zero-day vulnerabilities that might have been exploited in the wild. The flaws are tracked as CVE-2021-30663, CVE-2021-30665, CVE-2021-30666, and CVE-2021-30661. While three of these flaws have been patched in macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1, the fourth flaw (CVE-2021-30661) has been patched with the release of iOS 12.5.3.

Dell fixes a 12-year-old flaw

Dell has fixed a 12-year-old vulnerability that exposed hundreds of millions of Dell desktops, laptops, notebooks, and tablets to risks. The bug, tracked as CVE-2021-21551, could allow threat actors to access driver functions and execute malicious code with SYSTEM and kernel-level privileges.

HP issues a patch

Hewlett Packard is urging customers to patch Edgeline Infrastructure Manager (EIM) instances that are open to remote authentication bypass attacks. The flaw (CVE-2021-29203) is rated critical and impacts EIM prior to version 1.21.

Related Threat Briefings