Go to listing page

Cyware Daily Threat Intelligence, May 20, 2021

Cyware Daily Threat Intelligence, May 20, 2021

Share Blog Post

Another ransomware gang has called off its extortion operations. After hitting thousands of QNAP devices and making a profit worth $350,000 in a month, the Qlocker ransomware gang has decided to shut down its operations. Given the recent shift in tactics to put more pressure on users using QNAP devices, it is likely that the gang can make a comeback in a new form.

In other news, Google has issued patches for four zero-day vulnerabilities in Android that may have been exploited in the wild. The four flaws impact Qualcomm Graphics and Arm Mali GPU Driver.
Meanwhile, beware of a fake Microsoft Authenticator extension that can dupe users into sharing the details of their accounts.

Top Breaches Reported in the Last 24 Hours

Misconfigured databases
Personal data of over 100 million Android users have been exposed due to unprotected databases used by 23 apps. The data includes names, email addresses, dates of birth, chat messages, location, gender, passwords, photos, payment details, and push notifications. Some of the apps exposing the data are Logo Maker, Astro Guru, and T’Leva.

FastTrack Reflex exposes data
FastTrack Reflex Recruitment firm secured its misconfigured AWS S3 buckets after exposing data for around four years. The exposed data included CVs containing the personal information of job applicants. The buckets contained 21,000 client files equating to 5GB of data.

Ardagh Group discloses breach
Ardagh Group, a glass and metal packaging company, has fallen victim to a cyberattack that forced it to shut down some systems and applications. Following the attack, the firm took immediate actions to contain the attack.   

Top Malware Reported in the Last 24 Hours

Qlocker ransomware shuts its operation
The Qlocker ransomware gang has shut down its operation after earning $350,000 in a month. The ransomware was known for exploiting vulnerabilities in QNAP devices. Starting April 19, the ransomware had enhanced its encryption tactic by replacing the QNAP device files with password-protected 7-zip archives.

Fake Microsoft Authenticator extension
A fake Microsoft Authenticator extension that can dupe users into sharing the details of their accounts has been uncovered by researchers. The extension has been downloaded over 400 times.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Eufy cameras
Eufy home security cameras affected by an internal server bug allowed strangers to view, pan, and zoom in on victims’ home video feeds. The issue arose during a planned server upgrade process by the company Anker and was fixed readily.

Android issues patches
Google has issued patches for four new zero-day bugs in Android that are exploited in the wild.  The flaws are tracked as CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, and CVE-2021-28664. Successful exploitation of these flaws can grant adversaries to take control of devices.

Pega Infinity patches a flaw
A password authentication vulnerability has been fixed by Pega Infinity that could allow attackers to bypass its password reset system.

Top Scams Reported in the Last 24 Hours

Domain Group phishing attack
Australian digital real estate business, Domain Group, has confirmed falling victim to a phishing attack that targeted its users. As part of the attack, scammers contact some of these people by email and ask them to pay a deposit to secure rental property on a website nominated by the scammer. The firm has elevated the security controls of its systems.

Royal Mail phishing scam
Scammers are again impersonating Royal Mail delivery firm with an aim to evade security checks in a new phishing scam. For this, they have created several fake pages that mimic the original site of Royal Mail. It begins with recipients receiving SMS messages claiming that a parcel has been redirected to the local post office due to an unpaid shipping fee.


qlocker ransomware gang
qualcomm graphics
qnap devices
fake microsoft authenticator extension

Posted on: May 20, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite