Go to listing page

Cyware Daily Threat Intelligence, April 27, 2021

Cyware Daily Threat Intelligence, April 27, 2021

Share Blog Post

The cyber risk landscape is rapidly evolving as threat actor groups continue to launch attack campaigns with a myriad of malicious intentions. The U.K. NCSC has issued a warning about a new piece of spyware—FluBot—that is capable of stealing passwords and other sensitive information. An ongoing QuickBooks malspam campaign that targets users with the infamous Dridex trojan has also been spotted.

To minimize the impact of attacks, security vendors are always on their toes to fix security flaws, and one such major update has been shipped for Apple iOS and iPadOS 14.5. The latest version addresses around 50 vulnerabilities that could lead to multiple threats. Additionally, a zero-day vulnerability that is being wildly exploited by the Shlayer malware has also been fixed in macOS.

Top Breaches Reported in the Last 24 Hours

Gyrodata discloses data breach
Houston-based Gyrodata has suffered a data breach that resulted in the compromise of data belonging to current and former employees. The data potentially affected in the breach includes names, addresses, dates of birth, driver’s license numbers, social security numbers, passport numbers, and tax forms of employees.

DC Police dept. hit
The Washington, D.C. police department revealed that its computer network was breached and data was stolen in an attack by the Babuk ransomware gang. To claim the attack, the gang posted more than 250 GB of data on its dark website. The leaked data includes intelligence reports, information on gang conflicts, jail census, and other administration files.

Reverb hit by data breach
Popular musical equipment marketplace Reverb has suffered a data breach due to a misconfigured database. As a result, personal details that include names, addresses, phone numbers, and email addresses of its customers have been leaked online.

HasiCorp affected
HasiCorp is the latest victim of the Codecov supply chain attack that was discovered earlier this month. It is estimated that the attackers could have modified HashiCorp products while signing them with a genuine key. Meanwhile, investigations reveal that there is no evidence of unauthorized usage.

Top Malware Reported in the Last 24 Hours

FluBot spyware
The U.K. NCSC has issued an alert about a new piece of spyware named FluBot. The malware is installed via a tracking app that is delivered through a text message. FluBot capabilities include stealing passwords and other sensitive information.

Dridex malware returns
The notorious Dridex malware has returned in a new QuickBooks malspam campaign. The campaign leverages QuickBooks notifications and invoices to tempt users into downloading the trojan. The ongoing phishing campaign began on April 19.

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes a 0-day flaw
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware. Tracked as CVE-2021-30675, the flaw can lead to misclassification of certain applications and Shlayer can misuse it to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks.

More updates from Apple
In other news, Apple has issued patches for 50 security vulnerabilities with the release of iOS and iPadOS 14.5. The most serious of these vulnerabilities is CVE-2021-30661, which is a use-after-free memory corruption vulnerability in WebKit Storage.

Nvidia’s security bugs
A group of security vulnerabilities affecting Nvidia’s GPU display driver has been disclosed. The flaws can be abused to launch privilege escalation, arbitrary code execution, DoS, and information disclosure attacks. Nvidia has released patches to mitigate all of the bugs.

 Tags

flubot
zero day vulnerability
dridex trojan
shlayer malware

Posted on: April 27, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!