Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 13, 2021

Data breaches have become an all too common threat recently. Ransomware gangs are jumping on the extortion wagon and terrorizing victims. Volue became the latest victim of Ryuk ransomware. In malware news, a new crypter-as-a-service has been spotted by researchers targeting aviation and travel sectors.

The past 24 hours also brought us the news of a fresh scam related to COVID-19 vaccination cards. Fraudsters are leveraging Telegram channels to peddle fake COVID-19 vax cards. Meanwhile, scores of fake trading, cryptocurrency, and exchange apps were found defrauding both iOS and Android users.

Top Breaches Reported in the Last 24 Hours

Ryuk attacks Volue

Volue, a green energy solutions provider based in Norway, was attacked by Ryuk ransomware on May 5. Although the attack targeted Powel domain systems, no evidence of data exfiltration has been discovered yet.

Manchester City Council exposes personal info

The Manchester City Council exposed the number plates of more than 60,000 cars online. These cars were slapped with parking tickets from April to July 2020.

Top Malware Reported in the Last 24 Hours

Fake Android, iOS trading apps

Researchers spotted hundreds of malicious banking, trading, cryptocurrency, and foreign exchange apps to steal from victims. These Android and iOS apps contain bogus software designed to mimic trusted and legitimate brands, such as Kraken, Binance, Gemini, Barclays, and TDBank.

New CaaS discovered

Threat actors are leveraging a new Crypter-as-a-Service (CaaS), dubbed Snip3, to deploy Agent Tesla, Revenge RAT, NetWire RAT, and AsyncRAT on compromised systems. This crypter is part of an ongoing spear-phishing campaign targeting cargo, airline, and travel industries.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes critical flaws

Four critical bugs—CVE-2021-26419, CVE-2021-31166, CVE-2021-31194, and CVE-2021-28476—were fixed by Microsoft. These new flaws affect Hyper-V, Windows 10, Windows Server, and Internet Explorer, and pose risk to data and infrastructure.

Vulnerabilities in SAP app

Cybercriminals are actively abusing six cybersecurity flaws—CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, and CVE-2010-5326—in mission-critical SAP applications. The exploitation of these vulnerabilities can lead to financial fraud, theft of sensitive information, and ransomware attacks.

Top Scams Reported in the Last 24 Hours

Fake vaccination card scam

Fraudsters are exploiting Telegram groups to hawk fake COVID-19 vaccination cards to the anti-vaxxer and unvaccinated communities. Experts surmise that while the cards are forged, the data is real. Fraudsters are probably drawing names and vaccine batch numbers from people who have posted their vax card details on social media.

New support scam

MetaMask wallet and Trust Wallet users are being hounded by an aggressive Twitter scam attempting to steal crypto funds. Unfortunately, once stolen, it is nearly impossible to recover the funds.

Related Threat Briefings