Go to listing page

Cyware Daily Threat Intelligence July 22, 2021

Cyware Daily Threat Intelligence July 22, 2021

Share Blog Post

Security updates to fix several critical to medium vulnerabilities continue to flow in as the risk of threats and attacks rises. Oracle issued a major update by releasing patches for over 342 security flaws found across its products. In another vein, Apple came up with security updates for dozens of vulnerabilities found in macOS, iOS, and iPadOS systems. Dell is also not far behind and has released patches for critical vulnerabilities affecting its OpenManage Enterprise product.

Despite the fact that security updates are on a roll, it’s quite distressing that threat actors continue to find their entry points by exploiting unpatched systems. In a major revelation, CISA has disclosed that over 13 malware strains have been found targeting vulnerable Pulse Secure devices.

Top Breaches Reported in the Last 24 Hours

TicketClub database breached
Italy-based TicketClub has fallen victim to a security breach following which data of its over 300,000 users are put on sale on RaidForums marketplace. This is the work of a threat actor who goes by the online name of bl4ckt0r.

Update on Elekta breach
Another U.S. healthcare provider, Jefferson Health, has announced a data breach as a result of the cyberattack at Elekta. The firm has confirmed that names, dates of birth, medical records numbers, and clinical information of patients have been exposed in the incident. 

Humana data leaked
An SQL database belonging to insurance giant Humana has leaked highly sensitive data of over 6,000 patients on a hacker forum. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, and medical treatment data.

Top Malware Reported in the Last 24 Hours

Spike in Taurus Loader activities
Researchers have detected a spike in events associated with Taurus Loader. In one incident, the malware loader was distributed via cracked software sites. For almost all attacks, the loader used AutoIt to evade detection in its final payload. 

XCSSET Malware emerges
A new version of XCSSET malware has been found targeting macOS 11 systems in a new attack campaign. The new malware variant is capable of stealing data from Telegram and other apps.  
Top Vulnerabilities Reported in the Last 24 Hours

Oracle fixes 342 flaws
Oracle has released security patches for 342 flaws as a part of the July 2021 Security Patch Update. Some of these could be exploited by a remote attacker to take control of affected systems. The most severe among these is a critical deserialization vulnerability (CVE-2019-2729), which had received an out-of-band security update in 2019. Some of the affected products include WebLogic Server and Oracle Hyperion Infrastructure Technology.    

Apple rolls out security updates
Apple has rolled out security updates to address vulnerabilities in its iOS, macOS, iPadOS, watchOS, tvOS, and Safari. A total of 37 security holes were resolved with the release of iOS 14.7 and iPadOS 14.7. 
A flaw in cURL fixed
Developers have fixed a flaw identical to an information disclosure flaw (CVE-2021-22898) in cURL that had received a patch in June. This development comes following the failure of the security patch. The flaw in question is tracked as CVE-2021-22925 and represents a medium risk flaw. 

Pulse Secure devices exploited
The CISA released an alert about the mass exploitation of Pulse Secure devices. More than a dozen malware samples have been found targeting the devices by exploiting multiple vulnerabilities (CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, CVE-2021-2289). The threat actors are using webshells on the Pulse Connect Secure appliance to maintain persistence upon gaining access.  

Remote code execution flaw fixed
 Atlassian has issued a security patch for a critical vulnerability affecting its Jira Data Center and Jira Service Management Data Center products. The vulnerability, tracked as CVE-2020-36239, can give remote attackers arbitrary code execution abilities. 

Dell fixes critical vulnerabilities
Dell has released patches for critical vulnerabilities affecting its OpenManage Enterprise product. The most severe of these issues is an improper authentication vulnerability (CVE-2021-21564) that receives a CVSS score of 9.8. 


pulse secure devices
taurus loader
elekta breach
xcsset malware

Posted on: July 22, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite