Cyware Daily Threat Intelligence

Daily Threat Briefing • May 17, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 17, 2021
The newly discovered Bizarro banking trojan is making waves across the world. After Brazil, the trojan has now been spotted targeting European and other South American countries. The latest report reveals that the trojan has been used to steal credentials from customers associated with 70 banks in these countries.
Conti ransomware is also in news for making a hefty ransom demand from its latest victim, Health Service Executive. The gang claims to have stolen 700 GB of data from the organization over two weeks.
Meanwhile, chipmaker AMD has flagged a new type of attack that arises due to two flaws in its Secure Encrypted Virtualization (SEV) technology.
Top Breaches Reported in the Last 24 Hours
Updates on HSE attacks
The Conti ransomware gang has demanded a ransom of $20 million from Ireland’s Health Service Executive (HSE) in exchange for decryption keys and deleting the stolen data. The gang claims to have stolen around 700 GB of sensitive data from the firm over two weeks. The organization has, however, refused to pay the ransom.
Toshiba Tec Group targeted
DarkSide ransomware is suspected to be behind the recent attack on Toshiba Tec Group. As a result of the attack, the firm was forced to take down its network connections between company assets.
Avaddon claims attacks on Acer Finance
Avaddon ransomware gang has added France-based Acer Finance to its list of victims. The gang has given the firm 240 hours for negotiation before it starts leaking the stolen valuable company documents.
Top Malware Reported in the Last 24 Hours
Bizarro trojan expands its attacks
Brazil-originated Bizarro trojan has expanded its attacks to other regions of the world. Attempts have now been made to steal credentials from customers of 70 banks located in different European and South American countries. The trojan’s x64 modules trick users into entering two-factor authentication codes appearing as fake popups.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable AMD chips
Chipmaker AMD has issued guidance for two attacks that allow bypassing of the Secure Encrypted Virtualization (SEV) technology. The attacks are executed by abusing two flaws: CVE-2020-12967 and CVE-2021-26311. While the former is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature, the latter is due to rearrangement in the guest address space.
PoC for Windows bug released
The PoC has been released for a critical wormable vulnerability found in the latest Windows 10 and Windows Server versions. The bug, tracked as CVE-2021-31166, is found in the HTTP Protocol Stack used by Microsoft’s Internet Information Services (IIS) web server.