Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 23, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 23, 2021
The global threat landscape is constantly evolving as threat actors show no signs of slowing down. Researchers have now shared details about a new threat actor group dubbed SilverFish that was one of the many culprits behind the massive SolarWinds hack. The group’s ultimate motive is to carry out cyber-espionage and steal data from its victims.
Report of wildly exploited memory corruption vulnerability has come to light as Google revealed the information to its Android users. The flaw affects Android devices that use Qualcomm chips and can enable attackers to gain access to a device’s memory.
In other major news, Energy giant Shell becomes the latest victim of Accellion’s FTA hack that affected around 100 companies worldwide.
Top Breaches Reported in the Last 24 Hours
MangaDex site affected
Popular manga reader MangaDex has decided to rebuild its website after suffering a major breach. The incident resulted in the compromise of source code and potentially a customer database.
Sierra Wireless impacted
Canadian multinational Sierra Wireless was forced to halt production at its manufacturing sites across the world after a ransomware attack. The attack had hit the company on March 20, 2021.
Shell discloses data breach
Energy giant Shell has disclosed a data breach that occurred due to the compromise of Accellion’s File Transfer Appliance. The company claims that no IT systems have been affected during the attack.
Top Vulnerabilities Reported in the Last 24 Hours
Google warns about a vulnerability
Google has warned Android users that a recently patched vulnerability is being exploited. Tracked as CVE-2020-11261, the high-severity flaw arises from an improper input validation issue affecting a display/graphics component from Qualcomm. The flaw is related to the memory corruption vulnerability.
Adobe releases security updates
Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. The vulnerability is tracked as CVE-2021-21087 and is related to Improper Input Validation software vulnerability.
Vulnerable GE Power Management devices
CISA has warned about vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities on systems belonging to the Universal Relay family. The flaws could be exploited to access sensitive information, reboot the device, trigger a denial-service condition, and gain privileged access.