Go to listing page

Cyware Daily Threat Intelligence, April 21, 2021

Cyware Daily Threat Intelligence, April 21, 2021

Share Blog Post

Unpatched zero-day flaws have led to a spike in cyberattacks and a majority of these is attributed to a critical zero-day authentication bypass vulnerability discovered in the Pulse Secure Connect gateway. The flaw has been used as a part of the initial infection vector to distribute 12 malware families across multiple government and law enforcement agencies.

Moreover, exploitation of three zero-day vulnerabilities affecting SonicWall ES/Hosted Email Security has also come to the light. Users are advised to apply security patches to stay safe from these attacks.

Amid these threats, major security updates that compromise fixes for around 390 flaws have been announced by Oracle. Around 200 of these flaws can be exploited remotely without authentication. 

Top Breaches Reported in the Last 24 Hours

REvil gang after laptop manufacturers
REvil ransomware gang has claimed to steal a  huge trove of data from several laptop and other gadget manufacturers. The data accessed include large quantities of confidential drawings and gigabytes of personal data belonging to the likes of Apple, Dell, HPE, Lenovo, and Cisco.

Eversource suffers a breach
Misconfigured database belonging to Eversource has leaked names, addresses, phone numbers, social security numbers, and account numbers of users. The database also contained unencrypted files from August 2019 and included the personal information of 11,000 Eversource Eastern Massachusetts customers.

Top Vulnerabilities Reported in the Last 24 Hours

Oracle fixes 390 flaws
Oracle has released fixes for 390 vulnerabilities as part of the April 2021 Critical Patch Update. Around 200 of these flaws can be exploited remotely without authentication. The highest number of patches (77) has been received by Oracle’s E-Business Suite. Other impacted Oracle products include Communications, PeopleSoft, Financial Services Applications, JD Edwards, Database, Communications Applications, Construction and Engineering, Enterprise Manager, and Siebel CRM.

SonicWall warns about mass exploitation
SonicWall has warned customers about three zero-day vulnerabilities that are being exploited in the wild. The flaws are tracked as CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. SonicWall has urged its customers to apply patches for these vulnerabilities that impact ES/Hosted Email Security versions 10.0.1 and above.

Pulse Secure 0-day exploitation
A newly discovered zero-day authentication bypass vulnerability found in Pulse Connect Secure gateway is currently being exploited in the wild, for which there is no patch yet. Tracked as CVE-2021-22893, the flaw has been linked with multiple attack campaigns that deployed nearly 12 malware families against different government and law enforcement agencies.

Mozilla fixes 13 flaws
Mozilla Foundation has fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communication icon. Successful exploitation of the flaw (CVE-2021-23998) could have allowed a rogue website to intercept browser communications.

Flaw in debug toolbar fixed
Developers have fixed a serious security flaw in a debug toolbar for the popular Django framework. Tracked as CVE-2021-30459, the flaw arises because due to the change in the code of the SQL ‘explain’, ‘analyze’, or ‘select’ forms supported by the tool.

Top Scams Reported in the Last 24 Hours

Bloomberg impersonated
Hackers are impersonating Bloomberg employees in an attempt to install RAT on target computers. The perpetrators send fake Bloomberg invoices laced with the trojan that could be used to surveil computer networks or steal data. Researchers claim that the phishing campaign has been active since last year and involved the use of a tool named NanoCore.

 Tags

sonicwall
eversource
revil ransomware gang
pulse secure connect gateway
misconfigured database

Posted on: April 21, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!