Go to listing page

Cyware Daily Threat Intelligence July 21, 2021

Cyware Daily Threat Intelligence July 21, 2021

Share Blog Post

A stitch in time can protect millions of printers worldwide from a high-severity flaw that has come to light after 16 years. The flaw that affects over 300 printer models by HP, Xerox, and Samsung can be exploited for privilege escalation. Meanwhile, Adobe and Fortinet have announced security updates for multiple security flaws affecting its wide range of products.

Multiple malware attacks were reported in the past 24 hours as XLoader and Joker malware returned in new shapes. While XLoader has been improvised to target macOS systems, Joker was found in a new set of apps on the Google Play Store.  

Top Breaches Reported in the Last 24 Hours

Ransomware attack
Ticket machines operating in northern England have been disrupted following a ransomware attack. However, Northern Trains has confirmed that no customer or payment data has been compromised in the incident. 

Top Malware Reported in the Last 24 Hours

New npm malware
Two malicious npm packages have been caught secretly stealing passwords from Chrome web browsers. These packages are tracked as ‘nodejs_net_server’, and ‘temptesttempfile’. These malware use the legitimate password recovery tools on Windows systems to launch their infection process.

XLoader modified
XLoader has now been revamped to target macOS systems. Derived from the Formbook info-stealer trojan, XLoader is currently being offered on underground forums between $59 and $129, depending on the time period of subscription and the type of target.  

Joker returns
Google removed 11 suspicious apps that came laced with Joker malware. The malware is designed to spy on its victims, steal information, harvest contact lists, and monitor SMS messaging. The latest set of offending mobile applications include Translate Free, PDF Converter Scanner, Free Affluent Message, and delux Keyboard. 

Top Vulnerabilities Reported in the Last 24 Hours

Windows 10 zero-day flaw
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that is yet to receive an official patch. Tracked as CVE-2021-36934, the flaw can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

A flaw in the printer driver
A 16-year-old high-severity flaw found in a common printer driver impacts printer models shipped by HP, Xerox, and Samsung. The flaw, tracked as CVE-2021-3438, is described as a buffer overflow vulnerability in a printer driver. It can be abused to execute arbitrary code to gain admin-level access to systems. HP and Xerox have released patches to address the vulnerability.

CODESYS flaws
Seven security flaws impacting CODESYS automation software and the WAGO PLC can be exploited to take control of a company’s cloud operational technology (OT) infrastructure. The flaws are tracked as CVE-2021-29238, CVE-2021-29240, CVE-2021-292241, CVE-2021-34569, CVE-2021-34566, CVE-2021-34567, and CVE-2021-34568.

Adobe addresses 21 flaws
Adobe has released patches for 21 vulnerabilities affecting seven of its products. Fifteen of these vulnerabilities have been assigned a critical severity rating. Seven vulnerabilities have been addressed in Adobe After Effects for Windows and macOS.

Fortinet patches flaws
Fortinet has announced patches for a remote code execution vulnerability found in FortiManager and FortiAnalyzer. The flaw can allow attackers to execute code with root privileges.

MTProto flaws patched
Several flaws discovered in Telegram’s cryptographic protocol MTProto have been patched. These flaws could have enabled attackers to alter the sequence of messages sent and launch MiTM attacks.

Top Scams Reported in the Last 24 Hours

Crypto scam
A crypto scam that promises users huge returns has been spotted. The scam relies on the traditional phishing email technique with the subject line ‘Urgent respond’. It further asks the recipients to connect via WhatsApp for more details and guidelines.


 Tags

xloader
npm malware
mtproto flaws
fortinet labs
crypto scam
codesys

Posted on: July 21, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.