September 29, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, August 05, 2023.

1. Wikiloader malware downloader Dissection

Researchers have spotted malware downloader spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian organizations.The downloader is called WikiLoader , which uses multiple mechanisms to evade detection.

The financially motivated threat actor behind it, which tracked as TA544. The loader ultimately leads to the Ursnif banking Trojan, one of two Trojans favored by TA544.As per the researchers, It is named WikiLoader due to the malware making a request to Wikipedia and checking that the response has the string “The Free” in the contents, and since December 2022, at least more than half a dozen campaigns observed distributing Wikiloader.

2. BleedingPipe Vulnerability affects Minecraft servers

Minecraft players and those who run Minecraft servers face a new and dangerous security vulnerability, which could allow bad actors to run remote code on their computers. Dubbed as ‘BleedingPipe,’ by a user group called MMPA (Minecraft Malware Prevention Alliance), the exploit uses Java deserialization to infect servers or clients that have one of many popular mods installed.

The number of vulnerable Minecraft mods is extensive. A German goes by Dogboy21 on GitHub has identified three dozen popular mods that have the vulnerability, ranging from AetherCraft to Immersive Armors to ttCore Dogboy21’s Github page also has a patch to fix the problem, which involves getting a new JAR file to put into your mods folder. The MMPA’s blog post lists even more mods that are affected and claims that, specifically, 1.7.10 and 1.12.2 version modpacks are those that are vulnerable

Advertisements

3. Volt Typhoon rooted deep in to US Infrastructure

Two major cyber headaches rocking US authorities over the weekend are the widespread and still unresolved Chinese campaign known as Volt Typhoon targeting military bases, and the other an insider breach affecting Air Force and FBI communications.US authorities have confirmed that Volt Typhoon’s malware is much more endemic than what it is considered; responders have found it planted inside numerous networks controlling the communications, power, and water feeding US military bases at home and abroad.

Meanwhile, a search warrant obtained by Forbes revealed that the Pentagon is dealing with a wholly separate cyber intrusion, a communications compromise affecting 17 Air Force facilities, and possibly the FBI as well, courtesy of an Air Force engineer.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

4. Salesforce Domain Used in the Phishing Campaign

Researchers have discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers.The vulnerability allowed threat actors to craft targeted phishing emails, evading conventional detection methods by leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform.

Using phishing techniques, the threat actors successfully hid malicious email traffic within legitimate and trusted email gateway services, allowing them to capitalize on the companies’ volume and reputation.

Advertisements

5. AWS System Manager Agent Abuse

Researchers have published a report about new potential post-exploitation techniques involving AWS System Manager agents.The exploit involves the potential for the SSM agent to be used as a remote access trojan on both Linux and Windows machines, controlled via an attacker-owned AWS account. This exploit could potentially be abused in real-world attacks.

AWS Systems Manager is a tool within Amazon’s suite that is designed to aid DevOps engineers in managing tasks such as patching operating systems across EC2 instances. SSM that being installed on the EC2 Instances allows for the automation of these tasks and provides an integrated way to handle configuration management, patching, and system monitoring.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Leave a Reply

Related Post

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

TheCyberThrone Security Week In Review – September 16, 2023

September 17, 2023

You may have missed

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023

WordPress Simple Membership Plugin Vulnerabilities

September 28, 2023

Jetbrains TeamCity RCE Vulnerability

September 27, 2023

Heap Buffer Overflow Bug in libwebp Library -CVE-2023-5129

September 27, 2023 2

Symantec Collaborates with Google Cloud Security AI

September 27, 2023 2
%d bloggers like this: