Splunk has fixed several vulnerabilities in its data analytics platform. The vulnerabilities affect Splunk Enterprise and Splunk SOAR and could allow an attacker to execute arbitrary code, gain unauthorized access, or disrupt operations.
- CVE-2023-4571: Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
- CVE-2023-40598: Command Injection in Splunk Enterprise Using External Lookups
- CVE-2023-40597: Absolute Path Traversal in Splunk Enterprise Using runshellscript.py.
- CVE-2023-40595: Remote Code Execution via Serialized Session Payload
- CVE-2023-40592: Reflected Cross-site Scripting (XSS) on “/app/search/table” web endpoint
- CVE-2023-3997: Unauthenticated Log Injection in Splunk SOAR
Okta, an identity service provider comes with a warning to its customers about social engineering attacks carried out by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all MFA factors enrolled by highly privileged users. Once obtained a highly privileged role in an Okta customer tenant, the threat actor adopted novel methods of lateral movement and defense evasion.
Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory prior to calling the IT service desk.
Researchers have observed a threat actor goes by the name Tanaka recently has been observed sharing a post titled “bitsphere.in” on a dark web forum that sheds light on a significant data leak.
As per the researchers, the state website for the Ministry of Ayush in Jharkhand, which provides vital information about Ayurveda, Yoga and Naturopathy, Unani, Siddha, and Homoeopathy medications has been affected.
The leaked database, totalling 7.3 MB in size, reportedly contains over 320,000 patient records, including PII and medical diagnoses. The breach also exposed login information, usernames, passwords, and phone numbers of doctors associated with the website.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Researchers have discovered a new and advanced variant of the Chaes malware targeting customers of financial and logistics companies in Latin America. The latest malware variant dubbed as Chae$4 and the initial version Chaes emerged in November 2020, primarily targeting e-commerce customers in Latin America, particularly Brazil.
Chae$4 malware features a more sophisticated code structure, advanced encryption techniques, and stealth mechanisms, making it even harder to detect and predominantly uses Python, employing decryption and dynamic in-memory execution and evades traditional defense systems.
A Reddit user known as “Educational-Map-8145” has exposed a critical zero-day flaw affecting the Linux client of Atlas VPN service The vulnerability, which impacts the latest version of the client (1.0.3), allows malicious websites to disconnect the VPN and reveal the user’s IP address, raising concerns about user privacy and security.
The flaw stems from an API endpoint within the Atlas VPN Linux Client that listens on localhost (127.0.0.1) through port 8076. This API provides a command-line interface for various functions, including disconnecting a VPN session via a specific URL. This API lacks any form of authentication, making it susceptible to abuse by any program running on the user’s computer, including web browsers.
Ukraine’s CERT-UA has issued a warning about a cyber-attack orchestrated by the notorious Russian threat actor APT28. Targeting a critical power infrastructure facility in Ukraine.
CERT-UA detected the attempted breach on September 5, 2023. The attackers employed a sophisticated method to infiltrate their target. They crafted a scheme involving bulk emails sent from a fabricated address, each containing a link to a seemingly innocuous ZIP archive. This could have potentially granted the attackers unauthorized access to the organization’s systems and sensitive data.
What made this attack particularly insidious was the fact that the perpetrators leveraged legitimate services such as Mockbin and standard software functions to execute their malicious plan.