Cyware Daily Threat Intelligence

Daily Threat Briefing • May 6, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 6, 2021
Cybercriminals are no different than the rest of us when it comes to committing mistakes. In a major snafu, operators of Raccoon Stealer forgot to secure their Elasticsearch servers that caused the leak of hundreds of thousands of stolen passwords and authentication cookies. The server was used to collect data from users infected with version 1.7.2 of the malware. While the incident highlights the security lapse of threat actors, the leak raises concern over the misuse of data.
Talking about other threats, researchers have disclosed a new high-severity vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips that affect nearly 40% of mobile phones. The flaw could enable attackers to access text messages, call history, and private conversations of users.
Top Breaches Reported in the Last 24 Hours
NSW Labor Party office hacked
Avaddon ransomware gang has threatened to release sensitive information of the NSW Labor Party after gaining access to their computer network in a major cyberattack. The trove of data includes images of passports, driver’s licenses, and employment contracts. Meanwhile, the organization has launched a full investigation into the matter.
Peloton leaks data
Equipment maker Peloton may have leaked sensitive information of customers following several issues in its APIs. The flaws resulted in information leaks even for users in privacy mode. The vulnerabilities were largely fixed soon after the firm was made aware of them.
Ransomware attack neutralized
Sophos has managed to neutralize an active ransomware attack on a biomolecular facility in Europe. The attack was launched through a cracked version of a data visualization software tool.
Misconfigured Elasticsearch
In a major snafu, RaccoonStealer malware operators forgot to secure their Elasticsearch servers that caused the leak of hundreds of thousands of stolen passwords and millions of authentication cookies. The server was collecting data from users infected with version 1.7.2 of the malware.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Anti-Spam plugin
An SQL injection vulnerability discovered in a WordPress plugin called ‘Spam protection, AntiSpam, FireWall by CleanTalk’ could expose user emails, passwords, credit card data, and other sensitive information to attackers. The flaw, tracked as CVE-2021-24295, arises due to how it performs the filtering of user queries.
VMware releases updates
VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers. Tracked as CVE-2021-21984, the flaw impacts the software prior to version 7.6.0.
Qualcomm vulnerability
A high-severity vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips could enable attackers to access text messages, call history, and private conversations of users. The flaw is tracked as CVE-2020-11292 and affects roughly 40% of mobile phones.
Cisco fixes security flaws
Cisco has fixed critical security flaws in SD-WAN vManage and HyperFlex HX software that could enable remote attackers to execute commands as root or create admin accounts. The company has also claimed that it’s not aware of the active exploitation of these vulnerabilities in the wild.