Cyware Daily Threat Intelligence

Daily Threat Briefing • May 11, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 11, 2021
With a greater number of financial services going online, malicious cyber actors are finding ways to exploit such online services for financial gains. Researchers discovered a new Android banking trojan, dubbed TeaBot, targeting customers of banks in Spain, Germany, Italy, Belgium, and the Netherlands.
In the past 24 hours, we also saw reports of cyberattacks resulting in data exposure at the University of California and manufacturing firm Yamabiko. Meanwhile, the FBI and ACSC warned of a dangerous attack campaign leveraging the Avaddon ransomware to target organizations across various sectors.
Top Breaches Reported in the Last 24 Hours
University of California breached
The University of California (UC) confirmed that the personal information of employees and students was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. The attack took place in late December 2020 after a critical vulnerability was identified in the file sharing service.
Babuk targets Yamabiko
The Babuk ransomware group allegedly hacked into Yamabiko, a Japanese manufacturer of power tools and agricultural and industrial machinery. The Russian-speaking threat actors claimed to have stolen a total of 0.5TB of data including Personally Identifiable Information (PII) on employees, product schematics, and financial data, among others.
Top Malware Reported in the Last 24 Hours
TeaBot trojan emerges
A new Android banking trojan, dubbed TeaBot, was reported targeting customers of banks in Spain, Germany, Italy, Belgium, and the Netherlands. The malware steals user credentials and SMS messages to enable fraudulent activities against victims.
FBI warns against Avaddon
The FBI and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from manufacturing, healthcare, government, and other sectors. The ACSC said that Avaddon threat actors, in addition to encrypting victims’ data, are threatening to launch DDoS attacks to pressurize victims into paying ransoms.
Top Vulnerabilities Reported in the Last 24 Hours
APTs aim at Exchange servers
Researchers at ESET reported that a set of Microsoft Exchange vulnerabilities tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 were exploited by at least 10 APT groups. Besides Hafnium, other APTs exploiting the so-called ProxyLogon flaws include Tick, LuckyMouse, Calypso, Websiic, and Winnti Group, among others.
Flaw in Universal Turing Machine
A Swedish computer science professor discovered an arbitrary code execution vulnerability in the Universal Turing Machine. While a proof-of-concept code was published for the same, the vulnerability is not expected to have any real-world implications.