October 2, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 8, 2023.

1. BlackCat Ransomware Abuses ads to Spread Malware

Researchers have spotted BlackCat ransomware gang is using Google and Bing search ads promoting a well-known file-transfer app as a lure to drop malicious payloads and infect with malware.The research report states the TTPs deployed during the attack including legitimate and illegitimate tools, scripts, and commands leading to a BlackCat infection.

The malvertising campaign directs anyone who clicks on the malicious ads to a spoofed download page for WinSCP, a popular open-source Windows application used to copy files between a local computer and remote servers using a range of transfer protocols.

2. Moveit New Critical Vulnerabilities Warning

Progress Software has issued an urgent warning to customers about newly uncovered critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution. These vulnerabilities could potentially allow attackers to pilfer information from unsuspecting customers’ databases.

The Critical-Severity Vulnerability: CVE-2023-36934The vulnerability labelled as CVE-2023-36934 poses a critical threat to several versions of Progress MOVEit Transfer. Specifically, this affects releases prior to 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4). The threat here is a SQL injection vulnerability within the MOVEit Transfer web application.


The High-Severity Vulnerabilities: CVE-2023-36932 and CVE-2023-36933 The vulnerabilities identified as CVE-2023-36932 and CVE-2023-36933 are considered of high severity. Like the previous vulnerability, CVE-2023-36932 affects multiple versions of MOVEit Transfer released before specific versions. However, in this case, an authenticated attacker could exploit the vulnerability by injecting a malicious payload, leading to unauthorized access, modification, and disclosure of database content.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

3. MITRE’s New CWE 25 List Released

The US government has published a list of the most common and impactful software weaknesses of the past two years.The CWE Top 25 list was announced by the Homeland Security Systems Engineering and Development Institute, sponsored by the DHS and operated by non-profit MITRE.Software weaknesses are errors, bugs, flaws and more that can lead to vulnerabilities.

Unlike the Common Vulnerabilities and Exposures (CVE) system, which provides a number for each discovered vulnerability, Common Weakness Enumeration (CWE) is more like a glossary of generic weakness types. In other words, it refers to types of software weakness rather than specific vulnerabilities.

4. Chinese APT Masterminding SmugX Campaign

Researchers have spotted a Chinese APT campaign targeting European government entities focused on foreign and domestic policies that uses HTML smuggling, a technique in which attackers hide malicious payloads inside HTML documents and the campaign is dubbed as SmugXActive since December 2022, the campaign is likely a direct continuation of a previously reported campaign attributed to RedDelta and the Mustang Panda group.

The campaign appears to be focused on Eastern European countries, including the Czech Republic, Slovakia, and Hungary.Combined with other Chinese based group’s activity previously reported, this represents a larger trend within the Chinese ecosystem, pointing to a shift in target towards European entities, with a focus on their foreign policy.


5. Lockbit locks Japan’s Nagoya Port

The Russian-based threat group LockBit targeted the Port of Nagoya in a ransomware attack. Japan’s largest port is currently unable to load and unload containers from trailers

Nagoya is Japan’s largest port and is responsible, among others, for a part of Toyota Motor`s exports and imports. By now, even if they cannot load or unload auto parts, Toyota claims there had been no disruption to its production. Additionally, the company stated that the attack didn’t impact the logistics of finished vehicles either, as they use a different computer system

It is expected that this attack will lead to a massive financial losses and a disruption to the circulation of goods to follow due to the ransomware attack.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

%d bloggers like this: