Go to listing page

Cyware Daily Threat Intelligence, November 10, 2021

Cyware Daily Threat Intelligence, November 10, 2021

Share Blog Post

Over 50 bugs have been squashed, two actively exploited flaws have been fixed, and a set of 13 vulnerabilities called NUCLEUS:13 has been addressed. All these are part of this month’s security updates. Microsoft leads the security patch parade by fixing at least 55 flaws, out of which two are zero-day vulnerabilities. On the other hand, Siemens has issued advisories for 36 security bugs, 13 of which affect its Nucleus software library. Schneider Electric has also published security notes for 17 flaws affecting its multiple products.

Moving on to the major threats spotted in the last 24 hours, the notorious TeamTNT APT group reappeared in a new campaign that targeted poorly configured Docker servers to mine Monero cryptocurrency. The newly found SquirrelWaffle dropper was also identified in a fresh malspam campaign distributing Qakbot trojan.

Top Breaches Reported in the Last 24 Hours

Robinhood suffers breach
Robinhood revealed details about a data breach that it suffered on November 3. The incident occurred after attackers gained unauthorized access to a limited amount of personal information of customers. The compromised data included Social Security numbers, bank account numbers, and debit card numbers. However, there has been no financial loss to any customers.

Cl0p gang breaches corporate networks
The Cl0p ransomware gang has begun exploiting a SolarWinds Serv-U vulnerability to breach corporate networks. The flaw is tracked as CVE-2021-35211 and is associated with remote code execution. It affects only customers who have enabled the SSH feature.

Misconfigured Docker servers targeted
TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. The ultimate purpose of the campaign is to deploy Monero cryptocurrency miners.

Top Malware Reported in the Last 24 Hours

SquirrelWaffle reappears
SquirrelWaffle malware dropper has reappeared in a new malspam campaign that delivers Qakbot. In addition to dropping malware, SquirrelWaffle also enables threat actors to gain an initial foothold onto victims’ network environments. 

PhoneSpy spotted
A spyware called PhoneSpy disguised as various lifestyle apps is targeting Korean-speaking users. The spyware is capable of pilfering credentials, images, SMS messages, call logs, audio calls, and video from the infected devices.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes over 50 bugs
Microsoft’s November batch of Security Patch Tuesday has fixed at least 55 vulnerabilities across a wide range of its products. Two of these are zero-day flaws (CVE-2021-42321 and CVE-2021-42292), which are being actively exploited in the wild. The affected ones include its components, Microsoft Edge, Exchange Server, and Microsoft Office.

NUCLEUS:13 flaw
A set of 13 vulnerabilities called NUCLEUS:13 impacts Siemens software library, Nucleus. These flaws affect Siemens medical devices and industrial equipment. The worst of these is CVE-2021-31886 and is related to a remote code execution issue. It has a CVSS score of 9.8 out of 10. Other flaws can be abused to take control over systems and leak information from devices. Siemens has released security updates to remediate the weaknesses as part of the 13 advisories addressing 36 flaws.

SAP releases patches
SAP has released five new and two updated security notes as part of its November 2021 Security Patch Day. One of these flaws deals with a critical vulnerability in ABAP Platform Kernel. The flaw is tracked as CVE-2021-40501, which is a missing check vulnerability in Kernel.

Schneider Electric issue patches
Schneider Electric released seven advisories for a total of 17 vulnerabilities affecting products such as SCADAPack 300E, Schneider Electric Software Update (SESU), Network Management Cards (NMC), EcoStruxure Process Expert, TelevisAir Dongle BTLE, Eurotherm GUIcon, and various others. Some of these flaws can be abused to launch DoS attacks.

Flaws in BusyBox utility tools
Fourteen critical vulnerabilities disclosed in the BusyBox Linux utility could be exploited to cause DoS attacks, remote code execution attacks, and even leakage of information. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1.


qakbot trojan
squirrelwaffle malware dropper
schneider electric patches

Posted on: November 10, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.