Go to listing page

Cyware Daily Threat Intelligence, April 30, 2021

Cyware Daily Threat Intelligence, April 30, 2021

Share Blog Post

A stitch in time can protect IoT and OT system vendors from a newly found BadAlloc vulnerability. A collection of 25 remote code execution vulnerabilities, BadAlloc can enable threat actors to bypass security controls, execute malicious code or cause a system to crash.

Meanwhile, a financially motivated threat actor group got hands-on a zero-day flaw in SonicWall VPN appliances with an intent to distribute a new FIVEHANDS ransomware on victims’ systems. The flaw was actively tapped until the vendor released security patches.

An unnamed ransomware was also sighted in an attack on the Resort Municipality of Whistler, Canada. Following the attack, the organization was forced to shut down its network, website, email, and phone systems.

Top Breaches Reported in the Last 24 Hours

Resort Municipality of Whistler affected
The Resort Municipality of Whistler in British Columbia, Canada, has suffered an attack from a new ransomware gang. This forced the organization to shut down its network, website, email, and phone systems. Due to this disruption, all online activities and certain in-person municipality activities have been suspended.

Rio Grande do Sul court hit
Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit in an attack by REvil ransomware. Following the attack, the gang encrypted employees’ files and forced the courts to shut down their network. A ransom demand of $5,000,000 has been made to decrypt files and prevent the leaking of data.

Top Malware Reported in the Last 24 Hours

New FIVEHANDS ransomware
A financially motivated threat actor group actively tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company. The flaw, tracked as CVE-2021-20016, was abused to deploy a new ransomware called FIVEHANDS into victims’ systems.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable F5 BIG-IP Networks
F5 Networks have released patches for an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM). Tracked as CVE-2021-23008, the vulnerability can allow threat actors to hijack a Kerberos KDC (Key Distribution Center) connection using a spoofed AS-REP (Kerberos Authentication Service Response).

New BadAlloc flaw
Microsoft security researchers have discovered a set of 25 remote code execution flaws, collectively known as BadAlloc, that affects many IoT devices and OT industrial systems. These flaws are caused by memory allocation Integer Overflow or Wraparound bugs. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on devices.

Faulty PHP Composer package addressed
The maintainer of the PHP Composer package has addressed a command injection flaw, CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. The flaw has been addressed in Composer versions 2.0.13 and 1.10.22.

New BIND vulnerabilities
The Internet Systems Consortium (ISC) has released an advisory for three vulnerabilities that impact the safety of ISC Berkeley Internet Name Domain (BIND). The vulnerabilities are tracked as CVE-2021-25216, CVE-2021-25215, and CVE-2021-25214. The flaws are addressed in versions 9.11.31, 9.16.15, and 9.17.12 of BIND.

 Tags

sonicwall vpn appliances
resort municipality of whistler
f5 networks
badalloc flaw
fivehands ransomware

Posted on: April 30, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.