Go to listing page

Cyware Daily Threat Intelligence, May 11, 2021

Cyware Daily Threat Intelligence, May 11, 2021

Share Blog Post

With a greater number of financial services going online, malicious cyber actors are finding ways to exploit such online services for financial gains. Researchers discovered a new Android banking trojan, dubbed TeaBot, targeting customers of banks in Spain, Germany, Italy, Belgium, and the Netherlands.

In the past 24 hours, we also saw reports of cyberattacks resulting in data exposure at the University of California and manufacturing firm Yamabiko. Meanwhile, the FBI and ACSC warned of a dangerous attack campaign leveraging the Avaddon ransomware to target organizations across various sectors.

Top Breaches Reported in the Last 24 Hours

University of California breached
The University of California (UC) confirmed that the personal information of employees and students was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. The attack took place in late December 2020 after a critical vulnerability was identified in the file sharing service.

Babuk targets Yamabiko
The Babuk ransomware group allegedly hacked into Yamabiko, a Japanese manufacturer of power tools and agricultural and industrial machinery. The Russian-speaking threat actors claimed to have stolen a total of 0.5TB of data including Personally Identifiable Information (PII) on employees, product schematics, and financial data, among others.

Top Malware Reported in the Last 24 Hours

TeaBot trojan emerges
A new Android banking trojan, dubbed TeaBot, was reported targeting customers of banks in Spain, Germany, Italy, Belgium, and the Netherlands. The malware steals user credentials and SMS messages to enable fraudulent activities against victims.

FBI warns against Avaddon
The FBI and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from manufacturing, healthcare, government, and other sectors. The ACSC said that Avaddon threat actors, in addition to encrypting victims’ data, are threatening to launch DDoS attacks to pressurize victims into paying ransoms.

Top Vulnerabilities Reported in the Last 24 Hours

APTs aim at Exchange servers
Researchers at ESET reported that a set of Microsoft Exchange vulnerabilities tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 were exploited by at least 10 APT groups. Besides Hafnium, other APTs exploiting the so-called ProxyLogon flaws include Tick, LuckyMouse, Calypso, Websiic, and Winnti Group, among others.

Flaw in Universal Turing Machine
A Swedish computer science professor discovered an arbitrary code execution vulnerability in the Universal Turing Machine. While a proof-of-concept code was published for the same, the vulnerability is not expected to have any real-world implications.


university of california
proxylogon vulnerabilities
avaddon ransomware

Posted on: May 11, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.