Share Blog Post
- The U.S. President has signed an executive order on strengthening the country’s cybersecurity defenses. The order comes as a response to the recent SolarWinds and other significant attacks carried out by foreign threat actors.
- Google, Mozilla, and security firm Cure53 are in the process of developing an API that sanitizes HTML input strings and prevents cross-site scripting (XSS) attacks. The API will be integrated into future versions of Mozilla Firefox and Google Chrome browsers.
- The U.K’s National Cyber Security Center has announced a free cyber threat warning tool that gives timely notification about possible incidents and security issues. The tool, called Early Warning, is the latest Active Cyber Defence service from the NCSC.
- The University of California confirmed being affected by the breach involving the Accellion FTA service. As a result, the hackers accessed a heap of personal information on students, current and former employees, and other individuals who participated in UC programs.
- Babuk ransomware claimed to breach and steal PII of employees, product schematics, financial data, and more from Yamabiko. In other ransomware attacks, two business giants —Colonial Pipeline and Brenntag—reportedly paid over $4 million each in return for decryption keys. Additionally, Volue, a Norwegian software company, reportedly became a victim of a ransomware attack that led to the shut down of the affected applications.
- Medical records of roughly 200,000 U.S. military veterans were exposed online by United Valor, a North Carolina-based firm working for the Veterans Administration.
- The City of Tulsa was crippled by a ransomware attack, impacting the government’s network and knocking off their official websites offline. Moreover, Ireland’s Health Service Executive (HSE) was forced to shut down its computer systems after it suffered a cyberattack. The attack is being characterized as a ransomware hack
- A group of researchers tracked down data leak sites for 34 ransomware groups who have, so far, leaked the data for 2,103 organizations.
- Microsoft warned about a massive BEC campaign that targeted over 120 organizations across industries with a gift card scam that involves typo-squatted domains.
- A cryptocurrency scam that hit some members of Reddit’s WallStreetBets forum resulted in a loss of $2 million. Criminals misled people in a fake transaction on Telegram.
- ATC Transportation experienced a data incident involving theft of personal information of some current and former employees and applicants.
- Cybersecurity researchers found a new Android banking trojan called TeaBot that hijacks user credentials and text messages to distribute fraudulent activities targeting banks in Spain, Germany, the Netherlands, Belgium, and Italy.
- A total of 12 design and implementation flaws, dubbed FragAttacks, in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.
- A new and stealthy malware loader called Snip3 is part of an ongoing phishing campaign that targets aerospace and travel organizations. The malware loader has been used to drop Revenge RAT, AsyncRAT, Agent Tesla, and NetWire RAT on compromised systems.
- Fraudsters are exploiting Telegram groups to dupe people with fake COVID-19 vaccination cards by collecting names and vaccine batch numbers.
- Researchers spotted 167 malicious banking, trading, cryptocurrency, and foreign exchange apps, mimicking trusted and legitimate brands—such as Kraken, Binance, Gemini, Barclays, and TDBank—on Android and iOS platforms.
- APT36, also known as Transparent Tribe, created fake domains to impersonate military and defense firms and disseminate malware-laced documents to infect victims with ObliqueRAT and CrimsonRAT.
- Users of wallet mobile apps Trust Wallet and MetaMask were targeted in Twitter phishing attacks that aimed at stealing cryptocurrency funds from wallets.
- Threat actors abused the Microsoft Build Engine (MSBuild) to deploy RATs and fileless information-stealing malware as part of an ongoing campaign. So far, the software has been used to push Remcos RAT, Quasar RAT, and RedLine Stealer payloads.
- Lorenz is a newly discovered ransomware that targets enterprises worldwide. The Lorenz ransomware encryptor is the same as the ThunderCrypt operation.
- Researchers observed an updated version of Lemon Duck cryptomining botnet that targeted unpatched Microsoft Exchange servers and attempted to execute payloads for Cobalt Strike DNS beacons.
Posted on: May 14, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...