How can we help?
Monthly threat intel round-up: Petit Potam, PrintNightmare, Apple iOS & more.
Read about the latest threats, critical updates and vulnerability patches from August 2021.
Microsoft Windows Updates
Microsoft have released 44 patches including 7 to address critical vulnerabilities.
Unfortunately, the Print Spooler service is still vulnerable to a local privilege escalation CVE-2021-36958.
Remote Code Execution in Hyper-V
A recently patched vulnerability in Hyper-V could allow remote code execution.
In some cases, this may even allow guest machines to escape their execution environment and run code on the host machine.
Active Exploitation of VMWare vSphere
VMWare have released a security advisory about multiple vulnerabilities in the vSphere Client.
There are reports that this is being actively exploited in the wild to install web shells on vulnerable servers.
Citrix Security Update
In June Citrix released patches for CVE-2020-8299 and CVE-2020-8300, a DoS (Denial of Service) requiring local network access, and a high severity SAML auth Vulnerability which can be exploited via crafted phishing email.
Cisco patches Critical Vulnerabilities in Small Business VPN Routers
Cisco have released patches for multiple vulnerabilities in their VPNs. Of these, several are high severity vulnerabilities, which could be used by a remote attacker to execute arbitrary commands on vulnerable devices.
Apple iOS 14.7.1 Critical Updates
Apple have released an update to address a memory corruption bug (CVE-2021-30807) in iOS which is reported to be actively exploited in the wild. This bug allows an application running on the device to execute code with kernel privileges. The timing and nature of this update suggest that it may be the initial access method used by the NSO Group’s Pegasus malware.
Critical updates in Android
[Google have patched multiple vulnerabilities within the Android OS. The most severe of these issues is a high severity vulnerability in the Media Framework component which could be used for remote code execution.
REvil/Sodinokibi appear to shut down
The ransomware group’s website and infrastructure have disappeared from the Internet.
A “[Master Decryption Key” has been obtained which can be used by previous victims to decrypt their files.