Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 9, 2020

September 2020 Patch Tuesday is here with new security improvements and fixes. This is the seventh month in a row that Microsoft has released patches for more than 100 CVEs. Twenty-three out of 129 flaws fixed this month are rated ‘Critical’, while 105 are rated ‘Important’ in terms of severity. The affected products include Windows, the Edge browser, ChakraCore, Internet Explorer, SQL Server, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, and OneDrive.

Adobe and Intel, too, have issued security patches for several vulnerabilities found in their products. While Adobe has addressed 18 security flaws, Intel has released patches for nine vulnerabilities.

Meanwhile, around 306 Android apps have been found using improper cryptographic code. This cites possible exploitations against app users.

Top Breaches Reported in the Last 24 Hours

K-Electric hit

Pakistan’s largest electricity provider, K-Electric, has suffered a NetWalker ransomware attack that led to the disruption of billing and online services. The attack occurred on September 7 after which the attackers demanded a ransom of $3,850,000 to be paid within seven days.

Attack on Docker platform

In a recent attack, cybercrime group TeamTNT relied on Weave Scope open-source tool to gain full control of Docker, Kubernetes installations. The attackers deployed the tool in order to map the cloud environment of their victims and execute system commands without deploying malicious code on the server.

School affected

The Hartford School District in Connecticut is struggling to recover from a ransomware attack that occurred on September 3. The incident has affected the devices on the district’s network.

Over 50,000 letters exposed

Details of more than 50,000 letters sent by banks and local authorities were indexed by Google due to a security lapse by Virtual Mail Room. The incident affected people in the U.S., the U.K, and Canada. Additionally, the names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 129 flaws

Microsoft’s Patch Tuesday Updates for September 2020 fixes 129 vulnerabilities that can be exploited to take control of devices. Twenty-three of these flaws are assigned a ‘Critical’ severity rating and affect Windows, web browsers, Dynamics 365, SharePoint, Exchange, and Visual Studio. The other 105 flaws are marked with an ‘Important’ severity rating.

Vulnerable CodeMeter

Vulnerabilities affecting CodeMeter Licensing Product can expose industrial systems to remote attacks, shut down of devices, malware infection, and more. Two of these security flaws are classified as ‘Critical’, while the rest are considered ‘High’ severity. CodeMeter has issued security advisories in response to these flaws.

Intel addresses nine flaws

Intel has addressed nine security vulnerabilities as part of the September 2020 Patch Tuesday. One of the critical flaws, tracked as CVE-2020-8758, impacts the Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms. The flaw scores 9.8 on a CVSS scale and can allow escalation of privilege on vulnerable systems.

Adobe fixes 18 flaws

Adobe has issued security updates for 18 security flaws, 12 of which are critical vulnerabilities. These 12 patched flaws can allow attackers to execute arbitrary code on devices running vulnerable versions of Adobe Indesign, Framemaker, and Experience Manager.

Faulty apps

In a research, 306 popular Android apps are deemed vulnerable due to unsafe cryptographic code. The experiment was conducted using a tool named CRYLOGGER that checks for 26 basic cryptography rules.

Top Scams Reported in the Last 24 Hours

DoJ scam

The Department of Justice (DoJ) has issued an alert about a scam that targets elderly people in America. The scam involves scammers calling users on behalf of the agency and attempting to obtain personal information from the victims. To win the confidence of victims, scammers introduce themselves as an employee working with the agency. Following the rise in such complaints, DoJ has advised users to be wary of such calls as they can lead to the stealing of personal and financial data.

Related Threat Briefings