Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 15, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 15, 2020
The monthly security updates for July are here and Microsoft, as usual, grabbed the limelight by releasing patches for 123 vulnerabilities. One of the 18 critical vulnerabilities, fixed in this cycle, affects the Windows DNS Server. It is called as SIGRed and is a 17-years-old bug.
Adobe has also fixed a total of 13 security issues affecting its Creative Cloud Desktop, Media Encoder, Download Manager, Genius Service, and ColdFusion. Four of these flaws are rated ‘Critical’ and can allow attackers to execute arbitrary code.
Talking about malware, a new backdoor dubbed GoldenHelper has been found to be distributed via Golden Tax Invoicing software. The malware uses several techniques to gain persistence over target systems.
Top Breaches Reported in the Last 24 Hours
Wattpad data breaches
A database allegedly stolen from Wattpad was offered for sale for over $100,000. Now, it is being offered for free on hacker forums. The database contains 270 million records that include names, hashed passwords, email addresses, and general geographic location.
Top Malware Reported in the Last 24 Hours
New GoldenHelper malware
A new backdoor, dubbed GoldenHelper, has been found to be distributed via Golden Tax Invoicing software. The malware is completely different from GoldenSpy backdoor but uses a very similar delivery method to gain access to the networks of international companies doing business in China. Some of the interesting techniques used by the malware include randomization of name whilst in transit, randomization of file system location, timestomping, IP-based DGA (Domain Generation Algorithm), UAC bypass, and privilege escalation.
Top Vulnerabilities Reported in the Last 24 Hours
Microsoft patches 123 flaws
Microsoft has fixed 123 vulnerabilities as part of this month’s security updates. 18 of these have been rated critical and can lead to remote code execution. These critical flaws affect Windows, the .NET framework, Internet Explorer, SharePoint, Visual Studio, Office, and Hyper-V. One of these critical flaws affects Windows DNS Server and is identified as SIGRed.
Adobe fixes critical bugs
Adobe has addressed 13 flaws affecting its Creative Cloud Desktop, Media Encoder, Download Manager, Genius Service, and ColdFusion. Four of these flaws are rated ‘Critical’ and can allow attackers to execute arbitrary code. The remaining security issues can lead to privilege escalation, DLL search-order hijacking, insecure library loading, and insecure file permissions.
SAP releases 10 security notes
SAP has released eight security notes, including updates to two previous Patch Day security notes, in its July 2020 Patch Day. Two of these flaws affect NetWeaver AS Java. They are identified as CVE-2020-6287 (referred to as RECON) and CVE-2020-6286.
Vulnerable AMD and Intel drivers
Multiple vulnerabilities in Intel’s Graphics Accelerator Driver and AMD Radeon driver have been found by researchers. It is likely that attackers can exploit these flaws to target users remotely. While AMD has released its own set of patches, Intel is yet to address these vulnerabilities.
Gigabit routers affected
Gigabit Wi-Fi routers are affected by five vulnerabilities. One of these flaws is related to the default password which is left open to the internet. Among the other flaws found in the router are a cross-site scripting flaw and a cross-site request forgery issue.