Share Blog Post
- The Office of Management and Budget ordered U.S. federal agencies to reinforce logging capabilities and help the government gain visibility to their cyber readiness program within 60 days.
- Researchers at the U.K's Liverpool Hope University developed a new device that acts as a gateway or barrier between a USB drive and a computer to scan for malicious software.
- The U.S. Department of Justice rolled out a fellowship program designed to boost legal talent that can help in ramping up legal action against cybersecurity threats in the U.S.
- After continuous ransomware attacks on large companies, hospitals, and institutions in Italy, the country is looking forward to its newly established cybersecurity agency and the funds received from the EU to reinforce its defenses.
- Autodesk revealed that one of its servers was infected with Sunburst malware. It further assured that no customer operations or Autodesk products were sabotaged during the attack.
- A severe flaw in Atlassian’s Confluence Server and Confluence Data Center software was subjected to mass exploitation by hackers owing to the ease of developing a weaponized exploit.
- Sophos laid bare details about dropper-as-a-service that uses disguised legit or cracked applications on to the victim’s systems. Some services were charging just $2 for 1,000 malware installs via droppers.
- Attackers walked off with over $29 million in cryptocurrency assets from Cream Finance. Hackers used a reentrancy attack in its flash loan feature to steal AMP tokens and ETH coins.
- Japanese company Fujitsu confirmed that 4GB of customer data was dumped on a cybercrime marketplace called Marketo. However, the site claims it also contains company data, budget data, and other reports. About 1 GB of data from sportswear manufacturer Puma, allegedly containing source code of internal management apps, was dropped for sale on an infamous cybercrime marketplace called Marketo.
- A cyberattack at DuPage Medical Group laid bare sensitive data such as SSNs, diagnosis codes, treatment dates, and other details for about 600,000 patients.
- The Indonesian COVID-19 test and trace app called eHAC was found leaking the personal data of about 1.3 million travelers via an unprotected server.
- Bangkok Airways disclosed unauthorized third-party access to its information system that exposed sensitive records, including contact information, passport information, travel history, and credit card data, after a ransomware attack.
- Operators of the Phorpiex botnet announced to close their operations and priced the malware source code to sell it on a dark web cybercrime forum.
- An attacker intruded into the site of the artist Banksy and sold a fake NFT worth $336,000. The money has, however, been returned by the hacker.
- A newly discovered malware family, PRIVATELOG, and its installer, STASHLOG, have been found relying on the Common Log File System (CLFS) to conceal a second-stage payload in registry transaction files.
- Academics discovered BrakTooth, a suite of 16 vulnerabilities, that impacts the Bluetooth software across billions of devices from Microsoft, Dell, and several Qualcomm-based smartphone models.
- Researchers at TU Dresden, Germany, discovered that AMD’s Zen processor family is vulnerable to a Meltdown-like attack, enabling malware infection, unauthorized access, and more.
- Scammers were observed distributing bogus emails about license renewal, missing information, and expiration in a phishing scam propagating across the U.S.
- A new credential phishing campaign is using open redirector links in emails to trick users into visiting lookalike pages for legitimate services, such as Office 365, warned Microsoft.
- A new variant of the Mirai botnet is being used in the wild to exploit a known command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks.
- A critical flaw in Microsoft Exchange Server, dubbed ProxyToken, can be abused to configure options of user mailboxes while defining the email forwarding rule, leading to email theft.
- Intel 471 uncovered a new trend wherein cybercriminals are now acquiring native English-speaking talents to make their BEC scams more effective and persuasive.
- A new financially motivated malware campaign by the FIN8 threat actor group was found distributing the Sardonic malware - a newer version of BADHATCH malware.
Posted on: September 03, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...