Go to listing page

Cyware Daily Threat Intelligence June 30, 2021

Cyware Daily Threat Intelligence June 30, 2021

Share Blog Post

Sigh of relief for victims affected by Lorenz ransomware. A decryption tool that can enable them to decrypt their files without paying a ransom is now available for free to the public. The ransomware uses a blend of RSA and AES-128 algorithms to encrypt files on a compromised device.

However, there are some new threats as well. A zero-day vulnerability in Adobe Experience Manager (AEM) can be a matter of concern for several large companies if patches are not applied in time. Identified as an authentication bypass flaw, it can enable attackers to conduct remote code execution attacks on the CRX Package Manager. In other news, a version of PJobRAT is being used in an ongoing attack campaign to pilfer contact details, SMSes, and GPS locations of individuals.

Top Breaches Reported in the Last 24 Hours

UofL Health notifies patients
A healthcare system located in Kentucky, UofL Health, is notifying more than 40,000 patients about a data breach that affected their PHI. The incident occurred after the healthcare system erroneously sent sensitive data to an email address outside it’s network.

Denmark’s Nationalbank compromised
Russian-linked Nobelium APT group compromised Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The attack is the result of the SolarWinds supply chain attack that occurred last year.

New updates on WD data loss
Reports suggest that threat actors abused a zero-day vulnerability in Western Digital My Book Live NAS devices to perform a mass-factory reset, leading to loss of data. The vulnerability is tracked as CVE-2018-18472 and has not been fixed since. 

Top Malware Reported in the Last 24 Hours

PJobRAT spyware
An ongoing malware campaign, active since January 2021, is leveraging famous dating and instant messaging apps to distribute a version of PJobRAT spyware. The campaign is targeted against Indian military personnel. The data collected by the spyware includes contacts, SMSes, and GPS location of individuals.

Decryption key for Lorenz ransomware
A decryption tool available for free publicly can help victims recover their files encrypted by Lorenz ransomware. The ransomware uses a blend of RSA and AES-128 algorithms to encrypt files on a compromised device.

Top Vulnerabilities Reported in the Last 24 Hours

Bypass flaw in Adobe patched
An authentication bypass flaw found in Adobe Experience Manager (AEM) was found impacting multiple large organizations using CRX Package Manager. The flaw can be abused by attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution attacks.

 Tags

adobe experience manager aem
lorenz ransomware
pjobrat
crx package manager

Posted on: June 30, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.