Go to listing page

Cyware Daily Threat Intelligence, March 15, 2021

Cyware Daily Threat Intelligence, March 15, 2021

Share Blog Post

A security lapse can give hackers a free pass to sensitive and confidential information of an organization. But, what if the data is associated with security agencies? New research has revealed that troves of PDF files belonging to 75 security agencies are at risk of data theft and other cyberattacks as they fail to follow basic cybersecurity protocols. 

Meanwhile, a new variant of Mirai botnet, dubbed ZHtrap, is scaling up its capabilities to ensnare more devices. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure.

Top Breaches Reported in the Last 24 Hours

Security agencies leak data
Security agencies have been found leaking troves of sensitive data in a major security lapse.  While 19 agencies did not update software for over two years, dozens of agencies lacked the proper sanitization process of PDF files. Among the exposed data, includes the name of the author, operating system, author email, device details, file path information, and name of the PDF app.

New firms affected
At least 32 Indian organizations have been attacked by hackers who exploited vulnerabilities in unpatched Microsoft business email servers. The affected organizations are scattered across financial, government, and manufacturing sectors. 

Top Malware Reported in the Last 24 Hours

ZHtrap botnet
ZHtrap is a new IoT botnet that inherits functionalities from the infamous Mirai botnet. The botnet works by exploiting vulnerabilities in DVRs, CCTV cameras, Netgear routers, and Realtek devices. It follows a unique approach to hijack its rivals’ infrastructure. Upon infection, it creates a ground to launch DDoS attacks. Three versions of this botnet have been seen so far, suggesting it’s still actively developed and upgraded with new functionalities.  

Top Vulnerabilities Reported in the Last 24 Hours

Google releases PoC for Spectre
Google has issued a PoC to demonstrate the Spectre side-channel attacks against Chrome 88’s V8 JavaScript engine on an Intel Core i7-6500U ‘Skylake’ CPU. The attack can result in a leak of information from different web browsers. The vulnerability could also expose passwords, documents, emails, and data from instant messaging apps, among others. 

Patch for a zero-day issued
Google has fixed a new zero-day flaw that is being actively exploited in the wild. Tracked as CVE-2021-21193, the use-after-free vulnerability resides in the Blink rendering engine of the Chrome browser. The issue has been fixed in the 89.0.4389.90 version of Chrome for Windows, Mac, and Linux. 

 Tags

microsoft business email servers
spectre flaw
mirai botnet
zhtrap botnet
google chrome 88

Posted on: March 15, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!