Go to listing page

Cyware Daily Threat Intelligence, May 13, 2021

Cyware Daily Threat Intelligence, May 13, 2021

Share Blog Post

Data breaches have become an all too common threat recently. Ransomware gangs are jumping on the extortion wagon and terrorizing victims. Volue became the latest victim of Ryuk ransomware. In malware news, a new crypter-as-a-service has been spotted by researchers targeting aviation and travel sectors.

The past 24 hours also brought us the news of a fresh scam related to COVID-19 vaccination cards. Fraudsters are leveraging Telegram channels to peddle fake COVID-19 vax cards. Meanwhile, scores of fake trading, cryptocurrency, and exchange apps were found defrauding both iOS and Android users.

Top Breaches Reported in the Last 24 Hours

Ryuk attacks Volue
Volue, a green energy solutions provider based in Norway, was attacked by Ryuk ransomware on May 5. Although the attack targeted Powel domain systems, no evidence of data exfiltration has been discovered yet. 

Manchester City Council exposes personal info
The Manchester City Council exposed the number plates of more than 60,000 cars online. These cars were slapped with parking tickets from April to July 2020.

Top Malware Reported in the Last 24 Hours

Fake Android, iOS trading apps
Researchers spotted hundreds of malicious banking, trading, cryptocurrency, and foreign exchange apps to steal from victims. These Android and iOS apps contain bogus software designed to mimic trusted and legitimate brands, such as Kraken, Binance, Gemini, Barclays, and TDBank.

New CaaS discovered
Threat actors are leveraging a new Crypter-as-a-Service (CaaS), dubbed Snip3, to deploy Agent Tesla, Revenge RAT, NetWire RAT, and AsyncRAT on compromised systems. This crypter is part of an ongoing spear-phishing campaign targeting cargo, airline, and travel industries.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes critical flaws
Four critical bugs—CVE-2021-26419, CVE-2021-31166, CVE-2021-31194, and CVE-2021-28476—were fixed by Microsoft. These new flaws affect Hyper-V, Windows 10, Windows Server, and Internet Explorer, and pose risk to data and infrastructure.

Vulnerabilities in SAP app
Cybercriminals are actively abusing six cybersecurity flaws—CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, and CVE-2010-5326—in mission-critical SAP applications. The exploitation of these vulnerabilities can lead to financial fraud, theft of sensitive information, and ransomware attacks.

Top Scams Reported in the Last 24 Hours

Fake vaccination card scam
Fraudsters are exploiting Telegram groups to hawk fake COVID-19 vaccination cards to the anti-vaxxer and unvaccinated communities. Experts surmise that while the cards are forged, the data is real. Fraudsters are probably drawing names and vaccine batch numbers from people who have posted their vax card details on social media.

New support scam
MetaMask wallet and Trust Wallet users are being hounded by an aggressive Twitter scam attempting to steal crypto funds. Unfortunately, once stolen, it is nearly impossible to recover the funds.


snip3 crypter
fake vaccination card scam
manchester city council
fake trading apps

Posted on: May 13, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.