Go to listing page

Cyware Daily Threat Intelligence July 14, 2021

Cyware Daily Threat Intelligence July 14, 2021

Share Blog Post

July Security Patch Tuesday is finally here with a new set of fixes for several vulnerabilities affecting different products. While Microsoft has delivered patches for 117 flaws, nine of which are zero-day vulnerabilities, Adobe’s monthly batch of security updates includes patches for 28 vulnerabilities affecting its PDF reader Acrobat 2020, Illustrator, Bridge, and other software. SAP has rolled out patches for 12 security vulnerabilities, two of which are rated ‘High’ severity.

A moment of relief for victim organizations as the websites associated with REvil ransomware went offline on the dark web. The ransomware gang has been held responsible for the recent attack at Kaseya that affected over 1000 companies across the globe.

Top Breaches Reported in the Last 24 Hours

REvil’s website shutdown
The REvil ransomware group has mysteriously disappeared from the dark web. The group’s Tor network infrastructure on the dark web included one leaked blog site and 22 data hosting sites.

Espionage campaign identified
Two infection vectors associated with LuminousMoth APT have been detected in a widespread attack campaign that targeted users in Southeast Asia. The first one provided the attackers with initial access to systems via a spear-phishing email that contained a Dropbox download. The second infection vector was carried out via removable USB drives that dropped the Cobalt Strike Beacon.

Top Malware Reported in the Last 24 Hours

Razy malware detected
The official website of the Kazakhstan government (eGOV.kz) has been found hosting documents infected with malware since January this year. These documents ultimately caused the installation of a version of Razy malware on users’ systems.  

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft rolls out patches
Microsoft has rolled out patches for a total of 117 security vulnerabilities, including nine zero-day flaws for this month’s Patch Tuesday updates. Of these, 13 are rated Critical, 103 are rated Important, and one is rated Moderate in severity. Some of the affected products include Exchange server, DNS server, Sharepoint server, and Windows Kernel.

Adobe patches 11 Critical flaws
Adobe’s July security patch roundup includes fixes for 28 vulnerabilities affecting its PDF reader Acrobat 2020, Illustrator, Bridge, and other software. Eleven of them are rated critical and can open both Windows and macOS users to a variety of attacks.

SAP patches vulnerabilities
SAP has released patches for 12 security vulnerabilities as part of its July 2021 Security Patch Day. The most important of these are two high-severity vulnerabilities (CVE-2021-33671 and CVE-2021-33670) in NetWeaver. The other affected products include CRM ABAP,  Lumira Server, Web Dispatcher, and Internet Communication Manager, NetWeaver AS for Java (Enterprise Portal), Business Objects Web Intelligence (BI Launchpad), and 3D Visual Enterprise Viewer.

PrintNightmare exploited in the wild
CISA has issued an emergency directive to address the PrintNightmare vulnerability. The development comes following the mass exploitation of the vulnerability. Tracked as CVE-2021-34527, the vulnerability exists in the Windows Print Spooler service.

SolarWinds flaw exploited 
A recently patched zero-day vulnerability in the SolarWinds Serv-U FTP server is being actively exploited by Chinese hackers to target US defense and software companies. The attackers are tracked as DEV-0322.

Vulnerable Etherpad text editor
Two flaws discovered in the Etherpad text editor can potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The flaws are tracked as CVE-2021-34816 and CVE-2021-34817. The flaws have been patched in version 1.8.14 of the Etherpad.

VMWare issues patches
VMware has announced the availability of patches that fix vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool. The most severe of these vulnerabilities is CVE-2021-21994, an improper authentication flaw in ESXi.

 Tags

microsoft inc
razy malware
printnightmare print spooler vulnerability
vmware
etherpad text editor

Posted on: July 14, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.