Cyware Daily Threat Intelligence

Daily Threat Briefing • September 8, 2021
Daily Threat Briefing • September 8, 2021
The mysterious comeback of the REvil ransomware gang has raised several questions and worries for both organizations and security experts. It has been found that the data leak website handled by the group is restored with the name of the latest victim organization being added on July 8. Only time will define the intent of the gang’s return after a gap of almost two months.
The threat landscape is also witnessing a surge in backdoor malware that continues to spawn additional processes to gain control over users’ systems. In the last 24 hours, researchers have uncovered two Android backdoors named 888 RAT and SpyNote associated with the BladeHawk group.
Top Breaches Reported in the Last 24 Hours
A data leak incident at McDonald’s
A flaw in the McDonald’s Monopoly VIP game in the U.K caused the leak of credentials belonging to several gamers. The information also included hostnames for Azure SQL databases. However, no personal data was compromised in the incident.
REvil ransomware gang returns
Almost two months after shutting down the operation the REvil ransomware gang has made a comeback with a new list of victims. The website managed by the threat actors has also been restored and includes the process for victims to negotiate with attackers.
New Zealand financial institutions affected
Websites of several financial institutions in New Zealand were temporarily down following a cyberattack. Some of the affected institutions include Australia and New Zealand Banking Group’s (ANZ), and Kiwibank.
PeduliLindungi leaks data
Another Indonesian COVID-19 tracking app PeduliLindungi has leaked the personal data of an unknown number of Indonesian residents online. This new data leak incident comes days after the recent data leak incident by eHAC app.
Top Malware Reported in the Last 24 Hours
Two Android backdoors spotted
Researchers have spotted two Android backdoors, 888 RAT and SpyNote, in a targeted mobile espionage campaign against the Kurdish ethnic group. The campaign launched by the BladeHawk group used six Facebook profiles to distribute the malware. The backdoors are capable of taking screenshots, phishing Facebook credentials, stealing user photos, recording phone calls, and stealing SMS messages.
Top Vulnerabilities Reported in the Last 24 Hours
PoC for Ghostscript exploit released
A researcher has published the PoC exploit for a zero-day vulnerability in Ghostscript that can lead to a remote code execution attack on compromised servers. The flaw could be exploited by an attacker by uploading a malformed SVG file on the underlying operating system.
New zero-day flaw found in IE
Microsoft has issued an alert about a new zero-day vulnerability affecting Internet Explorer. Tracked as CVE-2021-40444, the flaw impacts Microsoft MHTML. It can be exploited by using specially-crafted Microsoft Office documents.