Go to listing page

Cyware Daily Threat Intelligence August 27, 2021

Cyware Daily Threat Intelligence August 27, 2021

Share Blog Post

BazaLoader backdoor is back with a new trick up its sleeve. The operators behind the malware are sending website owners fake notifications about DDoS attacks in an attempt to deploy the Cobalt Strike Beacon. The tool further enables attackers to deploy the backdoor that delivers other payloads.

Meanwhile, U.S. federal agencies have raised concerns about two major threats looming over organizations. One of them is related to the attacks by the Hive ransomware group and the other is associated with vulnerable Pulse Secure devices.

Amidst the proliferation of ransomware threats, there’s good news for victims affected by Ragnarok ransomware. The gang has called quits and released decryption keys.

Top Breaches Reported in the Last 24 Hours

ChaosDB exposed data
A misconfiguration flaw in Microsoft Azure’s flagship Cosmos DB had exposed the data of thousands of cloud customers. Meanwhile, the tech giant confirmed that there was no evidence of the exploitation of the flaw. The flaw, which existed in a visualization tool Jupyter Notebook, was fixed soon after the company became aware.

Players data exposed
Around 134GB of data containing 365 million records have been accidentally exposed due to an unsecured server. The compromised data belonged to players of fantasy games such as Rainbow Story: Fantasy MMORPG; Metamorph M; and Dynasty Heroes: Legends of Samkok.

Top Malware Reported in the Last 24 Hours

Ragnarok shuts its operation
The Ragnarok ransomware gang has shut down its operations and released a free decryption key for its victims. The gang was known for targeting multiple organizations across France, Estonia, Sri Lanka, Turkey, Thailand, the U.S., Malaysia, Hong Kong, Spain, and Italy.

BazaLoader is back
The attackers behind the BazaLoader malware are scaring website owners with a fake DDoS notification that results in the deployment of the Cobalt Strike tool. The tool further enables attackers to deploy the backdoor that delivers other payloads.

Top Vulnerabilities Reported in the Last 24 Hours

NVIDIA fixes a flaw
NVIDIA has fixed a remote code execution flaw affecting its NVCaffe. The flaw, tracked as CVE-2021-39158, can allow attackers to execute arbitrary code on the targeted system. The flaw has been fixed with the release of the 0.17.3 version of the NVCaffe.

Flaws fixed in elFinder
Five vulnerabilities discovered in elFinder web file manager have been patched with the release of a new version. The flaws are collectively tracked as CVE-2021-32682 and have a CVSS score of 9.8.

Kaseya issues patches
Kaseya has issued a security update to patch server-side zero-day vulnerabilities in Unitrends. The flaws can lead to remote code execution and privilege escalation.

Compromised Pulse Secure devices identified
The CISA has shared details about malicious files discovered on compromised Pulse Secure devices. Some of the flaws targeted include CVE-2021-22893 and CVE-2021-22937. The malware sample identified from compromised devices allowed threat actors to gain remote access to a target system and modify users’ credentials, among others.

Vulnerable Synology products
Synology has revealed that some of its products are affected by the recently disclosed OpenSSL vulnerabilities. The flaws can be abused to launch remote code execution attacks and DoS attacks. Patches for the affected products are yet to be released. 

Top Scams Reported in the Last 24 Hours

Scammers impersonate Europol head
Scammers are impersonating the European Union’s law enforcement agencies in an attempt to trick victims into handing over their financial information. The email accuses recipients of multiple criminal charges and threatens to initiate cases against them unless they reply within 72 hours.


hive ransomware group
pulse secure devices
cosmos db
bazaloader backdoor
ragnarok ransomware

Posted on: August 27, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.