Go to listing page

Cyware Daily Threat Intelligence July 06, 2021

Cyware Daily Threat Intelligence July 06, 2021

Share Blog Post

The infamous Lazarus has sprung back to life with a new attack campaign. The adversary group is targeting applicants and employees seeking jobs in engineering companies across the U.S. and Europe. This new development is touted to be a part of the continued attack campaign targeting defense contractors. 
While attack campaigns continue to loom over organizations, do not forget to address the vulnerabilities to stay safe. In this aspect, QNAP and SonicWall have issued security patches for vulnerabilities found in their HBS 3 Hybrid Backup Sync and Network Security Manager (NSM) products.

Top Breaches Reported in the Last 24 Hours

Engineering employees targeted
A new attack campaign that targets job applicants and employees across the U.S. and Europe has been attributed to the Lazarus threat actor group. The campaign is carried out via phishing emails that lure victims with job opportunities at Boeing and BAE systems. Moreover, the APT gang has attempted to create documents that impersonate new defense contractors and engineering companies such as Airbus, General Motors (GM), and Rheinmetall. 

Formula 1 app hijacked
Users of Android and iOS versions of the Formula 1 racing app received an unexpected notification on the Austrian Grand Prix after a hacker hijacked the app. The company is continuing to investigate, review, and improve safety measures.   

Massive cryptomining scheme
Researchers exposed a global cryptojacking scheme that targeted over 1,300 organizations. The main targets of the attack included organizations in the health, tourism, media, and education sectors. The attacks were mostly launched in the U.S., Vietnam, and India. 

Top Vulnerabilities Reported in the Last 24 Hours

Flawed SonicWall NSM product
A critical command injection vulnerability affecting SonicWall’s Network Security Manager (NSM) product has been patched recently. Tracked as CVE-2021-20026, the flaw can allow attackers to execute malicious commands on the operating system with root privileges. The flaw impacts the versions prior to 2.2.0-R10 of the SonicWall NSM product. 

QNAP fixes a critical bug
NAS maker QNAP has addressed a critical security issue that could have enabled attackers to compromise NAS devices. Tracked as CVE-2021-28809, the improper access control vulnerability exists in HBS 3 Hybrid Backup Sync. Attackers can abuse the flaw to gain access to system resources, escalate privileges, execute commands remotely, and read sensitive information without authorization. 

GitLab releases a new version
GitLab has resolved several vulnerabilities by releasing an updated version of its software platform. The issues addressed include a CSRF vulnerability and a DoS vulnerability. 

Flaw in OWASP project 
A flaw tracked as CVE-2021-35368 was present in the OWASP ModSecurity Core Rule Set project for many years. The flaw that could have enabled attackers to bypass the security mechanism has been fixed with a new version. 


the lazarus group
sonicwall products

Posted on: July 06, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite