The global threat landscape is constantly evolving as threat actors show no signs of slowing down. Researchers have now shared details about a new threat actor group dubbed SilverFish that was one of the many culprits behind the massive SolarWinds hack. The group’s ultimate motive is to carry out cyber-espionage and steal data from its victims.
Report of wildly exploited memory corruption vulnerability has come to light as Google revealed the information to its Android users. The flaw affects Android devices that use Qualcomm chips and can enable attackers to gain access to a device’s memory.
In other major news, Energy giant Shell becomes the latest victim of Accellion’s FTA hack that affected around 100 companies worldwide.
Top Breaches Reported in the Last 24 Hours
MangaDex site affected
Popular manga reader MangaDex
has decided to rebuild its website after suffering a major breach. The incident resulted in the compromise of source code and potentially a customer database.
Sierra Wireless impacted
Canadian multinational Sierra Wireless
was forced to halt production at its manufacturing sites across the world after a ransomware attack. The attack had hit the company on March 20, 2021.
Shell discloses data breach
Energy giant Shell
has disclosed a data breach that occurred due to the compromise of Accellion’s File Transfer Appliance. The company claims that no IT systems have been affected during the attack.
Top Vulnerabilities Reported in the Last 24 Hours
Google warns about a vulnerability
has warned Android users that a recently patched vulnerability is being exploited. Tracked as CVE-2020-11261, the high-severity flaw arises from an improper input validation issue affecting a display/graphics component from Qualcomm. The flaw is related to the memory corruption vulnerability.
Adobe releases security updates
has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. The vulnerability is tracked as CVE-2021-21087 and is related to Improper Input Validation software vulnerability.
Vulnerable GE Power Management devices
CISA has warned about vulnerabilities
in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities on systems belonging to the Universal Relay family. The flaws could be exploited to access sensitive information, reboot the device, trigger a denial-service condition, and gain privileged access.