Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 8, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 8, 2021
Fake mobile apps and newly discovered malware threats have caused rampant damage to millions worldwide. Over 170 fake apps categorized as BitScams and CloudScams have enabled threat actors to steal hundreds of thousands of dollars. Talking about malware threats, a new variant of Bandook malware dubbed Bandidos is being used to spy on corporate networks in Spanish-speaking countries. Moreover, the SideCopy cyberespionage group has updated its arsenal with several new RATs to target Indian government officials.
Amid the barrage of new threats, the July 2021 Patch Tuesday is here to help organizations mitigate some known security holes. This time, it starts with Google addressing over 40 vulnerabilities found in its Android operating system.
Top Breaches Reported in the Last 24 Hours
Over $300,000 stolen
Threat actors have managed to steal over $350,000 from users in a widespread scam that leveraged over 170 fake mobile apps. Classified into two categories as BitScams and CloudScams, these apps promised to perform cryptocurrency mining on behalf of subscribers
Top Malware Reported in the Last 24 Hours
New Bandidos malware
An ongoing espionage campaign that targets corporate networks in Spanish-speaking countries has been found distributing a new malware called Bandidos. It is an upgraded variant of Bandook malware and is propagated via phishing emails containing a malicious PDF attachment. The Bandidos malware is being used to spy on its victims.
New custom RATs
A cyberespionage group tracked as SideCopy is distributing several custom RATs to target Indian government officials. The malware used by the group include CetaRAT, DetaRAT, ReverseRAT, MargulasRAT, njRAT, Allakore, ActionRAT, Lilith, and Epicenter RAT. The attacks are carried out via malicious LNK files and decoy documents.
Top Vulnerabilities Reported in the Last 24 Hours
Google fixes over 40 flaws
Google has rolled out patches for over 40 vulnerabilities as a part of the July 2021 security updates for the Android operating system. The most severe of these vulnerabilities affects the System component and can be exploited via a specially crafted file.
PrintNightmare patch fails
Microsoft’s out-of-band security update for the PrintNightmare vulnerability has failed to address the flaw. Researchers have bypassed the patch to achieve remote code execution and local privilege escalation attacks. The bypass of the patch can be achieved by enabling ‘Point and Print Restrictions’ and configuring the ‘When installing drivers for a new connection’ as ‘Do not show warning on elevation prompt’.
Vulnerable IOBit SystemCare
Multiple vulnerabilities are found affecting IOBit Advanced SystemCare Ultimate. The flaws are tracked as CVE-2021-21790, CVE-2021-21792, CVE-2021-21785, CVE-2021-21787, CVE-2021-21789, and CVE-2021-21786. Some of these are information disclosure vulnerabilities and the remaining are privilege escalation vulnerabilities.
Vulnerable Philips products
CISA has published an advisory about a total of 15 vulnerabilities affecting Philips Vue Healthcare products. The flaws are related to improper input validation, memory bugs, improper authentication, insecure initialization of resources, use of weak cryptographic algorithms, and improperly protected credentials, among others.
Flawed Sage X3 product
Four security vulnerabilities discovered in the Sage X3 Enterprise Resource Planning (ERP) product could have enabled adversaries to execute malicious commands and take control of vulnerable systems. The vendor has rolled out fixes for the flaws tracked as CVE-2020-7388, CVE-2020-7389, CVE-2020-7387, and CVE-2020-7390.
Vulnerabilities in NuGet Package
Threat actors continue to exploit several flaws in NuGet Package Manager to target .NET framework. According to analysts, 51 unique components in the Package Manager can be abused to launch software supply chain attacks.