Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 15, 2021

A security lapse can give hackers a free pass to sensitive and confidential information of an organization. But, what if the data is associated with security agencies? New research has revealed that troves of PDF files belonging to 75 security agencies are at risk of data theft and other cyberattacks as they fail to follow basic cybersecurity protocols.

Meanwhile, a new variant of Mirai botnet, dubbed ZHtrap, is scaling up its capabilities to ensnare more devices. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure.

Top Breaches Reported in the Last 24 Hours

Security agencies leak data

Security agencies have been found leaking troves of sensitive data in a major security lapse. While 19 agencies did not update software for over two years, dozens of agencies lacked the proper sanitization process of PDF files. Among the exposed data, includes the name of the author, operating system, author email, device details, file path information, and name of the PDF app.

New firms affected

At least 32 Indian organizations have been attacked by hackers who exploited vulnerabilities in unpatched Microsoft business email servers. The affected organizations are scattered across financial, government, and manufacturing sectors.

Top Malware Reported in the Last 24 Hours

ZHtrap botnet

ZHtrap is a new IoT botnet that inherits functionalities from the infamous Mirai botnet. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure. Upon infection, it creates a ground to launch DDoS attacks. Three versions of this botnet have been seen so far, suggesting it’s still actively developed and upgraded with new functionalities.

Top Vulnerabilities Reported in the Last 24 Hours

Google releases PoC for Spectre

Google has issued a PoC to demonstrate the Spectre side-channel attacks against Chrome 88’s V8 JavaScript engine on an Intel Core i7-6500U ‘Skylake’ CPU. The attack can result in a leak of information from different web browsers. The vulnerability could also expose passwords, documents, emails, and data from instant messaging apps, among others.

Patch for a zero-day issued

Google has fixed a new zero-day flaw that is being actively exploited in the wild. Tracked as CVE-2021-21193, the use-after-free vulnerability resides in the Blink rendering engine of the Chrome browser. The issue has been fixed in the 89.0.4389.90 version of Chrome for Windows, Mac, and Linux.

Related Threat Briefings