Go to listing page

Cyware Daily Threat Intelligence, March 23, 2021

Cyware Daily Threat Intelligence, March 23, 2021

Share Blog Post

The global threat landscape is constantly evolving as threat actors show no signs of slowing down. Researchers have now shared details about a new threat actor group dubbed SilverFish that was one of the many culprits behind the massive SolarWinds hack. The group’s ultimate motive is to carry out cyber-espionage and steal data from its victims.

Report of wildly exploited memory corruption vulnerability has come to light as Google revealed the information to its Android users. The flaw affects Android devices that use Qualcomm chips and can enable attackers to gain access to a device’s memory.

In other major news, Energy giant Shell becomes the latest victim of Accellion’s FTA hack that affected around 100 companies worldwide.

Top Breaches Reported in the Last 24 Hours

MangaDex site affected
Popular manga reader MangaDex has decided to rebuild its website after suffering a major breach. The incident resulted in the compromise of source code and potentially a customer database.

Sierra Wireless impacted
Canadian multinational Sierra Wireless was forced to halt production at its manufacturing sites across the world after a ransomware attack. The attack had hit the company on March 20, 2021.

Shell discloses data breach
Energy giant Shell has disclosed a data breach that occurred due to the compromise of Accellion’s File Transfer Appliance. The company claims that no IT systems have been affected during the attack.

Top Vulnerabilities Reported in the Last 24 Hours

Google warns about a vulnerability
Google has warned Android users that a recently patched vulnerability is being exploited. Tracked as CVE-2020-11261, the high-severity flaw arises from an improper input validation issue affecting a display/graphics component from Qualcomm. The flaw is related to the memory corruption vulnerability.

Adobe releases security updates
Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. The vulnerability is tracked as CVE-2021-21087 and is related to Improper Input Validation software vulnerability.

Vulnerable GE Power Management devices
CISA has warned about vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities on systems belonging to the Universal Relay family. The flaws could be exploited to access sensitive information, reboot the device, trigger a denial-service condition, and gain privileged access.


 Tags

ge power management devices
memory corruption vulnerability
qualcomm chips
silverfish hacker group
solarwinds hack

Posted on: March 23, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!