Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 16, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 16, 2022
A new threat exploiting the Log4j vulnerability has been exposed by researchers. It is a new botnet family, dubbed B1txor20, that uses DNS tunneling to establish C2 communications after targeting ARM, X64 CPU architecture of the Linux platform.
In the realm of vulnerabilities, the CISA added 15 new vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog. Fourteen of these flaws affect Windows systems. Furthermore, QNAP issued a security advisory to warn that most of its NAS devices are affected by the critical Dirty Pipe flaw.
Top Breaches Reported in the Last 24 Hours
FBI warns about a hack
The FBI warned that Russian state-backed hackers gained access to an NGO cloud by exploiting a combination of flaws in Duo MFA and Windows Print Spooler. To breach the network, threat actors had also used brute-force attacks to access an unenrolled and inactive account that was not disabled in the organization’s Active Directory.
Cyberattack at SDCA
A cyberattack on South Denver Cardiology Associates (SDCA) had exposed the PHI of almost 300,000 patients. The attack was detected on January 4, and the impacted information included patients’ names, dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, and health insurance information.
Top Malware Reported in the Last 24 Hours
New B1txor20 botnet
A newly found B1txor20 botnet targeting Linux systems is under active development. It attempts to turn devices into an army of bots ready to steal sensitive info by installing rootkits, creating reverse shells, and acting as web traffic proxies. It targets Linux ARM, X64 CPU architecture devices by exploiting the Log4j vulnerability.
Top Vulnerabilities Reported in the Last 24 Hours
CISA updates exploited vulnerabilities catalog
Another 15 new vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog. The new list includes multiple flaws affecting Microsoft Windows and a buffer overflow vulnerability in SonicWall SonicOS. The agency has strongly urged organizations to remediate identified vulnerabilities to reduce their exposure to cyberattacks.
QNAP NAS affected Dirty Pipe flaw
QNAP warned that most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux flaw, dubbed Dirty Pipe. The flaw affects devices running QTS 5.0.x and QuTS hero h5.o.x. The firm is yet to release security updates. Meanwhile, it is advised to stop exposing the affected devices to the internet.
OpenSSL updates a DoS vulnerability
OpenSSL announced a patch for a high-severity DoS vulnerability. Tracked as CVE-2022-0778, the vulnerability affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It has been fixed with the release of versions 1.0.2zd, 1.1.1n, and 3.0.2.
Flaws in ClickHouse fixed
Seven new security vulnerabilities affecting ClickHouse could have been weaponized to crash servers, leak memory contents, and even lead to the execution of arbitrary code. The flaws could be exploited by sending specially-crafted compressed files to crash a vulnerable database server. They have been fixed in v21.10.2.15 of the database management system solution.
Top Scams Reported in the Last 24 Hours
**Phishing against Insurance company **
An email phishing campaign that purported to be from Instagram technical support was used against a prominent U.S. life insurance company to steal login credentials from employees. The email prompted recipients to verify their accounts within 24 hours to prevent the deactivation of their membership. Anyone clicking on the link provided in the email was redirected to a phishing page that looked similar to the Instagram login page.