Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 9, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 9, 2021
Android users alert! 10 utility apps that pretend to be legitimate scanners and VPNs have been found containing a never-before-seen Clast82 dropper that pulls trojans from GitHub. The capabilities of trojans—MRAT and AlienBot—include, but are not limited to, stealing financial data, intercepting two-factor authentication codes, and hijacking banking apps.
Besides the above threat, the release of security updates from Apple and Siemens has brought a sigh of relief for many users and organizations. While Apple has patched a remote hacking bug that affecting billions of its devices, Siemens, on the other hand, has published 12 advisories for nearly two dozen vulnerabilities affecting its products.
Top Breaches Reported in the Last 24 Hours
EBA affected
The European Banking Authority (EBA) is another victim affected by the exploitation of vulnerabilities in Microsoft Exchange. As a part of security measures, the firm had pulled its email servers offline to contain the attack. Furthermore, it has confirmed that no data was compromised in the attack.
University of Texas affected
The University of Texas has suffered a network outage due to a malicious intrusion. Emails and the server hosting the university’s website are affected by the incident, forcing faculty and students to communicate via blackboard.
Top Malware Reported in the Last 24 Hours
New Sarbloh ransomware
A new ransomware known as Sarbloh is being distributed through malicious Word documents that contain a political message in support of Indian farmers. When executed, the ransomware encrypts files on the computer and appends the .sarbloh extension to the file’s name.
Google removes 10 apps
Google has removed 10 malicious apps from the Play Store, which contained droppers from financial trojans. The apps under the scanner include Cake VPN, Pacific VPN, BeatPlayer, QR/Barcode Scanner MAX, and QRecorder. The newly-discovered dropper, Clast82, is capable of dropping mRAT and AlienBot.
Top Vulnerabilities Reported in the Last 24 Hours
Siemens issues advisories
Siemens has published 12 new security advisories for nearly two dozen vulnerabilities affecting its products. Half of these flaws are found in third-party components. Two of the advisories are related to the NUMBER:JACK flaw.
Apple issue patches
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browsers to address a security flaw that could allow attackers to run arbitrary code on devices. Tracked as CVE-2021-1844, the flaw stems from a memory corruption issue and can be exploited using specially crafted content. In another incident, vulnerabilities stemming from Apple’s Offline Finding tracking system could be abused to find user identification.
Microsoft patches older versions
Now Microsoft is rushing to patch older versions of Exchange that are being widely exploited widely on the internet. The development comes following the mass exploitation of zero-day flaws - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The issues affect on-premise Exchange servers.