Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 27, 2021 - Featured Image

Daily Threat Briefing Jul 27, 2021

Zero-day vulnerabilities are exploding and so are opportunities for threat actors who are always on the lookout for such security flaws. Researchers have warned about three new zero-day vulnerabilities that affect Kaseya’s Unitrends service. Users are advised not to expose the service to the internet until the patches are released. Apple users heaved a sigh of relief as the firm released an emergency patch to address a zero-day flaw that could be abused to run malicious code on iOS, iPadOS, and macOS.

A sophisticated attack that exploited a deserialization flaw in the ASP.NET application of the Checkbox Survey tool has also been reported in the last 24 hours. The notorious Praying Mantis threat actor group has made a comeback with this attack that targeted the U.S. organizations.

Top Breaches Reported in the Last 24 Hours

BRI Life data on sale

Indonesia’s BRI Life is investigating claims that the personal details of over two million of its customers have been compromised in a hack. Meanwhile, an unnamed user has shared a post on the RaidForums website regarding the sale of around 460,000 documents stolen from BRI Life clients.

Kaseya denies paying ransom

Kaseya has denied paying ransom to threat actors following the success of the decryption key. The attack by the REvil ransomware gang had affected around 1,500 organizations.

Top Vulnerabilities Reported in the Last 24 Hours

Checkbox Survey vulnerability exploited

A recently disclosed vulnerability in the Checkbox Survey tool has been wildly exploited in recent attacks linked to the Praying Mantis threat actor group. These attacks were launched against organizations in the U.S. Tracked as CVE-2021-27852, the flaw is related to deserialization code execution found in the ASP.NET application of the tool. It impacts version 6 of the application.

New Kaseya vulnerabilities

Researchers have warned against three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities are related to remote code execution and privilege escalation. Users are advised not to expose the service to the internet until the patches are released.

SeriousSAM vulnerability

Windows 10 and 11 are affected by a SeriousSAM vulnerability that can allow attackers with low-level permissions to access Windows system files to perform a pass-the-hash attack. Tracked as CVE-2021-36934, the flaw exists in the default configuration of Windows 10 and 11. Microsoft has suggested workarounds to mitigate the vulnerability.

Apple issues zero-day patch

Apple has issued patches for a zero-day vulnerability in its iOS, iPadOS, and macOS. The flaw, tracked as CVE-2021-30807, affects the iGiant’s IOMobileFrameBuffer code that can be abused to run malicious code on the affected devices.

Related Threat Briefings