TheCyberThrone Security Week In Review

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 22, 2023.

1. Gamaredon back with latest TTP

Ukraine’s CERT-UA is warning that the Russia-linked APT group Gamaredon used to steal data from victims’ networks in less than an hour after the initial compromise.The Gamaredon APT group active since 2014, continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations.

Since the Russian invasion of Ukraine, the cyber espionage group has carried out multiple campaigns against Ukrainian targets. CERT-UA has monitored Gamaredon operations and was able to gather intelligence on the APT’s TTP’s.

2. CVE-2023-38408: OpenSSH RCE Vulnerability

Researchers from Qualys Security has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent tracked as CVE-2023-38408.

A key actor in this context is the ssh-agent. This is a helper program that simplifies the user authentication process by maintaining records of users’ identity keys and passphrases. Once the keys are stored in ssh-agent, it allows users to log into other servers without needing to enter their password or passphrase again, thereby creating a seamless SSO experience. However, recent events have proven that even this well-intentioned system can harbor a potentially devastating vulnerability.

3. FIN8 Incorporates Sardonic Backdoor to deploy Ransomware

Researchers have spotted that the FIN8 hacking group has been observed deploying a revamped version of the Sardonic backdoor malware and focussed on ransomware attacks.

Researchers tracked FIN8 with the name Syssphinx in the recent report, was observed deploying a new variant of the Sardonic backdoor malware to deliver BlackCat ransomware. Social engineering and spear-phishing are two of the group’s preferred methods for initial compromise. The group is known for utilizing so-called living-off-the-land tactics, making use of built-in tools and interfaces such as PowerShell and WMI, and abusing legitimate services to disguise its activity.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

4. Owasp API Security Top 10 2023

The OWASP API Security Project has just released an updated version of the OWASP Top 10 for APIs.The first edition was published four years ago (2019). Since then, a lot has changed. Updating the list required us to keep up with new trends and talk to security experts from different industries to make the information more accessible to everyone.

• API1 – Broken Object Level Authorization
• API2 – Broken Authentication
• API3 – Broken Object Property Level Authorization
• API4 – Unrestricted Resource Consumption
• API5 – Broken Function Level Authorization
• API6 – Unrestricted Access to Sensitive Business Flows
• API7 – Server-Side Request Forgery
• API8 – Security Misconfiguration
• API9 – Improper Inventory Management
• API10 – Unsafe Consumption of APIs

5. Adobe ColdFusion RCE Bug

Adobe has released patches for a critical vulnerability in ColdFusion that could be exploited to achieve arbitrary code execution.The vulnerability tracked as CVE-2023-38203 with a CVSS score of 9.8, described as deserialization of untrusted data in ColdFusion versions 2023, 2021 and 2018.

Allowing an attacker to supply specially crafted data and trigger the execution of arbitrary code, potentially leading to complete system compromise. Adobe announced that the issue was patched with the release of ColdFusion 2023 Update 1, ColdFusion 2021 Update 7, and ColdFusion 2018 Update 17.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram