Go to listing page

Cyware Daily Threat Intelligence, March 08, 2021

Cyware Daily Threat Intelligence, March 08, 2021

Share Blog Post

QNAP Network-Attached Storage devices are again under attack. This time, attackers are scanning for NAS devices vulnerable to pre-auth remote code execution vulnerabilities. The attacks are aimed at mining cryptocurrencies using UnityMiner malware.

Rescue your phone from FluBot botnet that has infected more than 60,000 devices, with 97% of the victims located in Spain. It is distributed mainly through weblinks shared via SMS.

A new instance of side-channel attacks impacting Intel CPU ring interconnects has grabbed the attention of researchers. The flaw, if exploited, can allow attackers to leak encryption keys, along with other sensitive information.

Top Breaches Reported in the Last 24 Hours

The University of the Highlands affected
The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses. The university is currently working to isolate and minimize the impact due to the incident.

Flagstar Bank breached
Flagstar Bank has been added to a list of companies breached due to an Accellion software zero-day vulnerability. So far, the reported victims include Qualys, the Reserve Bank of New Zealand, the Australian Securities and Investment Commission, and Transport for New South Wales, among others.

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched QNAP devices targeted
Unpatched Network-Attached Storage (NAS) devices from QNAP are being targeted in ongoing attacks that mine cryptocurrencies. The threat actors are exploiting two pre-auth remote command execution vulnerabilities in the Helpdesk app that received a patch in October 2020. A cryptomining malware named UnityMiner is being distributed as part of the attack campaign. 

New side-channel attacks
Researchers have discovered that Intel’s CPU ring interconnects are vulnerable to side-channel attacks. This can allow attackers to leak encryption keys, along with other sensitive information. 

Update on zero-day flaws exploited
At least 30,000 U.S. organizations have been hacked in a widespread attack that abused four previously known zero-day vulnerabilities found in Microsoft Exchange Server. The flaws are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft issued emergency patches to address the flaws last week. Moreover, the firm has updated its MSERT tool to detect web shells employed in these recent attacks.

Samsung fixes critical bugs
Samsung has started rolling out Android’s March security updates to patch critical vulnerabilities in runtime, operating system, and related components. These flaws have either a High’ or ‘Critical’ severity rating.


 Tags

side channel attacks
unityminer malware
microsoft exchange server
qnap network attached storage devices

Posted on: March 08, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!