Go to listing page

Cyware Daily Threat Intelligence September 08, 2021

Cyware Daily Threat Intelligence September 08, 2021

Share Blog Post

The mysterious comeback of the REvil ransomware gang has raised several questions and worries for both organizations and security experts. It has been found that the data leak website handled by the group is restored with the name of the latest victim organization being added on July 8. Only time will define the intent of the gang’s return after a gap of almost two months.   

The threat landscape is also witnessing a surge in backdoor malware that continues to spawn additional processes to gain control over users’ systems. In the last 24 hours, researchers have uncovered two Android backdoors named 888 RAT and SpyNote associated with the BladeHawk group.   

Top Breaches Reported in the Last 24 Hours

A data leak incident at McDonald’s
A flaw in the McDonald’s Monopoly VIP game in the U.K caused the leak of credentials belonging to several gamers. The information also included hostnames for Azure SQL databases. However, no personal data was compromised in the incident.  

REvil ransomware gang returns
Almost two months after shutting down the operation the REvil ransomware gang has made a comeback with a new list of victims. The website managed by the threat actors has also been restored and includes the process for victims to negotiate with attackers.

New Zealand financial institutions affected
Websites of several financial institutions in New Zealand were temporarily down following a cyberattack. Some of the affected institutions include Australia and New Zealand Banking Group’s (ANZ), and Kiwibank.  

PeduliLindungi leaks data
Another Indonesian COVID-19 tracking app PeduliLindungi has leaked the personal data of an unknown number of Indonesian residents online. This new data leak incident comes days after the recent data leak incident by eHAC app. 
 
Top Malware Reported in the Last 24 Hours

Two Android backdoors spotted
Researchers have spotted two Android backdoors, 888 RAT and SpyNote, in a targeted mobile espionage campaign against the Kurdish ethnic group. The campaign launched by the BladeHawk group used six Facebook profiles to distribute the malware. The backdoors are capable of taking screenshots, phishing Facebook credentials, stealing user photos, recording phone calls, and stealing SMS messages.   

Top Vulnerabilities Reported in the Last 24 Hours

PoC for Ghostscript exploit released
A researcher has published the PoC exploit for a zero-day vulnerability in Ghostscript that can lead to a remote code execution attack on compromised servers. The flaw could be exploited by an attacker by uploading a malformed SVG file on the underlying operating system.

New zero-day flaw found in IE
Microsoft has issued an alert about a new zero-day vulnerability affecting Internet Explorer. Tracked as CVE-2021-40444, the flaw impacts Microsoft MHTML. It can be exploited by using specially-crafted Microsoft Office documents. 

 Tags

spynote
revil ransomware gang
pedulilindungi
888 rat
ghostscript exploit

Posted on: September 08, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.