Go to listing page

Cyware Daily Threat Intelligence July 19, 2021

Cyware Daily Threat Intelligence July 19, 2021

Share Blog Post

Bandook spyware is still at large. This variant of Bandidos malware is now making headlines for a new espionage campaign linked to a new threat actor group identified as TA2721. The campaign targets Spanish citizens via phishing emails. The infection chain features a PDF containing a URL that leads to an encrypted RAR file that installs Bandook.  

The infamous Pegasus spyware has also been spotted in a zero-click attack that impacted over 50,000 smartphones worldwide. This enabled its operators to pilfer sensitive data related to activists, journalists, business executives, and politicians.

Top Breaches Reported in the Last 24 Hours

Comparis affected
Leading Swiss price comparison platform Comparis has disclosed a data breach following a ransomware attack. The company was attacked on July 7, after which it took several proactive measures to contain the attack. 

Misconfigured AWS bucket issue
Artwork Archive secured its misconfigured AWS bucket after it became aware of the data leak. The bucket had exposed over 421GB of data containing 200,000 files associated with over 7,000 artists, collectors, and galleries. However, the firm said that there is no evidence of misuse of the data.  

Campbell discloses a breach
Campbell Conroy & O'Neil, P.C. (Campbell) disclosed falling victim to a ransomware attack in February. Following the attack, the threat actors had pilfered the personal details of certain individuals. 

Saudi Aramco hacked
Threat actors with the online name of ZeroX claimed to have stolen 1TB of sensitive data from Saudi Aramco. The stolen data has been put up for sale on multiple hacking forums. The attack was launched by exploiting a zero-day flaw in the Saudi Aramco infrastructure in 2020.  

Top Malware Reported in the Last 24 Hours

Pegasus malware is back
Israel’s NSO Group and its Pegasus malware have been linked to a worldwide espionage campaign that targeted activists, journalists, business executives, and politicians. The spyware has managed to steal data from more than 50,000 smartphones.  

Bandook malware spotted again
Bandook has been linked to a new espionage campaign that targets Spanish citizens via phishing emails. The campaign is carried out by a new group identified as TA2721.

Top Vulnerabilities Reported in the Last 24 Hours

Updates on WiFiDemon
Apple is working on a WiFi bug named WiFiDemon that can allow threat actors to infect a device without requiring any user interaction. The patch for the bug is expected to be pushed in the iOS 14.7 update. The flaw can also be exploited to achieve remote code execution on targeted devices. 

New Windows Print Spooler flaw
Security researchers have unearthed a new Elevation of Privilege (EoP) bug in Windows Print Spooler after the devastating PrintNightmare vulnerability. Identified as CVE-2021-34481, the flaw exists because the Windows Print Spooler improperly handles privileged file operations.


a zero click attack
bandook spyware
bandidos malware
aws bucket
artwork archive

Posted on: July 19, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.