TheCyberThrone Security Week In Review– June 17, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 17, 2023.

1. Killnet Warns on Attacks with Deadly Combo

The pro-Russian hacktivist Killnet claims to be working in concert with a resurgent form of the notorious ReVIL ransomware gang. The group is warning that attacks are imminent, but it’s unclear whether the threats amount to anything more than bluster and saber-rattling, particularly given Killnet’s past track record of, at most, carrying out mildly DDoS attacks

Killnet could be fabricating the ReVIL and Anonymous Sudan partnership to lend some heft and gravitas to its threats against some tough targets. A ReVIL partnership that’s more than a flight of fancy “would allow them greater access to vulnerability exploitation, network intrusion, and data exfiltration.”

2. Moveit Vulnerability Victims list Expands

The number of victims of MOVEit file transfer software continues to grow, and the victims now include several U.S. government agencies. Even though the full list of agencies targeted was not disclosed by CISA, it was revealed that the Department of Energy was one of those targeted.

Multiple sources claims that Oak Ridge Associated Universities and the DOE’s Waste Isolation Pilot Plant near Carlsbad, New Mexico, experienced data breaches involving the MOVEit vulnerability. Since a report last week detailing victims, including the BBC, British Airways Plc and the pharmacy chain Boots UK Ltd., had been targeted through a MOVEit attack on payroll company Zellis UK Ltd., the list of victims has grown.

Clop has listed thirteen companies and organizations on its dark web leaks site. Several of those listed have since confirmed that they have been victims: Shell Plc, UnitedHealthcare Student Resources, the University of Georgia, the University System of Georgia, Heidelberger Druckmaschinen AG and Landal Greenparks.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

3. XSS Flaw in Azure Services

Researchers identified two cloud related vulnerabilities in Azure Bastion and Azure Container Registry, which allowed an attacker to achieve cross-site scripting by using iframe-postMessages [and] allowed unauthorized access to the victim’s session within the compromised Azure service iframe

Attack Flow

1. Reconnaissance
2. Endpoint Misconfiguration
3. Exploiting the Misconfigured Endpoint
4. Analyzing Legitimate postMessages
5. Debugging and Identifying Vulnerable Code
6. Crafting the Exploitative Payload
7. Delivery and Execution
8. Exploitation Consequences

4. Fortinet Patches Critical Auth Vulnerability

Fortinet has released patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. An attacker can exploit the vulnerability to achieve remote code execution on vulnerable network equipment. The issue is reachable pre-authentication that impacts every SSL VPN appliance

The flaw is not disclosed publicly and scheduled to be public on June 13, 2023. The vulnerability has been patched in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram