TheCyberThrone Security Week In Review – September 2, 2023
Share this:
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 02, 2023.
Microsoft Chromium Edge Privilege Escalation flaw : CVE-2023-36741
Microsoft has released an updated version of its Edge browser. The vulnerability is a privilege escalation bug tracked as CVE-2023-36741 with a CVSS Score of 8.3 affecting versions prior to 116.0.1938.62. An unauthorized remote attacker can exploit this vulnerability, which requires the interaction of the user.
Microsoft has not provided any additional details about this vulnerability which limits the current knowledge about this vulnerability. There is no known exploit code available for this vulnerability
Adhubllka Ransomware Dissection
Researchers have discovered a complex web of interconnected ransomware strains that trace their origins back to a common source: the Adhubllka ransomware family. The research delves into the lineage of various ransomware variants, including LOLKEK, BIT, OBZ, U2K and TZW. These are distinct ransomware strains share significant similarities in their codebase, tactics, and infrastructure.
Researchers were able to establish a genealogical relationship that ties them back to the original Adhubllka ransomware, which first surfaced in January 2020 that has undergone multiple iterations, each with slight modifications to encryption schemes, ransom notes and communication methods.
SapphireStealer Infostealer malware into limelight
Researchers have spotted new malware strain dubbed as SapphireStealer, an open source .NET-based information stealing malware that has been observed to be used by threat groups, with various customization. The malware is designed to obtain sensitive information, including credentials that are often resold to other threat actors who leverage access for additional attacks like cyberespionage or ransomware.
Like other stealer malware that has been appearing more frequently on the dark web, SapphireStealer has the ability to collect host information, browser data, files, screenshots, and exfiltrate the information in a ZIP file using SMTP. The malware looks for processes associated with Chrome, Yandex, Edge, and Opera browsers to kill them. The malware also checks for various browser database file directories for credential databases associated with 16 browsers, including Chrome, Microsoft Edge, Brave Browser, Opera, Comodo, and Yandex.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
LockBit 3.0 Source Code leak and rise of New Variants
Researchers came up with a warning about a new wave of LockBit ransomware variants in the wild following a leak of the source code used by the prolific ransomware gang last year. as-a-service model where affiliates use already-developed ransomware to execute attacks.
The latest version of the group’s ransomware, LockBit 3.0 — also known as LockBit Black — was launched in June 2022 with a promise to make ransomware great again. But, the source code for the release was stolen and shared online last September. The stolen code is now being used by other ransomware gangs to create their own customized versions of the ransomware.
Russian Chisel targets the Ukrainian military devices
A joint advisory report from the FBI, NSA, CISA, NCSC revealed new Russian Infamous Chisel malware is being used to target cryptocurrency wallet and exchange applications, among other data.
The malware is associated with activity linked to a hacking unit within Russia’s GRU military intelligence agency known as Sandworm, which has been targeting the Ukrainian military since their invasion. It’s designed to allow continuous access to a compromised Android device via the Tor network and periodically gather and send out victim data from the affected devices.
Forever 21 Suffers a Data Breach
Forever 21, the global fashion giant suffers a data breach exposes personal info of 500K+ individuals. In a cyberattack that took place earlier this year, the company’s systems were compromised, leading to the exposure of sensitive personal information.
With 540 outlets across the world and a workforce of approximately 43,000 employees, The data breach, which occurred between January and March of this year, was only detected on March 20, 2023, when the company realized that hackers had gained intermittent access to its systems. Meanwhile, the total number of persons affected has already reached 5,39,207.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
Very nice