Go to listing page

Cyware Daily Threat Intelligence, May 27, 2021

Cyware Daily Threat Intelligence, May 27, 2021

Share Blog Post

BazarLoader’s ingenious social engineering tactic that uses malicious call centers to spread the malware, aka BazarCall method, is back in action. This time, users are being tricked into a false subscription with movie-streaming service BravoMovies, which they have never signed up for. The ultimate purpose of the loader is to deploy ransomware and other types of malware onto the victim’s system.

A new design flaw in Apple’s popular new chip (M1) for Macbooks and iMac has raised concern. Identified as M1RACLES, the flaw can allow two apps running on the same device to covertly exchange data via a secret channel at the CPU level.

It is not just Apple users who are in trouble following the discovery of this new flaw, users of the Checkbox Survey online tool are also at risk due to a remote code execution vulnerability exploited in the wild.

Top Breaches Reported in the Last 24 Hours

Japanese government entities hacked
Fujitsu has temporarily taken down its ProjectWEB SaaS platform after cyberattacks on multiple Japanese government entities. The impacted agencies include the Ministry of Land, Infrastructure, Transport and Tourism, the Cabinet Secretariat, and the Narita Airport. The hackers gained access to several confidential files belonging to the employees stored on ProjectWEB.

Top Malware Reported in the Last 24 Hours

BazarLoader returns
The BazarLoader backdoor has returned in a new campaign that masquerades as a fake movie-streaming service BravoMovies. It starts with a phishing email that warns recipients about a subscription that they never signed up for. The email includes a phone number, asking recipients to contact customer service for further information. Instead, they are redirected to a fake website that causes the download of the malware.

Top Vulnerabilities Reported in the Last 24 Hours

M1RACLES bug
A newly found M1RACLES bug has been found impacting Apple M1 chips. Tracked as CVE-2021-30747, the bug allows two apps running on the same device to exchange data between one another via a secret channel at the CPU level, without using memory, sockets, files, or any other normal operating system features.

Vulnerable Visual Studio Code extensions fixed
Severe security flaws fixed in popular Visual Studio Code extensions can lead to compromise of local machines, as well as build and development systems. Some of the extensions in question are LaTex Workshop, Rainbow Fart, Open in Default Browser, and Instant Markdown. These vulnerable extensions can be exploited to run arbitrary code on a developer’s system remotely, which could ultimately lead to supply chain attacks.

Checkbox Survey flaw exploited
A Checkbox Survey vulnerability tracked as CVE-2021-27852 is being exploited in the wild. The flaw is related to the insecure deserialization of view state data and can allow a remote attacker to execute arbitrary code without authentication. Users are encouraged to upgrade to Checkbox survey version 7.0 or later.

Siemens addresses code execution flaw
Siemens has released an advisory for several vulnerabilities affecting its Solid Edge product. The flaws include four high-severity memory corruption issues and one medium-severity XXE bug. The vulnerabilities can be exploited by tricking users into processing malicious CATPart, 3DXML, STP, PRT, or JT files.

Overlooked flaws in GraphQL
Endpoints using GraphQL may be at risk due to failures to mitigate cross-site request forgery vulnerabilities. In total, there are 14 such flaws that remain unpatched.

Top Scams Reported in the Last 24 Hours

Steam used in a phishing attack
A new type of phishing attack that targets the popular gaming platform Steam has been uncovered by users. The scam involves fooling users into thinking that they are using the correct Steam URL and that it is safe to enter their credentials. The important aspect of the scam is that the URL includes a secured padlock, which convinces the users into believing that the website is safe.

 Tags

bazarcall method
m1racles bug
fujitsu ltd
checkbox survey
projectweb saas platform

Posted on: May 27, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!