Threat Intelligence Cybersecurity Hacking News July 29, 2021

Updated: Aug 4


Threat Intelligence Hacking News


Nowadays cybercriminal targeting in the healthcare sector today as cybercriminal compromised an Ontario-based mental health services provider. Cybercriminals are aggressively rebuilding their malware which makes as an indicator for the more sophisticated attack in near future. Meanwhile, the source code of Brunhilda malware has been reused to create a new Vultur Android malware that has affected between 5,000 and 8,000 users, so far.


Top Breaches Reported in the Last 24 Hours


Data leaked British Columbians

Sophisticated information stole from British Columbians from Homewood Health. The affected clients include BC Housing, Translink, and the Provincial Health Services Authority. Some of the Sophisticated data has been put for auction on the Marketo dark web.


Top Malware Reported in the Last 24 Hours


Oscorp evolves


An one more dangerous android malware was observed abusing accessibility services in the devices to hijack user passwords from European banking app. Oscorp has been renewed as the new UBELandroid botnet that is being sold for a price of $980 on underground forums

New Vultur Android malware


A newly android malware called Vultur is also able to records smartphones via VNC to steal passwords. First spotted in March 2021 by Dutch security firm ThreatFabric, Cybersecurity estimated that Vultur has infected between 5,000 and 8,000 users so far.


DoppelPaymer rebrands itself


The DoppelPaymer ransomware operation was rebranding as Grief with identical encryption algorithms, i.e. 2048-bit RSA and 256-bit AES and other minor code changes.


Agent Tesla and Formbook Malware


Cybersecurity researchers reported that attackers are using the XAMPP web server solutions stack to host Agent Tesla and Formbook malware.


Top Vulnerabilities Reported in the Last 24 Hours



Security Flawed open-source project Cybersecurity researchers discovered major nine security sophisticated flaws in three open-source projects: Akaunting, EspoCRM, and Pimcore, according to The Hacker News. All of them are typically used by a wide range of small and medium-sized businesses. These flaws are used to execute arbitrary javascript code, and take control of operating systems, and trigger a DoS condition.


A critical flaw in Microsoft Hyper-V A major flaw in Microsoft Hyper-V can allow attackers to push a Dos condition or execute arbitrary code on systems. The flaw resides in Microsoft Hyper-V’s network switch driver (vmswitch.sys), it affects Windows 10 and Windows Server 2012 through 2019.


Foxit Plugs multiple security holes


Foxit software this week releases major security updates for its pdf reader and PDF editor app. some of the security holes can remote code execution. Vulnerabilities addressed by Foxit were identified by Cisco Talos researchers, all three leading to arbitrary code execution.

And tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893 the bugs also carry a CVSS severity score of 8.8.


Security vulnerability Moodle e-learning platform



A major sophisticated attack on Moodle e-learning platform could be abused to allow the access of student data and test papers and also possibly even manipulate exam results.


Vulnerable IP cameras


As per France-based cybersecurity firm, RandoricSec IP cameras sold by a dozen of vendors are vulnerable to remote assaults due to a slew of serious and high-severity flaws affecting UDP Technology firmware. Flaws were discovered after the study of IP cameras. Hackers can abuse the vulnerability to take full control of vulnerable cameras.