Share Blog Post
- The Qlocker ransomware gang shut down its operation after earning $350,000 in a month. The ransomware was infamous for exploiting vulnerabilities in QNAP devices.
- Researchers released a decryptor for Judge ransomware that also decrypts files encrypted by the very similar NoCry ransomware. It creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection, and deletes system restore points.
- Officials from the U.S. CISA announced a new initiative to fight firmware vulnerabilities which made more than 2.5% of the National Vulnerability Database over the last five years.
- The Biden Administration ordered an overhaul that focuses on cybersecurity spending, including helping companies upgrade cybersecurity measures as part of its $2.3 trillion infrastructure spending.
- Microsoft released an open-source lab environment SimuLand that will help test and strengthen Microsoft 365 Defender, Azure Sentinel, and Azure Defender against real attack scenarios.
- Personal data—names, email addresses, dates of birth, chat messages, location, and payment details—of over 100 million Android users was exposed due to unprotected databases used by 23 apps. Some of the apps are Logo Maker, Astro Guru, and T’Leva.
- An internal server bug in Eufy home security cameras enabled strangers to view, pan, and zoom in on victims’ home video feeds.
- Australian digital real estate business Domain Group fell victim to a phishing attack that targeted its users by asking them to pay a deposit to secure rental property on a website nominated by the scammer.
- Most of the IT services of New Zealand’s Waikato District Health Board (DHB) were knocked offline following a ransomware attack. As a result, patient notes became inaccessible, clinical services were disrupted, and surgeries postponed.
- Meal kit delivery scams impersonating well-known companies like Gousto and HelloFresh have surged. The scam leverages SMS and WhatsApp messages to reach its targets.
- Taxpayers in South Korea, Australia, and the U.S. are being targeted in a phishing campaign pretending to be accounting ledgers. The campaign is used to distribute RATs.
- The FBI warned about scammers actively targeting the families of missing persons to make quick money between $5,000 and $10,000. Hackers are leveraging social media posts to gather information about the missing person.
- Avaddon ransomware gang added Acer Finance to its list of victims. The gang gave the firm 240 hours for negotiation before it starts leaking the stolen valuable company documents.
- A pair of attacks hit Toyota. While the first one attacked Daihatsu Diesel, a subsidiary of Toyota; the other one was launched against Auto Parts Manufacturing Mississippi, another subsidiary.
- Betenbough Homes fell victim to an attack by REvil ransomware, following which the threat actor added the attack to its data leak site.
- Researchers unveiled a fake Microsoft Authenticator extension that can dupe users into sharing their account details. The extension has been downloaded 448 times.
- The Royal Mail delivery firm, once again, came into the crosshairs of scammers aiming to evade security checks in a new phishing scam. The scam is initiated with recipients receiving SMS messages claiming that a parcel has been redirected to the local post office due to an unpaid shipping fee.
- A new malware campaign has been spotted by Microsoft that spreads the Strrat RAT masquerading as ransomware. It aims to steal victims’ data.
- The new Simps botnet that conducts DDoS attacks has been linked to the Keksec group. The botnet borrows its code from Mirai and Gafgyt botnets.
- A cyberespionage campaign, active since February, was discovered using the new RIG exploit kit propagating a new variant of WastedLocker ransomware. The campaign targets unpatched IE browsers using known VBScript flaws.
- The MountLocker ransomware got an update and now uses enterprise Windows Active Directory APIs to spread laterally across victim networks. This enables the ransomware to find devices part of the compromised Windows domain and encrypt them using stolen domain credentials.
- A new object injection vulnerability in the PHPMailer library—versions between 6.1.8 and 6.4.0—can allow attackers to conduct attacks such as code injection, SQL injection, path traversal, and application denial of service.
- A new wave of web skimming attacks by Magecart Group 12 threat actors was found stealing card details from Magento 1 websites.
Posted on: May 21, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...