Go to listing page

Cyware Daily Threat Intelligence, June 14, 2021

Cyware Daily Threat Intelligence, June 14, 2021

Share Blog Post

Take a look at all the ransomware attacks over the past few years and you will see a massive evolution in the sophistication of such attacks. Threat groups are firmly determined to make greater financial gains. And, if not money, the purpose is often espionage. A recent attack on several airline carriers including has been attributed to the China-linked APT41 threat group. The entire airline industry has been recommended to scour their networks for traces of its malicious activity.

While we are trying to deal with this latest development, another monumental breach affected Audi and Volkswagen as unsecured data was exposed to the open internet. In a positive development, the prolific Avaddon ransomware gang announced to shut down its operations and provided thousands of decryption keys for victims to recover their data.

While one threat lays low, another rears its head. A Mirai botnet variant was found scanning Tenda routers for known but uncommon vulnerabilities. The malware primarily targets exposed and vulnerable Docker APIs to include them in its DDoS botnet.

Top Breaches Reported in the Last 24 Hours

Audi and Volkswagen breached
The American unit of the Volkswagen group suffered a data breach impacting 3.3 million customers. The breach was caused by a vendor that left unsecured data exposed to the internet between August 2019 and May 2021.

Intuit notifies of hack
Intuit, a financial software company, notified TurboTax customers of a series of potential account takeover attacks. The financial and personal information of some customers was accessed by hackers. 

Chinese hackers behind Air India hack
A cyberattack on Air India that lasted for almost 3 months has been attributed to the Chinese nation-state actor APT41. The campaign has been dubbed ColunmTK and the consequences of the attack might be significant, stated Group-IB.

Carter’s leaks customer records
Baby clothes retailer Carter’s inadvertently exposed over 410,000 records, dating back years, according to a new disclosure. The issue stemmed from shortened URLs generated by Linc which lacked basic security protections. The links contained purchase details, tracking information, and more.


Top Malware Reported in the Last 24 Hours

Avaddon closes shop
One of the most prolific ransomware of our times—Avaddon—announced shutting down its operations and providing a decryption tool for free. The file was sent to BleepingComputer and had decryption keys for all 2,934 victims.

Mirai variant scans for uncommon flaws
Moobot, a Mirai variant, was found scanning Tenda routers for known but uncommon vulnerabilities. This malware strain primarily targets exposed and vulnerable Docker APIs to include them in its DDoS botnet. 


Top Vulnerabilities Reported in the Last 24 Hours

Flaw in Facebook feature
A security bug in Facebook’s Messenger Rooms can allow hackers to access a victim’s private Facebook media and submit posts, all through their locked Android screen. A proof-of-concept video has been sent to Facebook. 

Unpatched flaws in provisioning tool
High severity security flaws—CVE-2021-31579, CVE-2021-31580, CVE-2021-31581, and CVE-2021-31582—found in Akkadian Provisioning Manager can allow for remote code execution with elevated privileges. The third-party provisioning tool used within Cisco UC environments has not issued any patches yet. 


Top Scams Reported in the Last 24 Hours

Interpol shuts down online pharmacies
Thousands of online marketplaces parading as pharmacies were taken down by Interpol in Operation Pangea XIV. These marketplaces pushed fake and illicit medicines and drugs as well as fake COVID-19 testing kits.


 Tags

carters
intuit turbotax
operation pangea xiv
volkswagen america
avaddon ransomware gang
facebook messenger rooms
moobot

Posted on: June 14, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.