Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 29, 2021

In the wake of several recent high-profile hacks, supply chain threats have gained a lot of attention. However, the onslaught of such threats continues, with the PHP programming language becoming the latest victim. Threat actors pushed malicious commits to the official Git repository of PHP to inject malware into the source code.

Over the weekend, we also witnessed the discovery of new threats, including an Android spyware that disguises itself as a critical system update. There is also a group of malicious Docker images that was used in a cryptojacking operation to hijack devices to mine for Monero cryptocurrency.

Top Breaches Reported in the Last 24 Hours

PHP source code hack

PHP programming language developers suffered a supply chain attack through their Git server. Two malicious commits imitating the signatures of known PHP developers and maintainers were pushed to the php-src Git repository on the git.php.net server.

Channel Nine disrupted

Australia’s Channel Nine TV network suffered a cyberattack over the weekend that disrupted its live broadcast. The network was unable to air several shows on Sunday, including Weekend Today.

Germany Parliament under attack

The email accounts of the members of the German Parliament were targeted in a spearphishing attack. The attack, reportedly, impacted seven members of the Bundestag and 31 members of regional parliaments. A Russia-linked threat group called Ghostwriter is believed to be the suspect behind the attack.

Top Malware Reported in the Last 24 Hours

New Android spyware

Security researchers discovered a new Android spyware that poses as an app called “System Update”. The malware is capable of hiding itself and exfiltrating various user data such as messages, contacts, device details, browser bookmarks, and search history. It can also record calls and ambient sound from the microphone, and take photos using the phone’s cameras.

Docker cryptojacking images

While analyzing Docker Hub, Unit 42 researchers found 30 malicious images that were downloaded a total of 20 million times. These images were being used as part of a cryptojacking operation worth $200,000.

Ziggy shuts down

After announcing the closure of their operations back in February, the operators behind the Ziggy ransomware leaked 922 decryption keys, along with an offline decryptor tool. Now, they have also claimed to return the ransom paid by the victims.

Top Vulnerabilities Reported in the Last 24 Hours

Flaw in Netmask

A group of researchers disclosed a flaw in the popular netmask networking library. The NPM library has gained over 238 million downloads in total. The vulnerability, tracked as CVE-2021-28918, stems from the way netmask processes a decimal IPv4 address containing a leading zero.

Apple patches iOS zero-day

Apple released security updates in the form of iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3 to patch a zero-day vulnerability that is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability was discovered in the Webkit browser engine and can allow attackers to launch universal cross-site scripting attacks.

OpenSSL releases security patches

Two high-severity security flaws, tracked as CVE-2021-3449 and CVE-2021-3450, in OpenSSL 1.1.1 could be exploited to carry out denial-of-service attacks and bypass certificate verification. The maintainers have released the version OpenSSL 1.1.1k to fix the two flaws.

Related Threat Briefings