Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 8, 2021

QNAP Network-Attached Storage devices are again under attack. This time, attackers are scanning for NAS devices vulnerable to pre-auth remote code execution vulnerabilities. The attacks are aimed at mining cryptocurrencies using UnityMiner malware.

Rescue your phone from FluBot botnet that has infected more than 60,000 devices, with 97% of the victims located in Spain. It is distributed mainly through weblinks shared via SMS.

A new instance of side-channel attacks impacting Intel CPU ring interconnects has grabbed the attention of researchers. The flaw, if exploited, can allow attackers to leak encryption keys, along with other sensitive information.

Top Breaches Reported in the Last 24 Hours

The University of the Highlands affected

The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses. The university is currently working to isolate and minimize the impact due to the incident.

Flagstar Bank breached

Flagstar Bank has been added to a list of companies breached due to an Accellion software zero-day vulnerability. So far, the reported victims include Qualys, the Reserve Bank of New Zealand, the Australian Securities and Investment Commission, and Transport for New South Wales, among others.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched QNAP devices targeted

Unpatched Network-Attached Storage (NAS) devices from QNAP are being targeted in ongoing attacks that mine cryptocurrencies. The threat actors are exploiting two pre-auth remote command execution vulnerabilities in the Helpdesk app that received a patch in October 2020. A cryptomining malware named UnityMiner is being distributed as part of the attack campaign.

New side-channel attacks

Researchers have discovered that Intel’s CPU ring interconnects are vulnerable to side-channel attacks. This can allow attackers to leak encryption keys, along with other sensitive information.

Update on zero-day flaws exploited

At least 30,000 U.S. organizations have been hacked in a widespread attack that abused four previously known zero-day vulnerabilities found in Microsoft Exchange Server. The flaws are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft issued emergency patches to address the flaws last week. Moreover, the firm has updated its MSERT tool to detect web shells employed in these recent attacks.

Samsung fixes critical bugs

Samsung has started rolling out Android’s March security updates to patch critical vulnerabilities in runtime, operating system, and related components. These flaws have either a High’ or ‘Critical’ severity rating.

Related Threat Briefings