Go to listing page

Cyware Daily Threat Intelligence August 17, 2021

Cyware Daily Threat Intelligence August 17, 2021

Share Blog Post

IoT inspectors are sounding the alarm on recently discovered vulnerabilities that affect millions of IoT devices. In one incident, IP cameras, routers, Wi-Fi repeaters, and residential gateways manufactured by around 65 vendors are at risk of DDoS attacks due to three serious vulnerabilities in Realtek 8xxx chips. In a different instance, more than 83 million IoT security cameras can let attackers silently spy on users due to a critical remote code execution flaw in Kalay protocol. Upgrading to the latest versions is highly recommended to protect devices and networks from attacks. 

Besides the rising IoT security threats, security researchers have noticed a spike in malware attacks. Some of the prominent attack campaigns observed in the last 24 hours were designed to deploy a new version of Neurevt and FluBot Android trojan. 
     
Top Breaches Reported in the Last 24 Hours

Memorial Health System affected
Memorial Health System in Ohio was hit by Hive ransomware that disrupted patient care services. However, the healthcare system confirmed that no patient or employee data was compromised in the attack. The firm has implemented extensive security protocols to restore its impacted systems.  

An accidental data expose
An unprotected Elasticsearch database belonging to a secret terrorist watchlist had exposed 1.9 million records that include sensitive data related to airlines and multiple agencies. The affected agencies are the Department of State, Department of Defense, Transportation Security Authority, and Customs and Border Protection. The database was exposed for around three weeks before it was taken down on August 9. 

Brazilian Ministry attacked
The Brazilian Ministry of Economy disclosed a ransomware attack that occurred last week. The government took necessary security measures to contain the attack.   

JP Morgan Chase Bank leaked data
JP Morgan Chase had accidentally leaked customer banking information due to a technical flaw in its website and app. The leaked data included transaction lists, names, and account numbers of customers. The data was left exposed for around a month before it was fixed on July 14. 

Top Malware Reported in the Last 24 Hours

 New version of Neurevt trojan spotted
A new version of the Neurevt trojan with spyware and backdoor capabilities has been spotted. The version of the trojan targets users in Mexican financial institutions. 

Surge in FluBot
FluBot Android malware has expanded its activity to target users associated with Polish and German banks. The malware is distributed via text messages containing fake links.  

New TrickBot attack
A new TrickBot attack deploys a fake 1Password manager designed to infect a victim’s computer and collect data. Furthermore, the fake installer deploys Cobalt Strike to harvest information about multiple systems in the network. 

Top Vulnerabilities Reported in the Last 24 Hours 

Linux glibc flaw
A previously patched vulnerability in the Linux GNU C Library (glibc) has led to a new security vulnerability tracked as CVE-2021-38604. The flaw has a CVSS score of 7.5 and can trigger DDoS attacks on the application using the library.  

Serious flaws in Realtek chips
Around 65 vendors using Realtek chips are impacted by serious vulnerabilities that can allow attackers to gain complete access to the device. The flaws tracked as CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, and CVE-2021-35395, affect several versions using Realtek RTL8xxx chips. Realtek has issued patches for the vulnerabilities.  

Security cameras at risk
More than 83 million security cameras using the Kalay network are at risk following the discovery of a critical vulnerability CVE-2021-28372. The flaw can be exploited to watch and listen to live feeds, as well as compromise credentials. Upgrading to the latest version of the Kalay protocol is highly recommended to protect devices and networks from attacks. 

XSS bug in SEO plugin
A cross-site scripting flaw in the SEOPress WordPress plugin could allow attackers to inject arbitrary code into websites. The bug (CVE-2021-34641) stems from the inappropriate security applied to the REST-API endpoint.  

Fortinet issues a patch
Fortinet has issued security updates for a command injection vulnerability affecting its Web Application Firewall (WAF). It can let attackers take complete control of servers running the vulnerable WAF.

 Tags

flubot
realtek chips
kalay network
fortinet waf
seopress wordpress plugin
neurevt trojan
trickbot attack

Posted on: August 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.