
Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January, 2023. A new initiative to collate the top 5 viewers favorite stories for each months
Subscribers favorite #1
ZOHO ManageEngine Vulnerability Exploit Warning
Researchers from Horizon3.ai have urged Zoho ManageEngine users to patch their software against a critical security vulnerability tracked CVE-2022-47966 after designing and releasing a PoC exploit code. Exploit developers said the team has successfully reproduced the exploit and is now providing additional insight into the vulnerability to help users determine if they have been compromised.
This vulnerability was patched by Zoho last year, the bug affects multiple Zoho ManageEngine products. It can be exploited over the internet to launch remote code execution exploits if security assertion markup language (SAML) single sign-on (SSO) is enabled or has been enabled before. At the time of writing Data from the Shodan, shows that there are thousands of instances of ManageEngine products exposed to the internet with SAML currently enabled.
Subscribers favorite #2
TheCyberThrone Security Certification Ultimate RoadMap Guide
Cybersecurity is one of the most crucial areas for ensuring a business’s success and longevity. With cyberattacks growing in sophistication, it’s essential for business owners to protect their companies by hiring qualified cybersecurity experts to manage this aspect of their business. The best candidates will have a certification in information security and cybersecurity. This guide breaks down the top certifications and other guidance you’ll need to make the right hire for your company. It’s also a great primer for individuals who are embarking on a cybersecurity career.
Getting a certificate is important in the industry as it proves your skills for companies and keeps you updated with the latest new techniques. It is not too easy to choose a suitable certificate to take which is why in the following article, In this article, we have discussed the certifications from starting entry level, mid level and advanced level certification and related examination details
Subscribers favorite #3
IceID Malware Malvertised Zoom Installer
Researchers discovered a phishing campaign targeting Zoom users to deliver the IcedID malware. IcedID is a banking trojan that has capabilities like other financial threats like Gozi, Zeus, and Dridex. The capabilities, include launching man-in-the-browser attacks, and intercepting and stealing financial information from victims.
As per the researchers, threat actors used a phishing website, mimicking the legitimate Zoom website, to deliver the IcedID malware. The landing page on the website contained a download button. Upon clicking on the button, the site delivered a Zoom installer file from the URL: hxxps[:]//explorezoom[.]com/products/app/ZoomInstallerFull[.]exe. After which the desired action has been executed by the threat actor
Subscribers favorite #4
Vice Society Ransomware Gang behind Australia FRV attack
The Vice Society ransomware group claimed responsibility for a December 2022 attack on an Australian state fire department that led to a widespread IT outage. Fire Rescue Victoria warned current and former employees and job applicants of data leak.
Vice Society did not share many details about the leak or its negotiations with the fire department, it released a data set as proof of its claims. The leaked data includes budget documents, job applications and other sensitive information.
Subscribers favorite #5
Dark Pink APT Campaign
A new APT campaign targeting countries in Southeast Asia and Eastern Europe for apparent espionage purposes has been spotted by the researchers.
The APT group Dubbed as Dark Pink, believed to be a new threat actor. Dark Pink has been found to be targeting military bodies, government ministries and agencies, and religious and non-profit organizations in Cambodia, Indonesia, Malaysia, Philippines, Vietnam and Bosnia and Herzegovina.
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram