Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 17, 2021

The newly discovered Bizarro banking trojan is making waves across the world. After Brazil, the trojan has now been spotted targeting European and other South American countries. The latest report reveals that the trojan has been used to steal credentials from customers associated with 70 banks in these countries.

Conti ransomware is also in news for making a hefty ransom demand from its latest victim, Health Service Executive. The gang claims to have stolen 700 GB of data from the organization over two weeks.

Meanwhile, chipmaker AMD has flagged a new type of attack that arises due to two flaws in its Secure Encrypted Virtualization (SEV) technology.

Top Breaches Reported in the Last 24 Hours

Updates on HSE attacks

The Conti ransomware gang has demanded a ransom of $20 million from Ireland’s Health Service Executive (HSE) in exchange for decryption keys and deleting the stolen data. The gang claims to have stolen around 700 GB of sensitive data from the firm over two weeks. The organization has, however, refused to pay the ransom.

Toshiba Tec Group targeted

DarkSide ransomware is suspected to be behind the recent attack on Toshiba Tec Group. As a result of the attack, the firm was forced to take down its network connections between company assets.

Avaddon claims attacks on Acer Finance

Avaddon ransomware gang has added France-based Acer Finance to its list of victims. The gang has given the firm 240 hours for negotiation before it starts leaking the stolen valuable company documents.

Top Malware Reported in the Last 24 Hours

Bizarro trojan expands its attacks

Brazil-originated Bizarro trojan has expanded its attacks to other regions of the world. Attempts have now been made to steal credentials from customers of 70 banks located in different European and South American countries. The trojan’s x64 modules trick users into entering two-factor authentication codes appearing as fake popups.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable AMD chips

Chipmaker AMD has issued guidance for two attacks that allow bypassing of the Secure Encrypted Virtualization (SEV) technology. The attacks are executed by abusing two flaws: CVE-2020-12967 and CVE-2021-26311. While the former is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature, the latter is due to rearrangement in the guest address space.

PoC for Windows bug released

The PoC has been released for a critical wormable vulnerability found in the latest Windows 10 and Windows Server versions. The bug, tracked as CVE-2021-31166, is found in the HTTP Protocol Stack used by Microsoft’s Internet Information Services (IIS) web server.

Related Threat Briefings