Go to listing page

Cyware Daily Threat Intelligence, April 15, 2021

Cyware Daily Threat Intelligence, April 15, 2021

Share Blog Post

Yet, there’s another Chrome exploit in the wild. A security researcher has published a PoC exploit on a recently discovered zero-day vulnerability Google Chrome, Microsoft Edge, and other Chromium-based browsers. Tracked as a remote code execution vulnerability, the flaw resides in the v8 JavaScript engine used by Chromium. Although a patch for the flaw has been issued, it's still unclear as to when Google will add it to Chrome.  

A new case of misconfigured Amazon AWS bucket has grabbed the eyeballs of security experts. The unprotected database which reportedly belongs to an online packaging marketplace, Bizongo, had leaked 643 GB worth of data online.     

Top Breaches Reported in the Last 24 Hours

Babuk ransomware posts 500 GB of data
Babuk ransomware operators have reportedly posted 500 GB worth of Houston Rockets’ internal business data on its dark web forum. The alleged data includes contracts, non-disclosure agreements, and financial data.   

Bizongo leaks data
An online packaging marketplace, Bizongo, was affected by a data leak incident that occurred in December 2020. During this time period, approximately 2,532,610 files were exposed due to misconfigured AWS S3 data bucket.   
       
Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Kubernetes
A vulnerability in one of the Go libraries that Kubernetes is based on could lead to Denial of Service (DoS). The flaw (CVE-2021-20291) affects the Go library called ‘containers/storage’. Patches for the bug have been issued in version 1.28.1 of containers/storage, CRI-O version v1.20.2, and Podman version 3.1.0. 

SAP issues patches
SAP has issued 14 new security notes and 5 updates as part of April 2021 Security Patch Day. One of the fixes is for a critical issue in SAP commerce. The critical vulnerability, tracked as CVE-2021-27602, could be exploited by remote attackers to execute code on vulnerable installs. It is rated a CVSS score of 9.9.  

PoC for Unpatched Chromium flaw
A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge, and other web browsers. The flaw resides in the v8 JavaScript engine used by Chromium and can be exploited for arbitrary code execution in the browser process. The flaw has been patched in the code but the patch is yet to be shipped to Chrome or Edge users.

Top Scams Reported in the Last 24 Hours

Fake LinkedIn email leads
Users of employment-oriented services are being targeted with customized phishing emails that attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads. According to the Bitdefender Antispam Lab telemetry, over 500 million scam emails selling premium LinkedIn leads have been spotted across the U.S., the Middle East, and Canada. The emails advertise the delivery of “verified and 100% accurate LinkedIn leads” but rarely stick to their word, siphoning off thousands of dollars from targets.

 Tags

babuk ransomware gang
houston rockets
bizongo
linked data leak incident

Posted on: April 15, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!