Cybersecurity Daily News for July 22, 2021

Trending Headlines

HiveNightmare zero-day lets anyone be SYSTEM on Windows 10 and 11

What You Should Know: CVE-2021-36934 is a remote code execution vulnerability for Windows 10 and 11 that exists due to overly permissive ACLs on multiple system files, including the Security Accounts Manager (SAM) database. Restricting access to \system32\config\* is recommend by Microsoft, as well as deleting any restore points or shadows copies that existed prior to restricting access to the above folder. Deleting shadow copies may trigger unintended events in your SIEM.

CVE-2021-36934 – msrc.microsoft.com

Home and office routers come under attack by China state hackers, France warns

What You Should Know: APT31 has been identified by France officials as targeting home and business routers for the purpose of using them to further obfuscate their activities. CERT-FR has provided and updated list of IOCs available in both CSV and JSON format.

CERTFR-2021-IOC-003 CSV Format
CERTFR-2021-IOC-003 JSON Format

Joker malware returns to target millions more Android devices

What You Should Know: Joker malware has been causing trouble for Android users for the last several years and is once again finding its way into apps on the official Google Play store. Joker is alleged to steal SMS messages, contacts, device information, and any other data in which attackers can use to continue to proliferate their malware attacks.

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

What You Should Know: The Qualys Research Team has identified a privilege escalation vulnerability in the Linux filesystem layer that could allow a threat actor to gain root privileges. A proof-of-concept has already been developed and tested on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation.

CVE-2021-33909
CVE-2021-33910

Hackers co-opt Microsoft’s anti-phishing feature for phishing attacks

What You Should Know: Threat actors are using customized login pages for Microsoft 365 to trick users. Using publicly available tools, threat actors are convincingly able to replicate Microsoft 365’s login page which can trick unsuspecting users into logging in to phishing sites. Users should be given standard login URLs and should not deviate from normal account security standards.

Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug

What You Should Know: Code in a printer driver that has existed since 2005 is now being used to compromise hundreds of printers from HP, Xerox, and Samsung printers. CVE-2021-3438 is described as a buffer overflow bug with “SSPORT.SYS” that could allow an attacker to run malicious code as an elevated ADMIN-level user.

CVE-2021-3438

Several New Critical Flaws Affect CODESYS Industrial Automation Software

What You Should Know: Multiple vulnerabilities have been found in automation software, CODYSYS. A total of 7 vulnerabilities were reported ranging from CVSS scores of 7.5 to 10.0 and are listed below. The vulnerabilities found could results in a denial-of-service attack, or allow the privilege escalation execution of malicious Javascript.

CVE-2021-29238
CVE-2021-29240
CVE-2021-29241
CVE-2021-34569
CVE-2021-34566
CVE-2021-34567
CVE-2021-34568

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Leave a Comment