Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 16, 2021

The scope of cyberattacks is expanding and so is the malicious intent of cybercriminals. In a new revelation, it has been found that the disastrous SolarWinds supply chain attack was the work of over a thousand hackers who modified 4,000 of the millions of lines of code meant for SolarWinds Orion product. A mind-boggling cyberespionage campaign, tied to Sandworm APT group, has also emerged in the last 24 hours. The three-year-long attack was carried out by exploiting an IT monitoring tool called Centreon. Moreover, two web shells—PAS and Exaramel—were used as part of the attack.

Threats in the form of vulnerabilities were also explored in two widely used apps - SHAREit and Telegram. The flaws could have enabled attackers to remotely execute code and steal user data.

Top Breaches Reported in the Last 24 Hours

**New details on SolarWinds attack **

New details reveal that more than 1,000 hackers were involved in the devastating SolarWinds attack that targeted multiple U.S. government agencies and private cybersecurity companies. Furthermore, the attackers rewrote around 4,000 of the millions of lines of code in the SolarWinds Orion update to launch the attack.

French entities attacked

Russian-linked threat actor group Sandworm has been linked to a three-year-long stealthy operation that targeted several French entities. The intrusion, which started in late 2017 and lasted until 2020, was carried out by exploiting an IT monitoring tool called Centreon. Two web shells—PAS and Exaramel—were used as part of the attack.

EXMO suffers DDoS attack

The website of the U.K cryptocurrency exchange EXMO was knocked offline following a DDoS attack. This had affected the whole network infrastructure, including the website, API, Websocket API, and exchange charts.

Dutch Research Council attacked

Cyberattack on Dutch Research Council (NWO) has forced the organization to suspend its research grants. The attackers had compromised servers and made the networks inaccessible.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable SHAREit app

Researchers have disclosed PoC for several vulnerabilities in the SHAREit app that can be abused to expose sensitive user data and allow remote code execution. These flaws can be exploited by malicious applications installed on the targeted user’s device to overwrite files associated with SHAREit.

Faulty Telegram app

A vulnerability in the Telegram messaging app could have exposed users’ secret messages, photos, and videos to remote malicious actors. The issue was discovered in iOS, Android, and macOS versions of the app. The flaw stemmed from the way the app handled the animated stickers.

Apple patches a severe macOS bug

Apple has patched a severe bug in macOS Big Sur that could cause serious data loss. The bug was introduced in Big Sur 11.2 and made its way into the 11.3 data.

Related Threat Briefings