Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 21, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 21, 2021
A stitch in time can protect millions of printers worldwide from a high-severity flaw that has come to light after 16 years. The flaw that affects over 300 printer models by HP, Xerox, and Samsung can be exploited for privilege escalation. Meanwhile, Adobe and Fortinet have announced security updates for multiple security flaws affecting its wide range of products.
Multiple malware attacks were reported in the past 24 hours as XLoader and Joker malware returned in new shapes. While XLoader has been improvised to target macOS systems, Joker was found in a new set of apps on the Google Play Store.
Top Breaches Reported in the Last 24 Hours
Ransomware attack
Ticket machines operating in northern England have been disrupted following a ransomware attack. However, Northern Trains has confirmed that no customer or payment data has been compromised in the incident.
Top Malware Reported in the Last 24 Hours
New npm malware
Two malicious npm packages have been caught secretly stealing passwords from Chrome web browsers. These packages are tracked as ‘nodejs_net_server’, and ‘temptesttempfile’. These malware use the legitimate password recovery tools on Windows systems to launch their infection process.
XLoader modified
XLoader has now been revamped to target macOS systems. Derived from the Formbook info-stealer trojan, XLoader is currently being offered on underground forums between $59 and $129, depending on the time period of subscription and the type of target.
Joker returns
Google removed 11 suspicious apps that came laced with Joker malware. The malware is designed to spy on its victims, steal information, harvest contact lists, and monitor SMS messaging. The latest set of offending mobile applications include Translate Free, PDF Converter Scanner, Free Affluent Message, and delux Keyboard.
Top Vulnerabilities Reported in the Last 24 Hours
Windows 10 zero-day flaw
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that is yet to receive an official patch. Tracked as CVE-2021-36934, the flaw can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.
A flaw in the printer driver
A 16-year-old high-severity flaw found in a common printer driver impacts printer models shipped by HP, Xerox, and Samsung. The flaw, tracked as CVE-2021-3438, is described as a buffer overflow vulnerability in a printer driver. It can be abused to execute arbitrary code to gain admin-level access to systems. HP and Xerox have released patches to address the vulnerability.
CODESYS flaws
Seven security flaws impacting CODESYS automation software and the WAGO PLC can be exploited to take control of a company’s cloud operational technology (OT) infrastructure. The flaws are tracked as CVE-2021-29238, CVE-2021-29240, CVE-2021-292241, CVE-2021-34569, CVE-2021-34566, CVE-2021-34567, and CVE-2021-34568.
Adobe addresses 21 flaws
Adobe has released patches for 21 vulnerabilities affecting seven of its products. Fifteen of these vulnerabilities have been assigned a critical severity rating. Seven vulnerabilities have been addressed in Adobe After Effects for Windows and macOS.
Fortinet patches flaws
Fortinet has announced patches for a remote code execution vulnerability found in FortiManager and FortiAnalyzer. The flaw can allow attackers to execute code with root privileges.
MTProto flaws patched
Several flaws discovered in Telegram’s cryptographic protocol MTProto have been patched. These flaws could have enabled attackers to alter the sequence of messages sent and launch MiTM attacks.
Top Scams Reported in the Last 24 Hours
Crypto scam
A crypto scam that promises users huge returns has been spotted. The scam relies on the traditional phishing email technique with the subject line ‘Urgent respond’. It further asks the recipients to connect via WhatsApp for more details and guidelines.