Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 4, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 4, 2021
Millions of OT devices are at risk of supply chain attacks as a set of 14 new vulnerabilities has been unearthed in the widely used NicheStack TCP/IP stack. Collectively called INFRA:HALT, these flaws can be abused to cause remote code execution, denial of service, TCP spoofing, and DNS cache poisoning. Affected vendors have been advised to follow the recommended mitigation measures to prevent the risk of attack.
Meanwhile, a newly found Hotcobalt vulnerability found in the widely used Cobalt Strike beacon was patched with the release of a new version. It is a set of DoS vulnerabilities that could be abused to block C2 communication to channels and new deployments.
Top Breaches Reported in the Last 24 Hours
Ransomware attack
Lazio, Italy, suffered a ransomware attack that disabled the region’s IT systems, including the COVID-19 vaccination registration portal. The cyberattack is likely to be the work of RansomEXX operators.
Top Malware Reported in the Last 24 Hours
APT31 deploys new RAT
A series of attacks linked with Chinese threat actor group APT31 has been found using a new RAT to target entities in Mongolia, Russia, Belarus, Canada, and the U.S. The campaign makes use of phishing emails as the initial attack vector. The unnamed RAT shares numerous similarities with the DropboxAES RAT.
**Top Vulnerabilities Reported in the Last 24 Hours **
INFRA:HALT vulnerability
A cluster of 14 vulnerabilities, collectively known as INFRA:HALT, has been found affecting NicheStack which is used in millions of OT devices. These flaws can enable attackers to achieve remote code execution, denial of service, information leak, TCP spoofing, and DNS cache poisoning. Forescout has released several workarounds to mitigate the risk from these vulnerabilities.
Google fixes over 30 flaws
Google this week has pushed Android updates for more than 30 security flaws that can expose mobile users to a range of cyberattacks. The most severe of these is a flaw in the Media framework that can lead to privilege escalation attacks. Another severe flaw found in the Media Framework can enable attackers to launch remote code execution attacks. Other affected components include Kernel, Qualcomm, and Widevine DRM.
PoC for Chromium flaw released
Researchers have released PoC for a remote code execution flaw in the Chromium project that can allow attackers to inject malicious code in site pages. This can further enable attackers to steal sensitive information from the victims.
Flaws in Cobalt Strike
Several DoS vulnerabilities collectively tracked as Hotcobalt (CVE-2021-36798) were patched in the Cobalt Strike beacon with the release of version 4.4. The flaws could be used to block the beacon’s C2 communication channels and new deployments.