Go to listing page

Cyware Daily Threat Intelligence August 23, 2021

Cyware Daily Threat Intelligence August 23, 2021

Share Blog Post

The hide-and-seek game between security experts and threat actors is becoming complicated as the latter continues to refine their evasion techniques. Researchers have been left scratching their heads after the recent discovery of several variants of PRISM backdoor that went undetected for over 3.5 years. The oldest sample was traced back to November 2017. Some of these variants used XOR encryption algorithm or ‘agent-waterdropx’ string to fly under the radar.

Meanwhile, over 30,400 Exchange servers are at risk of attack as the CISA issued an alert about the mass exploitation of the recently disclosed ProxyShell vulnerability.    

Top Malware Reported in the Last 24 Hours

New variant of the PRISM backdoor spotted
Several new variants of the PRISM backdoor have managed to fly under the radar for over 3.5 years. One of the variants found is dubbed WaterDrop, which uses a string ‘agent-waterdropx’ for HTTP-based communications over C2 channels. Other versions of PRISM detected are v2.2 and v3, which include the XOR encryption algorithm.

Top Vulnerabilities Reported in the Last 24 Hours 

CISA warns about ProxyShell vulnerability
The CISA has issued a warning about the mass exploitation of the recently disclosed Microsoft Exchange vulnerabilities called ProxyShell. The flaws—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207—can be exploited to execute arbitrary code on a victim system. It is disclosed that almost 2,000 Microsoft Exchange servers have been infected with backdoors over the past two days. Researchers indicate that more than 30,400 servers are exposed to attacks. 

Razer Synapse zero-day flaw
A Razer Synapse zero-day vulnerability can allow attackers to gain admin privileges on Windows systems through Razer mouse or keyboard. Razer is yet to release a security patch for this local privilege escalation vulnerability.  

PoC for Sophos vulnerability disclosed
Researchers have disclosed a critical remote code execution vulnerability affecting Sophos appliances, for which patches were released last year. The flaw, tracked as CVE-2020-25223, can allow attackers to execute malicious code with root privileges on a Sophos appliance.

Top Scams Reported in the Last 24 Hours

Hurricane-related scams
CISA is warning users about hurricane-related scams that trick victims into handing over their funds and personal details. The scam is executed using fraudulent emails that contain malicious links or attachments. Users are being urged to exercise caution to prevent falling into such scams. 

Tor.Jack malware scam
Threat actors are misusing the fear and anxiety of users in a Tor.Jack malware scam to steal their personal and financial information. The campaign starts with a fake pop-up message that alerts the users that their mobile or computer devices have been infected with Tor.Jack malware. It further instructs them to click on a website that redirects visitors to a page for installing fake apps designed to pilfer data.  


prism backdoor
xor encryption algorithm
proxyshell vulnerability
exchange servers
zero day flaw

Posted on: August 23, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.