Home / About / Threat Intelligence / August Threat Intel Round-Up

Monthly threat intel round-up: Petit Potam, PrintNightmare, Apple iOS & more.

Read about the latest threats, critical updates and vulnerability patches from August 2021.

Microsoft Windows Updates

Microsoft have released 44 patches including 7 to address critical vulnerabilities.

These include a fix for the Petit Potam NTLM Relay Attack and the remote PrintNightmare attack.

Unfortunately, the Print Spooler service is still vulnerable to a local privilege escalation CVE-2021-36958.

Remote Code Execution in Hyper-V

A recently patched vulnerability in Hyper-V could allow remote code execution.
In some cases, this may even allow guest machines to escape their execution environment and run code on the host machine.

Active Exploitation of VMWare vSphere

VMWare have released a security advisory about multiple vulnerabilities in the vSphere Client.
There are reports that this is being actively exploited in the wild to install web shells on vulnerable servers.

Citrix Security Update

In June Citrix released patches for CVE-2020-8299 and CVE-2020-8300, a DoS (Denial of Service) requiring local network access, and a high severity SAML auth Vulnerability which can be exploited via crafted phishing email.

Cisco patches Critical Vulnerabilities in Small Business VPN Routers

Cisco have released patches for multiple vulnerabilities in their VPNs. Of these, several are high severity vulnerabilities, which could be used by a remote attacker to execute arbitrary commands on vulnerable devices.

Apple iOS 14.7.1 Critical Updates

Apple have released an update to address a memory corruption bug (CVE-2021-30807) in iOS which is reported to be actively exploited in the wild. This bug allows an application running on the device to execute code with kernel privileges. The timing and nature of this update suggest that it may be the initial access method used by the NSO Group’s Pegasus malware.

Critical updates in Android

[Google have patched multiple vulnerabilities within the Android OS. The most severe of these issues is a high severity vulnerability in the Media Framework component which could be used for remote code execution.

REvil/Sodinokibi appear to shut down

The ransomware group’s website and infrastructure have disappeared from the Internet.
A “[Master Decryption Key” has been obtained which can be used by previous victims to decrypt their files.