CyberIntelMag's Threat report

Weekly Cyber Threat Report, September 27 – October 1

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week’s good news includes many zero-day vulnerabilities fixed through Google Chrome update, tech initiatives announced by Quad countries, the collaboration of 1Password with Fastmail, Trusted Cloud Principles by IT heavyweights, and much more.

  • The latest Google Chrome updates contain fixes for many zero-day vulnerabilities, such as CVE-2021-37973, CVE-2021-37975, and CVE-2021-37976. By releasing the patches, Google has succeeded in pausing the misuse of zero-day vulnerabilities. However, users must upgrade Chrome on their devices to the latest version.
  • Quad countries’ leaders belonging to Australia, Japan, India, and the United States joined together to develop new global cybersecurity standards for various businesses. Quad will also release a Statement of Principles to guide the development of these global technology standards.
  • Apple has joined Cyber Readiness Institute intending to help small businesses become more cyber-ready. Apple will support CRI and share insights and lessons learned to help build free cybersecurity tools and resources for small and medium-sized enterprises.
  • 1Password with Fastmail has developed “Masked Mail” to help 1Password users create and maintain safe, unique email aliases. It’ll provide them protection against the kind of phishing emails that have grown all too common in recent years.
  • An emergency fraud hotline was launched in the United Kingdom. It will assist UK residents who think they are being duped into giving over money or personal information. The hotline will function similarly as non-emergency police (101) or NHS (111) inquiries do.
  • IT heavyweights, such as Microsoft, Google, Amazon, and others, established Trusted Cloud Principles. They’ll help companies and people safeguard their fundamental rights while employing cloud services, allowing them to achieve their objectives safely and securely.


From the bad news:

This week, there have been more negative occurrences than positive ones. Atlassian Confluence RCE flaw abused in various attacks, Telegram bots being used to steal OTPs, RansomEXX decryptor failed, a vulnerability in the Azure Active Directory Seamless Single Sign-On feature’s protocol, and much more.

  • Telegram bots have advanced in their malicious operations and are now attempting to steal OTPs. 2FA-circumventing services have been abusing telegram since June 2021. They are being used to lure victims by phishing attempts.
  • Hackers target PIX Payment System from Brazil. With the help of two malware, the attackers steal money from victims via user interaction and using the authentic PIX app.
  • Atlassian Confluence RCE Flaw (CVE-2021-26084 with a CVSS score of 9.8) exploited in various hacks. A remote attacker might benefit from this flaw by submitting a specially crafted HTTP request to a susceptible server with a malicious parameter.
  • The Portpass app may have exposed the personal information of hundreds of thousands of users across Canada. It is a proof-of-vaccination app, and this attack might have revealed users’ personal information, such as driver’s licenses and pictures.
  • A new Android trojan – GiftHorse – was used to steal millions from victims from over 70 countries. This trojan subscribes victims to global premium services for which they are charged every month.
  • With the involvement of new techniques, the Conti Ransomware gang has improved its ability to destroy backups. Because backups are a crucial barrier to boosting ransomware payment, Conti has polished its backup destruction to great skill.
  • Researchers have identified a vulnerability in the Azure Active Directory Seamless Single Sign-On feature’s protocol. Threat actors can use this vulnerability to launch single-factor brute-force attacks against Azure Active Directory (Azure AD) without triggering sign-in events in the domain of the targeted enterprise.
  • For one of the victims who paid the ransom, the RansomEXX decryptor recently failed on different files encrypted by a Linux Vmware ESXI encryptor of the threat actor.
  • Thousands of Coinbase users were robbed due to an MFA vulnerability. A threat actor undertook a cyber effort to penetrate Coinbase customer accounts and steal bitcoin between March and May 20, 2021.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.