Go to listing page

Cyware Daily Threat Intelligence August 05, 2021

Cyware Daily Threat Intelligence August 05, 2021

Share Blog Post

A new and scary Cybercrime-as-a- Service is haunting several organizations with a variety of malware. Dubbed Prometheus TDS (Traffic Distribution System), the tool has been designed to spread malicious Word documents and Excel Sheets that ultimately drop a Prometheus backdoor. So far, threat actors have distributed malware such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish by leveraging the service.

Vulnerable Industrial Control Systems (ICS) continue to plague several manufacturing industries. While Mitsubishi is working on addressing five vulnerabilities affecting its PLCs, Wibu Systems has issued patches for several DoS vulnerabilities impacting its CodeMeter product.

Top Breaches Reported in the Last 24 Hours

ERG suffers a ransomware attack
Italian energy company ERG has disclosed minor disruptions following a ransomware attack on its systems. While the attackers behind the attack are yet to be ascertained, some reports suggest that it is a work of the LockBit 2.0 ransomware group.

Misconfigured Amazon S3 bucket
A misconfigured Amazon S3 bucket belonging to Reindeer has leaked sensitive data of nearly 300,000 individuals. The bucket contained 32GB of data such as full names, dates of birth, profile pictures, email addresses, hashed passwords, and Facebook IDs of users.

Top Malware Reported in the Last 24 Hours

New Prometheus TDS
A new cybercrime service dubbed Prometheus TDS is available for sale on underground platforms for $250 a month. It is designed to distribute malware-laced Word and Excel documents that divert users to phishing and malicious sites. Researchers have observed multiple campaigns leveraging the service to deploy Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish.

Top Vulnerabilities Reported in the Last 24 Hours 

Five flaws in Mitsubishi PLCs
Researchers have discovered five vulnerabilities affecting Mitsubishi safety PLCs. These flaws are related to the authentication implementation of the MELSOFT communication protocol. Three of these security issues are tracked as CVE-2021-20594, CVE-2021-20598, and CVE-2021-20597. The patches for these flaws are yet to be released.

Cisco addresses pre-auth vulnerabilities
Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers. These flaws can allow remote attackers to launch DoS attacks or execute arbitrary code on vulnerable devices.

Decade-old bypass flaw
A decade-old authentication bypass flaw, tracked as CVE-2021-20090, could have left millions of business network routers open to malicious attacks. The flaw affects 20 different routers from 17 vendors, including Buffalo, Arcadyan, Verizon, Vodafone, O2, and HughesNet. It can be exploited to conduct MitM attacks. The vendors are taking steps to mitigate the impact of the flaw.

Another faulty ICS
Germany-based Wibu Systems has published advisories to address a couple of serious DoS vulnerabilities affecting its CodeMeter product. The more serious of these is tracked as CVE-2021-20093 and affects the CodeMeter Runtime network server. The flaws have been patched with the release of CodeMeter Runtime version 7.21a.

Vulnerable Online Hotel Reservation System
A cross-site scripting vulnerability has been identified in the Online Hotel Reservation System. The flaw exists due to insufficient sanitization of user-supplied data in the arrival parameter and can be exploited by sending a specially crafted link.

Chrome 92 update
Google has patched 10 vulnerabilities with the release of the Chrome 92 update. Two of these—CVE-2021-30590 and CVE-2021-30592—are high-severity flaws.

 Tags

mitsubishi safety plcs
prometheus tds
chrome 92 update
amazon s3 bucket
wibu systems

Posted on: August 05, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.