Go to listing page

Cyware Daily Threat Intelligence, August 30, 2021

Cyware Daily Threat Intelligence, August 30, 2021

Share Blog Post

Zero-day and unpatched vulnerabilities are exploding and so are opportunities for threat actors who are always on the lookout for such security flaws. A new security flaw impacting Microsoft Exchange servers after the recent discovery of ProxyShell vulnerability has raised concerns about unknown attacks that are in the making. Dubbed ProxyToken, the vulnerability can allow remote attackers to bypass authentication and modify Exchange server configurations.

In different news, a new variant of Mirai botnet is exploiting a previously disclosed command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.

Top Breaches Reported in the Last 24 Hours

1 GB data leaked
Around 1 GB of data belonging to sportswear manufacturer Puma has been leaked on the dark web marketplace Marketo. The compromised data include source codes of internal management applications linked to the company’s Product Management Portal.

Bangkok Airways’ data breached
Bangkok Airways has disclosed a ransomware attack that occurred on August 23. The attack was launched by LockBit ransomware operators who later threatened the firm to leak the stolen data. The data stolen includes the names, nationalities, genders, phone numbers, contact information, email addresses, and credit card information of passengers.

Top Malware Reported in the Last 24 Hours

A new variant of Mirai discovered
A new variant of the Mirai botnet is being used in the wild to exploit a known command injection vulnerability affecting WebSVN. The flaw is tracked as CVE-2021-32305 and affects versions prior to 2.6.1. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft issues guidelines on ChaosDB
Microsoft has issued guidance on securing Azure accounts affected by ChaosDB. The flaw impacts Azure’s Cosmos DB which recently became the cause for the exposure of data of thousands of cloud customers.

New ProxyToken vulnerability
ProxyToken is a newly discovered vulnerability that affects Microsoft Exchange servers. This is the second vulnerability after the ProxyShell vulnerability that is being exploited in the wild. The ProxyToken vulnerability can allow remote attackers to bypass authentication and make changes to an Exchange email server’s backend configuration.

 Tags

marketo dark web
mirai botnet
lockbit ransomware
proxytoken vulnerability
proxyshell vulnerability

Posted on: August 30, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.