Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing May 28, 2021

While the victims of the SolarWinds supply chain attack are still dealing with the aftermath, the threat actors behind the hack are back with a new wave of attacks. This time, the Nobelium APT group is taking aim at government agencies tied with USAID to take control of their email accounts. So far, around 3,000 email accounts at more than 150 different organizations have been targeted as a part of the campaign.

It’s high time that users should start using updated Pulse Secure VPN products as four new malware families—Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse—have been found targeting them. In other news, a trojanized AnyDesk remote desktop application is tricking users into sharing their system information.

Top Breaches Reported in the Last 24 Hours

New phishing campaign

Nobelium APT group is conducting a phishing campaign impersonating USAID to take control of accounts linked to government agencies, think tanks, consultants, and non-government organizations. The campaign has so far targeted around 3,000 accounts across 24 countries.

Klarna bank app leaks data

A design flaw in Klarna Bank allowed mobile app users to log into other customer accounts and view their stored information. The exposed data included names, mobile numbers, bank accounts, purchases, and credit cards.

Canada Post data breach

A malware attack on one of Canada Post’s suppliers has affected 44 of the company’s large business clients and their 950,000 customers. The information affected is from July 2016 to March 2019. Ninety-seven percent of the compromised data includes names and addresses of customers.

Top Malware Reported in the Last 24 Hours

Four new malware discovered

Researchers have discovered four new malware families designed to compromise Pulse Secure VPN products. The four newly discovered malware are Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse. The vulnerabilities targeted in these attacks are CVE-2021022893, CVE-2019-11510, and CVE-2020-8260, and CVE-2020-8243, which can be used to establish persistence on vulnerable appliances and further compromise devices.

Trojanized AnyDesk

Cybersecurity experts tracked down a clever malvertising network that leveraged Google search ads to deliver a weaponized AnyDesk Installer. The campaign which was launched in April 21, 2021, was used to collect and exfiltrate system information.

Top Vulnerabilities Reported in the Last 24 Hours

Fortinet vulnerabilities exploited

The FBI has issued an alert following a cyberattack on a local government office that occurred earlier this month. The attackers had gained access to devices on ports 4443, 8443, and 10443 by exploiting Fortinet vulnerabilities. The flaws were identified as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5991.

HPE fixes a critical zero-day flaw

HPE has released a security update to address a zero-day vulnerability discovered in its Systems Insight Manager (SIM) software, disclosed last year. The flaw is tracked as CVE-2020-7200 and affects version 7.6.x of the software.

Siemens issues an advisory

Siemens has released an advisory about five high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations. Four of these flaws are related to memory corruption issues.

Related Threat Briefings