Go to listing page

Cyware Daily Threat Intelligence July 26, 2021

Cyware Daily Threat Intelligence July 26, 2021

Share Blog Post

Another blind spot in email security check! An email spam campaign that went undetected for weeks was found to deliver malware on users’ devices. The interesting aspect of this campaign was the use of the HTML smuggling attack technique that allowed threat actors to fly under the radar. 

Meanwhile, enterprises have been provided with some mitigation measures to prevent the newly discovered PetitPotam NTLM attack, which affects Windows systems. The attack abuses the Encrypting File System Remote (EFSRPC) protocol. Also, stay away from fake Windows 11 downloaders that are being distributed in the wild. The ultimate goal of these fake downloaders is to drop malware on users’ systems. 

Top Breaches Reported in the Last 24 Hours

THORChain loses $8 million
THORChain, a cross-chain of a DeFi protocol, has suffered a loss of around $8.3 million following a hack. The hackers stole Ether cryptocurrency by exploiting multiple vulnerabilities in the firm’s ETH router. 

Signal’s blooper
Signal has fixed a serious bug in its Android app that caused the sending of random images to the wrong contacts. The issue was first reported in December 2020.

Top Malware Reported in the Last 24 Hours
 
Delivering malware
Threat actors made use of the HTML smuggling technique in a weeks-long email spam campaign to deliver malware to user devices. The technique enabled threat actors to bypass email security gateways.   

Fake Windows 11 installer
Threat actors have created multiple fake versions of Windows 11 installers to distribute malware on victims’ systems. The fake software is offered in the form of links to users. There have been reports of these fake Windows 11 downloaders delivering adware and other malware payloads on computers.
   
Top Vulnerabilities Reported in the Last 24 Hours

PetitPotam attack
Microsoft has released mitigations for the recently disclosed PetitPotam NTLM attack that can allow attackers to take control of Windows systems. The attack abuses the Encrypting File System Remote (EFSRPC) protocol. A PoC for the exploitation of the flaw has been published on GitHub.

 Tags

petitpotam ntlm attack
thorchain
html smuggling attack technique
fake windows 11 downloaders

Posted on: July 26, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.