Go to listing page

Cyware Daily Threat Intelligence July 08, 2021

Cyware Daily Threat Intelligence July 08, 2021

Share Blog Post

Fake mobile apps and newly discovered malware threats have caused rampant damage to millions worldwide. Over 170 fake apps categorized as BitScams and CloudScams have enabled threat actors to steal hundreds of thousands of dollars. Talking about malware threats, a new variant of Bandook malware dubbed Bandidos is being used to spy on corporate networks in Spanish-speaking countries. Moreover, the SideCopy cyberespionage group has updated its arsenal with several new RATs to target Indian government officials.

Amid the barrage of new threats, the July 2021 Patch Tuesday is here to help organizations mitigate some known security holes. This time, it starts with Google addressing over 40 vulnerabilities found in its Android operating system.

Top Breaches Reported in the Last 24 Hours

Over $300,000 stolen
Threat actors have managed to steal over $350,000 from users in a widespread scam that leveraged over 170 fake mobile apps. Classified into two categories as BitScams and CloudScams, these apps promised to perform cryptocurrency mining on behalf of subscribers

Top Malware Reported in the Last 24 Hours

New Bandidos malware
An ongoing espionage campaign that targets corporate networks in Spanish-speaking countries has been found distributing a new malware called Bandidos. It is an upgraded variant of Bandook malware and is propagated via phishing emails containing a malicious PDF attachment. The Bandidos malware is being used to spy on its victims.

New custom RATs
A cyberespionage group tracked as SideCopy is distributing several custom RATs to target Indian government officials. The malware used by the group include CetaRAT, DetaRAT, ReverseRAT, MargulasRAT, njRAT, Allakore, ActionRAT, Lilith, and Epicenter RAT. The attacks are carried out via malicious LNK files and decoy documents.   
Top Vulnerabilities Reported in the Last 24 Hours

Google fixes over 40 flaws
Google has rolled out patches for over 40 vulnerabilities as a part of the July 2021 security updates for the Android operating system. The most severe of these vulnerabilities affects the System component and can be exploited via a specially crafted file. 

PrintNightmare patch fails
Microsoft’s out-of-band security update for the PrintNightmare vulnerability has failed to address the flaw. Researchers have bypassed the patch to achieve remote code execution and local privilege escalation attacks. The bypass of the patch can be achieved by enabling ‘Point and Print Restrictions’ and configuring the ‘When installing drivers for a new connection’ as ‘Do not show warning on elevation prompt’. 

Vulnerable IOBit SystemCare
Multiple vulnerabilities are found affecting IOBit Advanced SystemCare Ultimate. The flaws are tracked as CVE-2021-21790, CVE-2021-21792, CVE-2021-21785, CVE-2021-21787, CVE-2021-21789, and CVE-2021-21786. Some of these are information disclosure vulnerabilities and the remaining are privilege escalation vulnerabilities.

Vulnerable Philips products
CISA has published an advisory about a total of 15 vulnerabilities affecting Philips Vue Healthcare products. The flaws are related to improper input validation, memory bugs, improper authentication, insecure initialization of resources, use of weak cryptographic algorithms, and improperly protected credentials, among others.

Flawed Sage X3 product
Four security vulnerabilities discovered in the Sage X3 Enterprise Resource Planning (ERP) product could have enabled adversaries to execute malicious commands and take control of vulnerable systems. The vendor has rolled out fixes for the flaws tracked as CVE-2020-7388, CVE-2020-7389, CVE-2020-7387, and CVE-2020-7390.

Vulnerabilities in NuGet Package
Threat actors continue to exploit several flaws in NuGet Package Manager to target .NET framework. According to analysts, 51 unique components in the Package Manager can be abused to launch software supply chain attacks.


bandidos malware
nuget package manager

Posted on: July 08, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.