Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 6, 2021

Cybercriminals are no different than the rest of us when it comes to committing mistakes. In a major snafu, operators of Raccoon Stealer forgot to secure their Elasticsearch servers that caused the leak of hundreds of thousands of stolen passwords and authentication cookies. The server was used to collect data from users infected with version 1.7.2 of the malware. While the incident highlights the security lapse of threat actors, the leak raises concern over the misuse of data.

Talking about other threats, researchers have disclosed a new high-severity vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips that affect nearly 40% of mobile phones. The flaw could enable attackers to access text messages, call history, and private conversations of users.

Top Breaches Reported in the Last 24 Hours

NSW Labor Party office hacked

Avaddon ransomware gang has threatened to release sensitive information of the NSW Labor Party after gaining access to their computer network in a major cyberattack. The trove of data includes images of passports, driver’s licenses, and employment contracts. Meanwhile, the organization has launched a full investigation into the matter.

Peloton leaks data

Equipment maker Peloton may have leaked sensitive information of customers following several issues in its APIs. The flaws resulted in information leaks even for users in privacy mode. The vulnerabilities were largely fixed soon after the firm was made aware of them.

Ransomware attack neutralized

Sophos has managed to neutralize an active ransomware attack on a biomolecular facility in Europe. The attack was launched through a cracked version of a data visualization software tool.

Misconfigured Elasticsearch

In a major snafu, RaccoonStealer malware operators forgot to secure their Elasticsearch servers that caused the leak of hundreds of thousands of stolen passwords and millions of authentication cookies. The server was collecting data from users infected with version 1.7.2 of the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Anti-Spam plugin

An SQL injection vulnerability discovered in a WordPress plugin called ‘Spam protection, AntiSpam, FireWall by CleanTalk’ could expose user emails, passwords, credit card data, and other sensitive information to attackers. The flaw, tracked as CVE-2021-24295, arises due to how it performs the filtering of user queries.

VMware releases updates

VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers. Tracked as CVE-2021-21984, the flaw impacts the software prior to version 7.6.0.

Qualcomm vulnerability

A high-severity vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips could enable attackers to access text messages, call history, and private conversations of users. The flaw is tracked as CVE-2020-11292 and affects roughly 40% of mobile phones.

Cisco fixes security flaws

Cisco has fixed critical security flaws in SD-WAN vManage and HyperFlex HX software that could enable remote attackers to execute commands as root or create admin accounts. The company has also claimed that it’s not aware of the active exploitation of these vulnerabilities in the wild.

Related Threat Briefings