Cyware Weekly Threat Intelligence - August 02–06

Weekly Threat Briefing • Aug 6, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 6, 2021
The Good
Following the REvil decryptor for Kaseya victims, the week witnessed the release of another decryptor for Prometheus ransomware victims. Such a wonderful ray of sunshine, yes? Now, vulnerabilities are out to bite malicious actors as one of their favorite tools was found to be flawed. In another camp, following the repeated cyberattacks on the nation, the U.S. has decided to join hands with tech firms to strengthen the country’s cyber defenses.
The NSA and CISA provided hardening guidance in a new technical report describing security challenges in setting up and securing a Kubernetes cluster.
SentinelOne discovered DoS vulnerabilities in Cobalt Strike—a legitimate penetration testing tool, which is often misused by blackhat hackers—that can hamper beacon C2 communication channels and new payloads.
Starting this month, Microsoft Defender and Microsoft Edge on Windows 10 will automatically—and by default—block Potentially Unwanted Applications (PUAs).
A free decryptor for Prometheus ransomware has been released for victims to retrieve their encrypted files.
The CISA launched the federal civilian enterprise-wide Vulnerability Disclosure Policy (VDP) platform to manage security gaps in critical government systems.
The U.S. government has announced to partner with Google, Microsoft, Amazon, and other tech companies to reinforce the nation’s cybersecurity defenses. The initiative has been dubbed the Joint Cyber Defense Collaborative (JCDC) and will have the CISA working alongside various firms.
The Bad
It is 2021 and companies are still leaving their databases unsecured and people are suffering because of such a mistake. Around 35 million U.S. residents had their personal information exposed this week. Coming to the topic of data breaches, the educational sector is still bearing the brunt of cyberattacks as a Candian school district was breached. Scammers can be called the shameless scum of the cyberworld as they are now targeting people who are seeking unemployment insurance.
Italian energy firm ERG suffered minor disruptions in its ICT infrastructure following a ransomware attack by the LockBit 2.0 group.
WizCase reported a breach affecting Reindeer, an American marketing company. The incident exposed over 50,000 files in a 32GB trove of data, owing to a misconfigured Amazon S3 bucket.
An alleged ransomware group attacked the vaccination registration system in Italy’s Lazio region, preventing residents from booking new vaccination appointments for days.
An unsecured Elasticsearch database had left the details of about 35 million residents across Chicago, San Diego, and Los Angeles exposed online. The data included gender, full names, dates of birth, and marital status of users.
Canada’s School District No.73 suffered a breach, impacting the personal information—identity and contact information—of students.
Scammers are masquerading as members of the SEC, FINRA, and other state securities regulators to trick investors into sharing more information. They created fake social media profiles and fake websites as a part of the phishing campaign.
Thailand’s vaccine registration platform had publicly exposed emails and personal details of over 20,000 applicants. The security issue has been patched now.
WeTransfer is being abused by threat actors to target Microsoft Office 365 users. The attackers aim to exfiltrate their credentials.
An unsecured database at OneMoreLead laid bare a glut of personally identifiable information containing around 126 million records for 63 million people in the U.S.
The FTC is warning people who have applied for unemployment insurance against a phishing campaign. The emails and text messages impersonate states’ workforce agencies and aim to pilfer your social security numbers and other personal information.
New Threats
The notorious APT31, also known as Zirconium, attacked Russia for the first time ever! It is also propagating a new RAT. The week was a hard one as various sets of vulnerabilities kept coming forth, along with their potentially devastating consequences. This includes a set of DNS vulnerabilities that can allow attackers to rip data off of corporate networks. Cannot finish this without talking about cryptostealers. Raccoon stealer got upgraded and can now exfiltrate cryptocurrency from victims.