Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 3, 2021

What’s old is new again! An instance of malware code recycle has captured the attention of researchers. They have found that the QNAPCrypt ransomware—famously known for targeting Linux-based systems—is a recycled version of the SunCrypt ransomware. Both share similarities in the file encryption process.

In other news, four zero-day flaws that were a potential target for the Chinese-based HAFNIUM threat actor group were patched as a part of the emergency release by Microsoft. Google has also released fixes for 37 vulnerabilities found in the kernel, Qualcomm, and Qualcomm closed-source components.

Top Breaches Reported in the Last 24 Hours

Malaysia Airlines discloses a breach

Malaysia Airlines has disclosed details about a data breach that spanned for nine years. This resulted in the compromise of the personal information of members in its Enrich frequent flyer program. The breach occurred at a third-party IT service provider and the member data was available online between March 2010 and June 2019.

PrismHR suffers an attack

Payroll giant PrismHR has likely suffered an outage due to a ransomware attack that disrupted its 200 PEO clients across the country. The firm is working on getting the affected system back online.

Updates on attacks on Perl.com

The Perl.com domain was hijacked in January 2021, however, but the latest update states that the attack took place months before, in September. The attackers had compromised the domain in an attempt to launch malware campaigns.

Ringostat’s data leak

An Elasticsearch database belonging to phone-tracking service Ringostat had leaked millions of phone numbers, recordings, metadata, and call logs. The database had exposed over 800 GB of user data.

CallX’s cloud-config error

The U.S. telemarketing company, CallX, has leaked the personal details of tens of thousands of consumers due to a misconfigured cloud storage bucket. Among the data leaked, included full names, home addresses, and phone numbers of users.

Top Malware Reported in the Last 24 Hours

SunCrypt related to QNAPCrypt

New research reveals that the SunCrypt ransomware shares similarities with QNAPCrypt ransomware, which targets Linux-based file storage systems. Investigation says that the QNAPCrypt and an early version of SunCrypt share identical code logic for file encryption. Both the ransomware cease the encryption process if they are running on systems located in Belarus, Russia, or Ukraine.

16Shop’s kit’s new addition

The 16Shop phishing kit has been enhanced to add another module to steal data and compromise Cash App user accounts. This will enable fraudsters to target a number of banks on the app while stealing the financial information and accounts of users.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 4 zero-day flaws

Microsoft has released emergency patches to address four zero-day flaws in the Exchange Server that are being actively exploited by a new Chinese state-sponsored threat actor group HAFNIUM. The flaws are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The impacted products are Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019.

Google patches 37 vulnerabilities

Google has issued patches for 37 vulnerabilities as part of Android security updates for March 2021. This includes a fix for a critical flaw tracked as CVE-2021-0397 which affects Android 8.1, 9, 10, and 11 releases. The issue could allow an attacker to execute code remotely on a vulnerable device. Other impacted systems include kernel components, Qualcomm components, and Qualcomm closed-source components.

Related Threat Briefings