Share Blog Post
- Maryland law enforcement shut down a fraudulent website—freevaccinecovax[.]org—that claimed to be a biotech company developing COVID-19 vaccine.
- The NSA issued an advisory recommending ways to strengthen operational technology (OT) systems security, specifically regarding their connection with IT systems.
- A researcher from HSE University proposed a new algorithm, to assess vulnerabilities in encryption programs, leveraging a brute-force search of possible options of symbol deciphering.
- Avaddon ransomware gang threatened to release sensitive information, including passport images, driver’s licenses, and employment contracts, belonging to the NSW Labor Party after gaining access to its computer network in a major cyberattack.
- Recently patched flaws in Peloton’s bike software may have leaked sensitive information of customers following several issues in its APIs. The flaws resulted in information leaks even for users in privacy mode.
- More than 200 organizations in Belgium were affected by a DDoS attack that took the country’s internet offline. The affected organizations include government, parliament, universities, and research institutes.
- The U.S. Agency for Global Media (USAGM) disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. The data breach was caused in December 2020 following a successful phishing attack.
- The Codecov supply chain attack claimed Twilio as its latest victim. Several Twilio projects use Codecov Bash Uploader tool that was previously altered.
- Avaddon ransomware gang claimed to have stolen tens of thousands of SIM cards belonging to Telstra.
- Scripps Health technology servers were hacked, disrupting patient portals. Some patients were forced to reschedule their appointments as a result of the hack.
- Around 345,000 files from the solicitor-general of the Philippines were made publicly available for almost two months before they were taken down. These files included sensitive information for ongoing legal cases, internal passwords and policies, staffing payment information, and staff training documents.
- A high-severity vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips could enable attackers to access text messages, call history, and private conversations of users. The flaw is tracked as CVE-2020-11292 and affects roughly 40% of mobile phones.
- An Iranian hacker group identified as N3tw0rm threatened to release 110GB of data belonging to H&M Israel. The group is suspected to be affiliated with the Iran-linked Pay2Key.
- Three new malware, DOUBLEDRAG, DOUBLEDROP, and DOUBLEBACK, were associated with a massive cyberespionage campaign that targeted many organizations in the U.S. Launched via phishing emails, the attacks were carried out by a new uncategorized group - UNC2529.
- A new cryptocurrency stealer variant, Panda Stealer, has been found targeting individuals across the U.S., Australia, Japan, and Germany. It is being spread through a global spam campaign that leverages Discord channels.
- A malware tracked as Javali, is being widely used to target users in Latin America and Europe. The malware is distributed via phishing emails that pretend to be a delivery notice.
- The new Buer malware loader variant is being propagated via phishing emails. Dubbed RustyBuer, the new strain is written in Rust language and is capable of delivering Cobalt Strike Beacon as a second-stage payload.
- A new Windows malware called Pingback has been found using DLL hijacking attack to target Microsoft Windows 64-bit systems. The malware takes advantage of ICMP for its C2 activities.
- Researchers have demonstrated a new attack technique, dubbed TBONE, that can enable attackers to hack Tesla and other cars remotely without any user interaction. The abuses two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices.
- A newly revealed DNS bug, dubbed TsuNAME, can now be used by threat actors as an amplification vector in massive reflection-based DDoS attacks against authoritative DNS servers.
- Moriya, a previously unknown rootkit, is being used by unknown threat actors to execute passive backdoors on public-facing servers. It enables the attackers to spy on victim network traffic. This rootkit is part of the TunnelSnake campaign.
- A new Android malware named Ghimob is impersonating third-party apps to steal and spy on user data. It mainly targets cryptocurrency and online banking.
Posted on: May 07, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...