What You Should Know: CVE-2021-36934 is a remote code execution vulnerability for Windows 10 and 11 that exists due to overly permissive ACLs on multiple system files, including the Security Accounts Manager (SAM) database. Restricting access to \system32\config\* is recommend by Microsoft, as well as deleting any restore points or shadows copies that existed prior to restricting access to the above folder. Deleting shadow copies may trigger unintended events in your SIEM.
CVE-2021-36934 – msrc.microsoft.com
What You Should Know: APT31 has been identified by France officials as targeting home and business routers for the purpose of using them to further obfuscate their activities. CERT-FR has provided and updated list of IOCs available in both CSV and JSON format.
CERTFR-2021-IOC-003 CSV Format
CERTFR-2021-IOC-003 JSON Format
What You Should Know: Joker malware has been causing trouble for Android users for the last several years and is once again finding its way into apps on the official Google Play store. Joker is alleged to steal SMS messages, contacts, device information, and any other data in which attackers can use to continue to proliferate their malware attacks.
What You Should Know: The Qualys Research Team has identified a privilege escalation vulnerability in the Linux filesystem layer that could allow a threat actor to gain root privileges. A proof-of-concept has already been developed and tested on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation.
What You Should Know: Threat actors are using customized login pages for Microsoft 365 to trick users. Using publicly available tools, threat actors are convincingly able to replicate Microsoft 365’s login page which can trick unsuspecting users into logging in to phishing sites. Users should be given standard login URLs and should not deviate from normal account security standards.
What You Should Know: Code in a printer driver that has existed since 2005 is now being used to compromise hundreds of printers from HP, Xerox, and Samsung printers. CVE-2021-3438 is described as a buffer overflow bug with “SSPORT.SYS” that could allow an attacker to run malicious code as an elevated ADMIN-level user.
Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.
#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack
Brought to you by
Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.