Go to listing page

Cyware Daily Threat Intelligence, June 01, 2021

Cyware Daily Threat Intelligence, June 01, 2021

Share Blog Post

Double whammy for organizations across the world as they struggle to keep up with threats from ransomware 2.0 attacks. Two threat actor groups, named Prometheus and Grief, have emerged as potential players, joining the ransomware and data-stealing game lately. While Prometheus is found to have targeted 27 enterprises, Grief claims to have stolen data from five organizations.

Moving further, Android phone users are not spared from TeaBot and FluBot malware attacks that are being distributed via malicious apps. The campaign to deliver these fake apps that pretend to be the original version of VLC Media Player, Kaspersky, BookReader, AdBlocker, and Uplift remains active in the wild.

Top Breaches Reported in the Last 24 Hours

The Swedish Public Health Agency has shut down SmiNet after being targeted in several hacking attempts. While no evidence of unauthorized parties accessing sensitive information has been found so far, the agency disclosed that it will continue with the investigation before the reporting process starts.

Rise of Prometheus
Prometheus and Grief are two emerging ransomware groups that have joined the data-stealing extortion game lately. While the former has ensnared data of 27 organizations, the latter has affected five firms.

Top Malware Reported in the Last 24 Hours

NSIS crypter evolves
Research reveals that NSIS-based crypters, which are used to drop malicious payloads, have evolved over the past years. It is found that the version discovered in February contains a malicious component in the form of a DLL, whereas another version includes an encrypted component that carries a payload.

TeaBot and FluBot malware
A new campaign that makes use of multiple popular apps is being used to distribute TeaBot and FluBot banking trojans on Android phones. The trojans’ capabilities include performing various keylogging activities, stealing Google Authentication codes, intercepting messaging, and even taking full control of devices

Top Vulnerabilities Reported in the Last 24 Hours

Siemens releases firmware updates
Siemens has shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers. The flaw could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted code execution. Tracked as CVE-2020-15782, the memory protection vulnerability has a CVSS score of 8.1.

SonicWall releases patches
SonicWall has released patches for a severe vulnerability found in its Network Security Manager (NSM) product. Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the flaw is an OS command injection vulnerability that can be exploited to execute commands on a device’s operating system.

 Tags

grief ransomware
prometheus ransomware
flubot
teabot trojan
swedish public health agency
nsis crypter

Posted on: June 01, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.