September 29, 2023

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending August, 2023

Subscribers favorite #1

PlayCrypt Ransomware attacks MSP’s

Researchers have spotted a threat actor used PlayCrypt to leverage Remote Monitoring and Management (RMM) software used by service providers to gain direct access to a customer’s environment, bypassing most of its defenses.

The PlayCrypt ransomware group initially spotted in June last year and believed to be affiliated with the Balloonfly malware group, can utilize the remote access capability to wreak havoc on mid-market firms. It employs double-extortion tactics, stealing victim data before encrypting their networks.

PlayCrypt expanded its toolkit with new tools and exploits like ProxyNotShell, OWASSRF, and a Microsoft Exchange Server Remote Code Execution. They usually use RDP as a vector for network infiltration, they can also use FortiOS vulnerabilities (CVE-2018-13379 and CVE-2020-12812), and other compromised software in the supply chain.

Subscribers favorite #2

CVE-2023-34034 – Spring WebFlux Vulnerability

Researchers have spotted a security flaw that has been found in Spring Security’s latest versions. The vulnerability tracked is a broken access control related, and as CVE-2023-34034, the flaw has a CVSS score of 9.8.

An investigation on the vulnerability, conducted by researchers and described the exact nature of the flaw, its potential victims, and a proof-of-concept illustrating the scenarios in which this flaw could be triggered for unauthorized access

The flaw centers around a filter bypass issue that can allow unauthorized users to gain access to sensitive areas of applications built on Spring WebFlux. This exploit can potentially compromise the security and integrity of the applications in question.

Advertisements

Subscribers favorite #3

Wikiloader malware downloader Dissection

Researchers have spotted malware downloader spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian organizations.

The downloader is called WikiLoader , which uses multiple mechanisms to evade detection. The financially motivated threat actor behind it, which tracked as TA544. The loader ultimately leads to the Ursnif banking Trojan, one of two Trojans favored by TA544.

Threat actors have pivoted away from using malicious Microsoft Office macro-laced attachments in tandem with Microsoft’s effort to block macros from executing, but TA544 has continued to use them in attack chains.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #4

WinRaR Zeroday CVE-2023-38831 Exploited

Threat actors are targeting users in online cryptocurrency trading forums via a now-patched bug in the popular WinRAR file compression and archiving utility.

The vulnerability tracked as CVE-2023-38831 allowed the attackers to hide malicious code in zip archives masquerading as “.jpg,” “.txt,” and other file formats, and then distribute them in online cryptocurrency trading forums.

The attacks have been going on since at least April, and a beta patch was issued on July 20 and an updated version of WinRAR (version 6.23) on Aug. 2. Security experts urged WinRAR users, currently estimated at 500 million, to install the new version immediately to mitigate their exposure to attacks targeting the vulnerability.

Advertisements

Subscribers favorite #5

Abnormal Security Debuts CheckGPT

Abnormal Security has announced a new service called CheckGPT, specifically designed to detect artificial intelligence-generated email attacks.

The service determines when email threats, including business email compromise and other socially engineered attacks, have likely been created using generative AI tools.

The security firm argues that cybercriminals are harnessing the power of generative AI, such as ChatGPT or its malicious counterpart, WormGPT, to craft compelling emails that evade traditional security measures. As generative AI becomes more widely adopted, there is a considerable increase in BEC attacks.

This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Leave a Reply

Related Post

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

TheCyberThrone Security Week In Review – September 16, 2023

September 17, 2023

You may have missed

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023

WordPress Simple Membership Plugin Vulnerabilities

September 28, 2023

Jetbrains TeamCity RCE Vulnerability

September 27, 2023

Heap Buffer Overflow Bug in libwebp Library -CVE-2023-5129

September 27, 2023 2

Symantec Collaborates with Google Cloud Security AI

September 27, 2023 2
%d bloggers like this: