Go to listing page

Cyware Daily Threat Intelligence, June 21, 2021

Cyware Daily Threat Intelligence, June 21, 2021

Share Blog Post

Threat actors, who are never at rest, are constantly giving security experts a run for their money. In a new cyberespionage campaign discovered recently, Sload aka Starslord loader has been found targeting users in Europe. This time, the attackers are using malicious VBS and PowerShell scripts to drop the loader which subsequently deploys Ramnit and Trickbot as the final payload.

Misconfigured databases drew major flak for the U.S. supermarket chain Wegmans Food Markets as this resulted in the exposure of customer details. The databases contained names, addresses, phone numbers, birth dates, and Shoppers Club numbers of customers.

Top Breaches Reported in the Last 24 Hours

Wegmans affected in a data breach
U.S. supermarket chain Wegmans Food Markets has suffered a data breach that occurred due to misconfigured databases. The databases included customer details such as their names, addresses, phone numbers, birth dates, and Shoppers Club numbers. However, the passwords are safe as they were hashed and salted.

KAERI confirms about an attack
The South Korean Atomic Energy Research Institute (KAERI) has confirmed a cyberattack from the Kimsuky threat actor group. The adversary had exploited a vulnerability in the VPN system used within the research institute’s environment to enter into the network.

Top Malware Reported in the Last 24 Hours

Starslord loader is back
Sload, or Starslord loader, has been spotted in a new cyberespionage campaign targeting users in Europe. This time, the attackers are using VBS and PowerShell scripts instead of relying on malicious documents to gain an initial foothold. The final payload of the downloader includes Ramnit and Trickbot trojans.

Top Vulnerabilities Reported in the Last 24 Hours

New iPhone bug
A new bug discovered in iPhone’s wireless functionality can be exploited to join a nearby hotspot with an unusual name, after which the wireless functionality of the device gets disabled. The flaw has been successfully on iPhone XS, running iOS version 14.4.2.

Vulnerable Cisco switches
Researchers have identified multiple vulnerabilities in Cisco’s Small Business 220 series smart switches. Attackers can abuse one of these flaws (CVE-2021-1542) to hijack a user’s session and gain access to the switch’s web interface. It is rated high severity.  

Top Scams Reported in the Last 24 Hours

Beware of Amazon Prime Day scams
Security experts have warned online shoppers about Amazon Prime Day scams that are underway. These scams are carried out via emails and text messages, where the cybercriminals lure consumers into entering their details into fake websites. These messages include fake deals or prize offering to encourage recipients into clicking malicious links.

 Tags

starslord loader
iphones
wegmans food markets
south korean atomic energy research institute kaeri

Posted on: June 21, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.