Share Blog Post
- Brazil created a cyberattack response network called the Federal Cyber Incident Management Network to promote faster response to cyberattacks and vulnerabilities while establishing coordination between federal government bodies.
- The CISA, ACSC, FBI, and NCSC released a joint advisory on the top 30 vulnerabilities routinely exploited by threat actors. Some of these flaws affect VPNs from Pulse Secure, Fortinet, and F5-Big IP.
- Google announced more details about its Safety Section feature in Google Play Store that offers information about the data collected by an Android app.
- GitLab rolled out a new open-source tool, dubbed Package Hunter, to help developers identify malicious code in their project dependencies. Right now, it includes support for NodeJS modules and Ruby Gems.
- Cybercriminals stole the confidential data of British Columbians from Homewood Health. The trove contains data related to finances, amendments, agreements, accruals, and projects, among others.
- IP cameras sold by a dozen vendors are vulnerable to remote assaults due to a myriad of serious and high-severity flaws affecting UDP Technology firmware. Eleven of these flaws are related to remote code execution issues and one authentication bypass vulnerability.
- University of San Diego Health underwent a data breach that compromised the personal information of its patients, students, and employees. The incident occurred between December 2, 2020, and April 8, 2021, after hackers gained unauthorized access to some employee email accounts.
- NFT Ethereum-based game Axie Infinity players were targeted after threat actors infected Google Ads content. The threat actors lured the players into transferring funds from their cryptocurrency accounts.
- Florida’s Department of Economic Opportunity (DEO) suffered a data breach after threat actors allegedly accessed sensitive information from the CONNECT public claimant portal between April 27 and July 16. The affected data includes social security numbers, driver’s license numbers, bank account numbers, addresses, phone numbers, and birth dates of claimants.
- An ongoing malicious campaign—BazaCall—is leveraging fake call centers to lure victims into downloading malware. The attacks employ conventional social engineering tactics.
- Chinese state benefits app, named Beijing One Pass, has been found laden with spyware-like features. It is mandatory for foreign organizations in China to download the app to handle employee state benefits.
- Reports revealed that attackers are using the XAMPP web server solutions stack to host Agent Tesla and Formbook malware.
- JustDial once again exposed the personal information—usernames, email addresses, phone numbers, and dates of birth—of over 100 million users due to an unprotected API.
- LINE accounts of more than 100 Taiwanese politicians and government officials were hacked and data pilfered. Users have been asked to enable their account’s message encryption feature.
- A mobile malware Oscorp got revamped as the new UBEL Android botnet and is on sale for a price of $980 on underground forums. It is capable of reading and sending SMS, stealing audio recordings, and installing and deleting applications, among others.
- A new Android RAT, dubbed Vultur, is exploiting screen recording features to steal credentials and other sensitive data from compromised devices. So far, Vultur has infected between 5,000 and 8,000 users.
- DoppelPaymer ransomware got rebranded as Grief in an attempt to expand the group’s attack surface. DoppelPaymer had gone underground in mid-May, only to re-emerge as Grief ransomware in June.
- In a new revelation, the Imperial Kitten threat actor group was found masquerading as an aerobic instructor ‘Marcella Flores’ for years. Its aim was to distribute a malware dubbed LEMPO onto the infected machines.
- Researchers have identified a ransomware called Haron that borrows its code and tactics from Thanos and Avaddon ransomware. On another tangent, the new BlackMatter ransomware is expanding is recruiting affiliates and is claimed to be the successor of the now-defunct DarkSide and REvil ransomware.
- Mustang Panda, a Chinese cyberespionage group, was spotted using a new variant of PlugX RAT. The RAT was used to target Microsoft Exchange Servers in March.
- After studying the cyberattack on Iran’s train system, SentinelOne linked the incident to a new threat actor they named MeteorExpress, a hitherto unknown wiper.
- Sygnia researchers reported a new APT group—Praying Mantis or TG1021—targeting Microsoft IIS web servers to reach victims’ internal networks to steal sensitive data.
- Experts warn of a new ransomware variant called AvosLocker whose activities suggest that the group is actively looking for partnership in the underground markets.
- A phishing campaign was observed using a unique tactic to pilfer PayPal credentials. It leverages carefully designed emails that seem to be legitimate until a recipient decides to check out the links and headers.
Posted on: July 30, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...