Threat Intelligence Cybersecurity Hacking News July 28, 2021

Updated: Aug 4


Threat Intelligence Hacking News


As we are aware Ransomware is growing day by day at an alarming rate and raise the stakes for everyone. Cybersecurity analysts have shared details about a new Haron ransomware and the previously disclosed BlackMatter ransomware wreaking havoc in the cybercrime ecosystem. Haron is claimed to have borrowed its code from Avaddon and Thanos and ransomware, which makes it extremely level of sophisticated ransomware. Next BlackMatter, the ransomware is in the process of expanding its operations as it recruits more affiliates.


A newly updated version of the LockBit 2.0 ransomware has been found that will automate the encryption of the Windows domain using Active Directory group policies. Top Breaches Reported in the Last 24 Hours


University of San Diego Health affected


University of San Diego Health this week disclosed a sophisticated data breach that resulted in a compromise of some employee email accounts also its include patients, students, and employees, and includes names, addresses, birth dates, email addresses, fax numbers, claims information, lab results, medical identifiers, medical diagnosis, medical information, treatment details, Social Security numbers, government identification numbers, student ID numbers, payment card information, and usernames and passwords.


More deets on Facebook attack


Iranian-based hackers spent almost 18 months masquerading as aerobics instructors in a cyber-espionage campaign designed to infect employees and contractors working in U.S defense and aerospace with malware in order to steal usernames, passwords, and other information which could be exploited.


Axie Infinity Players targeted

The top NFT Ethereum based game Axie infinity was targeted after the cybercriminal created phishing Google Ads content. The main purpose of cybercriminals is to trick players into transferring funds from their own accounts to cybercriminal cryptocurrency accounts.


Florida’s DEO Data Breach


Florida’s Department of Economic Opportunity (DEO) has been revealed a major data Breach that targets its unemployment benefits system affecting over 57,920 claimant accounts.


JustDial leaks data again

Again and again, Justdial leaks the personal information data of 100 million users. The leaked data includes usernames, email addresses, phone numbers, and dates of birth.


LINE accounts hacked


The LINE accounts of more than 100 100 Taiwanese politicians and government officials have been targeted and have been a hack, along with data exfiltrated from devices. The company notified all the users and also has been instructed to enable their accounts message encryption feature.


Raven Hengelsport exposes data



Raven Hengelsport exposed hosting 18GB of company sophisticated data covering at least 246,000 customers due to to a misconfigured Microsoft Azure Blob server. Data leaked contained 18GB of data containing names, addresses, genders, phone numbers, and email addresses of users.


Top Malware Reported in the Last 24 Hours

Ransomware havoc


Cybersecurity researchers have identified ransomware called Haron that mixup of two ransomware 1) Thanos and Avaddon ransomware. Haron is claimed to have borrowed its code from Avaddon and Thanos. The second ransomware newcomer is calling itself BlackMatter. It was reported on Tuesday by security firm Recorded Future and its news arm The Record.



New PlugX variant


A new variant of PlugX RAT has been observed to be used by a Chinese cyberespionage group, named PKPLUG Group or Mustang Panda. The new RAT variant basically used to target Microsoft Exchange Servers in March.



Top Vulnerabilities Reported in the Last 24 Hours

Critical Vulnerability in Sunhillo Aerial product


An unauthenticated OS command injection vulnerability in the Sunhillo Sureline application could allow attackers to execute arbitrary code with root-level of privileges. Tracked as CVE-2021-36380, the flaw has been patched with the release of Sunhillo SureLine version 8.7.0.1.1.


Joint advisory of top vulnerabilities

The CISA, ACSC, FBI, and NCSC released a joint advisory that provides on the top 30 vulnerabilities that are primarily common. Some of these flaws affect VPNs from Pulse Secure, Fortinet, and F5-Big IP. Other top flaws are found in products from Citrix, Atlassian, Microsoft, and Netlogon. Most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies.


Vulnerabilities in Zimbra Webmail Solution


The two most critical vulnerabilities, CVE-2021-35208 and CVE-2021-35209, in the Zimbra enterprise webmail solution could allow a hacker to compromise and obtain persistent access to business email accounts. Both the vulnerabilities could be exploited by sending a single malicious email to the targeted user.