Go to listing page

Cyware Daily Threat Intelligence, May 17, 2021

Cyware Daily Threat Intelligence, May 17, 2021

Share Blog Post

The newly discovered Bizarro banking trojan is making waves across the world. After Brazil, the trojan has now been spotted targeting European and other South American countries. The latest report reveals that the trojan has been used to steal credentials from customers associated with 70 banks in these countries.

Conti ransomware is also in news for making a hefty ransom demand from its latest victim, Health Service Executive. The gang claims to have stolen 700 GB of data from the organization over two weeks.

Meanwhile, chipmaker AMD has flagged a new type of attack that arises due to two flaws in its Secure Encrypted Virtualization (SEV) technology.

Top Breaches Reported in the Last 24 Hours

Updates on HSE attacks
The Conti ransomware gang has demanded a ransom of $20 million from Ireland’s Health Service Executive (HSE) in exchange for decryption keys and deleting the stolen data. The gang claims to have stolen around 700 GB of sensitive data from the firm over two weeks. The organization has, however, refused to pay the ransom.

Toshiba Tec Group targeted
DarkSide ransomware is suspected to be behind the recent attack on Toshiba Tec Group. As a result of the attack, the firm was forced to take down its network connections between company assets.

Avaddon claims attacks on Acer Finance
Avaddon ransomware gang has added France-based Acer Finance to its list of victims. The gang has given the firm 240 hours for negotiation before it starts leaking the stolen valuable company documents.

Top Malware Reported in the Last 24 Hours

Bizarro trojan expands its attacks
Brazil-originated Bizarro trojan has expanded its attacks to other regions of the world. Attempts have now been made to steal credentials from customers of 70 banks located in different European and South American countries. The trojan’s x64 modules trick users into entering two-factor authentication codes appearing as fake popups.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable AMD chips
Chipmaker AMD has issued guidance for two attacks that allow bypassing of the Secure Encrypted Virtualization (SEV) technology. The attacks are executed by abusing two flaws: CVE-2020-12967 and CVE-2021-26311. While the former is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature, the latter is due to rearrangement in the guest address space.

PoC for Windows bug released
The PoC has been released for a critical wormable vulnerability found in the latest Windows 10 and Windows Server versions. The bug, tracked as CVE-2021-31166, is found in the HTTP Protocol Stack used by Microsoft’s Internet Information Services (IIS) web server.

 Tags

conti ransomware
secure encrypted virtualization sev technology
bizarro banking trojan
health service executive hse

Posted on: May 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!