TheCyberThrone Security Week In Review – March 18th, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, March 18^th, 2023.

1. Microsoft Outlook Patched Zero Day Vulnerability Details CVE-2023-23397

A critical vulnerability that is identified as a Zeroday in the Microsoft Outlook/365 applications suite is being actively abused in the wild and requires a mandatory patching. The vulnerability tracked as CVE-2023-23397, with the CVSS score of 9.8, lets a remote and unauthenticated attacker breaches the system by sending a specially crafted email that allows them to steal the recipient’s credentials.

2. Kali Linux 2023.1 Released – Kali Purple

Offensive Security has launched Kali Linux 2023.1, which marks the project’s 10th anniversary and is the first version of 2023. The release features a new distribution known as ‘Kali Purple,’ targeting blue and purple teamers for defensive security.

Kali Purple is currently in its technical preview pre-launch phase and will require time to mature. Kali Purple is designed to be a one-stop-shop for blue and purple teams, offering accessibility and enterprise-grade security to everyone without requiring expensive licenses or commercial-grade infrastructure.

3. Rubrik Suffers a Data Breach – Fortra GoAnywhere MFT Bug Exploited

Following the breach of Hatch bank and CHS through exploiting the flaw in the Fortra’s GoAnywhere MFT. Now Rubrik also joins the victims list of suffering a data breach.

Cl0p ransomware group stolen  the data by exploiting the recently disclosed zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. This is coming into limelight after Cl0p listed Rubrik to its leak site. Rubrik immediately launched an investigation into the incident with the help of third-party forensics experts.

4. Zoll Medical Corp Suffers a Data Breach

Zoll Medical Corp, manufacturer of medical device and software has disclosed that  data breach that resulted in the possible theft of records belonging to about a million people.

The products manufactured will assist in advanced emergency care, while increasing clinical and operational efficiencies include cardiac monitoring, oxygen therapy and ventilation.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day.

5. BlackLotus – Bypasses Windows Secure Boot

Researchers discovered a malware dubbed BlackLotus, which bypasses Microsoft’s Secure Boot, will spawn copycats that were available on the Dark Web and attracts firmware attackers to increase their activity. Starting this month, March 2023 researchers published an analysis of the BlackLotus boot kit, which bypasses UEFI Secure Boot.  

Microsoft patched the flaw that BlackLotus targets aka Baton Drop, tracked as CVE-2022-21894. The patch only makes exploitation more difficult not impossible, and the impact of the vulnerability will be hard to measure because affected users will likely not see signs of compromise. The certificate of the vulnerable version remains valid

6. Dell introduces New Security Services

Dell has announced an array of new security services and solutions designed to help organizations protect against threats, respond to attacks, and secure their devices, systems, and clouds. The service named Managed Detection and Response Pro Plus, a fully managed security operations solution that helps organizations prevent, respond, and recover from security threats.

This service protects endpoints, infrastructure, software, hardware, and clouds with 24/7 threat detection and investigation while identifying vulnerabilities and prioritizing patching.

7. US Agency Exploited with an Old Progress Telerik RCE

The US CISA has reported that the threat actors are seen exploited a vulnerability that was first documented in 2019 that allows RCE to access a federal agency’s web server over a roughly three-month period.

In an advisory this week, CISA said threat actors including an unnamed APT group, as well as the Vietnam-based cybercriminal group known as the XE Group — exploited a Progress Telerik vulnerability tracked asCVE-2019-18935 with a CVSS of 9.8 to access the federal executive branch agency’s Microsoft Internet Information Services web server.

8. Microsoft Patch Tuesday – March 2023

Microsoft patched 80 CVEs in its March 2023 Patch Tuesday Release, with 9 rated as critical, 79 rated as important and one rated as moderate.

Two actively exploited zero-day vulnerabilities we will highlight later in this blog  were reported by the vendor: an elevation of privilege within Microsoft Outlook (CVE-2023-23397) rated as Critical and a security feature bypass within Windows SmartScreen (CVE-2023-24880) rated as Moderate

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram