Cyware Weekly Threat Intelligence July 26–30, 2021

Weekly Threat Briefing • Jul 30, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Jul 30, 2021
The Good
Better late than never. Patch your vulnerabilities now as the Five Eyes cybersecurity agencies have issued an advisory about the top 30 most exploited flaws. In another good piece of news, GitLab issued a new open-source tool that would help developers detect malicious code.
Brazil created a cyberattack response network called the Federal Cyber Incident Management Network to promote faster response to cyberattacks and vulnerabilities while establishing coordination between federal government bodies.
The CISA, ACSC, FBI, and NCSC released a joint advisory on the top 30 vulnerabilities routinely exploited by threat actors. Some of these flaws affect VPNs from Pulse Secure, Fortinet, and F5-Big IP.
Google announced more details about its Safety Section feature in Google Play Store that offers information about the data collected by an Android app.
GitLab rolled out a new open-source tool, dubbed Package Hunter, to help developers identify malicious code in their project dependencies. Right now, it includes support for NodeJS modules and Ruby Gems.
The Bad
‘Once burned twice shy,’ the saying goes. However, sometimes that’s not the case as is evident from JustDial experiencing another data breach, which is eerily similar to the one from 2019. Moving away from human errors, we are tired of witnessing attacks and data breaches at healthcare facilities every single day. This week attackers stole sensitive information from Homewood Health. And, BazarCall attackers are back in action.
Cybercriminals stole the confidential data of British Columbians from Homewood Health. The trove contains data related to finances, amendments, agreements, accruals, and projects, among others.
IP cameras sold by a dozen vendors are vulnerable to remote assaults due to a myriad of serious and high-severity flaws affecting UDP Technology firmware. Eleven of these flaws are related to remote code execution issues and one authentication bypass vulnerability.
University of San Diego Health underwent a data breach that compromised the personal information of its patients, students, and employees. The incident occurred between December 2, 2020, and April 8, 2021, after hackers gained unauthorized access to some employee email accounts.
NFT Ethereum-based game Axie Infinity players were targeted after threat actors infected Google Ads content. The threat actors lured the players into transferring funds from their cryptocurrency accounts.
Florida’s Department of Economic Opportunity (DEO) suffered a data breach after threat actors allegedly accessed sensitive information from the CONNECT public claimant portal between April 27 and July 16. The affected data includes social security numbers, driver’s license numbers, bank account numbers, addresses, phone numbers, and birth dates of claimants.
An ongoing malicious campaign—BazaCall—is leveraging fake call centers to lure victims into downloading malware. The attacks employ conventional social engineering tactics.
Chinese state benefits app, named Beijing One Pass, has been found laden with spyware-like features. It is mandatory for foreign organizations in China to download the app to handle employee state benefits.
Reports revealed that attackers are using the XAMPP web server solutions stack to host Agent Tesla and Formbook malware.
JustDial once again exposed the personal information—usernames, email addresses, phone numbers, and dates of birth—of over 100 million users due to an unprotected API.
LINE accounts of more than 100 Taiwanese politicians and government officials were hacked and data pilfered. Users have been asked to enable their account’s message encryption feature.
New Threats
Cybercriminals are in the race of revamping everything, from malware to entire gangs. DoppelPaymer got rebranded as Grief. Also, researchers believe that a new ransomware gang, BlackMatter, might be the scion of REvil and DarkSide. Scary! Speaking of ransomware, there’s a new ransomware called AvosLocker which is actively looking for affiliates.