CyberIntelMag's Threat report

Weekly Cyber Threat Report, January 24-28, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

The good news: This week’s good news includes Dutch cybersecurity body warning about Log4j, FBI alerting about fake QR codes, Apple patching the new 0-day flaw targeting iOS and macOS devices, VMware urging to patch Horizon servers, and much more.

  • The Dutch National Cybersecurity Center (NCSC) alerted that companies should be aware of the risks associated with Log4j attacks and keep an eye out for continuous threats, the NCSC believes that hackers are still looking for new targets.
  • The FBI recently warned Americans that fraudsters are using unlawfully manufactured Quick Response (QR) codes to steal their financial information and credentials.
  • Andrey Sergeevich Novak, the suspected head of the “Infraud Organization,” a hacking gang that caused losses of over $560 million in seven active years, has been detained by the Russian Federal Security Service (FSB) and law enforcement.
  • The maintenance personnel of APKLeaks, an open-source program for evaluating APK files for URLs, endpoints, and secrets, have patched a serious flaw that may be exploited to remotely execute arbitrary code.
  • Apple released security updates to address two zero-day vulnerabilities. One has been publicly disclosed and the other used by hackers to access iPhones and Macs.
  • Microsoft is alerting Office 365 subscribers that they may get phishing emails that attempt to deceive them into providing OAuth access to a fake app, allowing attackers to view and write emails.
  • VMware urges customers to apply the patch for major Log4j security vulnerabilities that impact Internet-exposed VMware Horizon servers being targeted in recent attacks.
  • The Canadian government has announced that it is investigating a cyberattack on Global Affairs Canada (GAC), the country’s diplomatic and consular affairs department, on January 19.


The bad news: This week’s bad news include Emotet using non-standard IP addresses for avoiding detection, CWP vulnerabilities giving reason to patch Linux servers immediately, California public office admitting COVID-19 healthcare data leak, Instagram accounts of influencers and businesses getting hacked, global Android users being targeted by Flubot and Teabot campaigns, and much more.

    • In an attempt to prevent detection by security solutions, social engineering efforts involving the Emotet malware botnet have been observed leveraging “unconventional” IP address formats.
    • By chaining two security vulnerabilities in the Control Web Panel (CWP) software together, attackers can get root access on vulnerable Linux systems. It’s essential to patch Linux servers instantaneously.
    • In mid-California, the County of Kings disclosed that a security vulnerability in its public webserver had exposed restricted medical information of residents involved in Covid-19 proceedings.
    • A watering hole attack targeting politically-involved and pro-democracy people in Hong Kong leveraged a Safari web browser flaw in a previous unreported cyber-espionage malware aimed at Apple’s macOS.
    • In a new phishing effort, hackers are stealing Instagram accounts of businesses and influencers having a large number of followers. They get access to critical accounts and demand a ransom.
    • Cisco Talos recently uncovered multiple flaws in the Reolink RLC-410W WiFi-connected security camera that might allow an attacker to do various malicious operations, such as man-in-the-middle attacks, stealing user login credentials, and more.
    • Fresh FluBot and TeaBot malware distribution campaigns targeting Android users have been identified in various parts of the world. They are using typical smishing lures or laced apps.
    • After being available for more than two weeks and being downloaded over 10,000 times, a fake 2FA app carrying the vultur malware was removed from Google Play.
    • On Wednesday morning local time, North Korea lost the internet for around six hours. This is the second internet outage to afflict North Korea in the last two weeks, and it might be the result of a cyber-attack.
    • A dangerous malware strain’s source code with over 30 vulnerabilities for various IoT devices and routers is released on Github. This has put millions of devices in danger as threat actors may use it in their attacks or create new malware strains based on it.
    • A novel DeadBolt ransomware group is encrypting QNAP NAS systems all around the world, claiming the device’s firmware is vulnerable to zero-day attacks.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.