Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 14, 2021 - Featured Image

Daily Threat Briefing Jul 14, 2021

July Security Patch Tuesday is finally here with a new set of fixes for several vulnerabilities affecting different products. While Microsoft has delivered patches for 117 flaws, nine of which are zero-day vulnerabilities, Adobe’s monthly batch of security updates includes patches for 28 vulnerabilities affecting its PDF reader Acrobat 2020, Illustrator, Bridge, and other software. SAP has rolled out patches for 12 security vulnerabilities, two of which are rated ‘High’ severity.

A moment of relief for victim organizations as the websites associated with REvil ransomware went offline on the dark web. The ransomware gang has been held responsible for the recent attack at Kaseya that affected over 1000 companies across the globe.

Top Breaches Reported in the Last 24 Hours

REvil’s website shutdown

The****REvil ransomware group has mysteriously disappeared from the dark web. The group’s Tor network infrastructure on the dark web included one leaked blog site and 22 data hosting sites.

Espionage campaign identified

Two infection vectors associated with LuminousMoth APT have been detected in a widespread attack campaign that targeted users in Southeast Asia. The first one provided the attackers with initial access to systems via a spear-phishing email that contained a Dropbox download. The second infection vector was carried out via removable USB drives that dropped the Cobalt Strike Beacon.

Top Malware Reported in the Last 24 Hours

Razy malware detected

The official website of the Kazakhstan government (eGOV.kz) has been found hosting documents infected with malware since January this year. These documents ultimately caused the installation of a version of Razy malware on users’ systems.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft rolls out patches

Microsoft has rolled out patches for a total of 117 security vulnerabilities, including nine zero-day flaws for this month’s Patch Tuesday updates. Of these, 13 are rated Critical, 103 are rated Important, and one is rated Moderate in severity. Some of the affected products include Exchange server, DNS server, Sharepoint server, and Windows Kernel.

Adobe patches 11 Critical flaws

Adobe’s July security patch roundup includes fixes for 28 vulnerabilities affecting its PDF reader Acrobat 2020, Illustrator, Bridge, and other software. Eleven of them are rated critical and can open both Windows and macOS users to a variety of attacks.

SAP patches vulnerabilities

SAP has released patches for 12 security vulnerabilities as part of its July 2021 Security Patch Day. The most important of these are two high-severity vulnerabilities (CVE-2021-33671 and CVE-2021-33670) in NetWeaver. The other affected products include CRM ABAP, Lumira Server, Web Dispatcher, and Internet Communication Manager, NetWeaver AS for Java (Enterprise Portal), Business Objects Web Intelligence (BI Launchpad), and 3D Visual Enterprise Viewer.

PrintNightmare exploited in the wild

CISA has issued an emergency directive to address the PrintNightmare vulnerability. The development comes following the mass exploitation of the vulnerability. Tracked as CVE-2021-34527, the vulnerability exists in the Windows Print Spooler service.

**SolarWinds flaw exploited **

A recently patched zero-day vulnerability in the SolarWinds Serv-U FTP server is being actively exploited by Chinese hackers to target US defense and software companies. The attackers are tracked as DEV-0322.

Vulnerable Etherpad text editor

Two flaws discovered in the Etherpad text editor can potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The flaws are tracked as CVE-2021-34816 and CVE-2021-34817. The flaws have been patched in version 1.8.14 of the Etherpad.

VMWare issues patches

VMware has announced the availability of patches that fix vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool. The most severe of these vulnerabilities is CVE-2021-21994, an improper authentication flaw in ESXi.

Related Threat Briefings