September 22, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 09, 2023.

Splunk Fixes Several Vulnerabilities on Data Analytics Platform

Splunk has fixed several  vulnerabilities in its data analytics platform. The vulnerabilities affect Splunk Enterprise and Splunk SOAR and could allow an attacker to execute arbitrary code, gain unauthorized access, or disrupt operations.

  • CVE-2023-4571: Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
  • CVE-2023-40598: Command Injection in Splunk Enterprise Using External Lookups
  • CVE-2023-40597: Absolute Path Traversal in Splunk Enterprise Using runshellscript.py.
  • CVE-2023-40595: Remote Code Execution via Serialized Session Payload
  • CVE-2023-40592: Reflected Cross-site Scripting (XSS) on “/app/search/table” web endpoint
  • CVE-2023-3997: Unauthenticated Log Injection in Splunk SOAR

Okta Warns it’s Customers on Social Engineering attacks

Okta, an identity service provider comes with a warning to its customers about social engineering attacks carried out by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all MFA factors enrolled by highly privileged users. Once obtained a highly privileged role in an Okta customer tenant, the threat actor adopted novel methods of lateral movement and defense evasion.

Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory prior to calling the IT service desk.

Advertisements

Ayush Jharkhand Suffers a Breach

Researchers have observed a threat actor goes by the name Tanaka recently has been observed sharing a post titled “bitsphere.in” on a dark web forum that sheds light on a significant data leak.

As per the researchers, the state website for the Ministry of Ayush in Jharkhand, which provides vital information about Ayurveda, Yoga and Naturopathy, Unani, Siddha, and Homoeopathy medications has been affected.

The leaked database, totalling 7.3 MB in size, reportedly contains over 320,000 patient records, including PII and medical diagnoses. The breach also exposed login information, usernames, passwords, and phone numbers of doctors associated with the website.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Chae$4 Malware targets financial institutions

Researchers have discovered a new and advanced variant of the Chaes malware targeting customers of financial and logistics companies in Latin America. The latest malware variant dubbed as Chae$4 and the initial version Chaes emerged in November 2020, primarily targeting e-commerce customers in Latin America, particularly Brazil.

Chae$4 malware features a more sophisticated code structure, advanced encryption techniques, and stealth mechanisms, making it even harder to detect and predominantly uses Python, employing decryption and dynamic in-memory execution and evades traditional defense systems.

Atlas VPN ZeroDay Vulnerability

A Reddit user known as “Educational-Map-8145” has exposed a critical zero-day flaw affecting the Linux client of Atlas VPN service The vulnerability, which impacts the latest version of the client (1.0.3), allows malicious websites to disconnect the VPN and reveal the user’s IP address, raising concerns about user privacy and security.

The flaw stems from an API endpoint within the Atlas VPN Linux Client that listens on localhost (127.0.0.1) through port 8076. This API provides a command-line interface for various functions, including disconnecting a VPN session via a specific URL. This API lacks any form of authentication, making it susceptible to abuse by any program running on the user’s computer, including web browsers.

Advertisements

Russian APT28 Hits Ukrainian Power Utilities

Ukraine’s CERT-UA has issued a warning about a cyber-attack orchestrated by the notorious Russian threat actor APT28. Targeting a critical power infrastructure facility in Ukraine.

CERT-UA detected the attempted breach on September 5, 2023. The attackers employed a sophisticated method to infiltrate their target. They crafted a scheme involving bulk emails sent from a fabricated address, each containing a link to a seemingly innocuous ZIP archive. This could have potentially granted the attackers unauthorized access to the organization’s systems and sensitive data.

What made this attack particularly insidious was the fact that the perpetrators leveraged legitimate services such as Mockbin and standard software functions to execute their malicious plan.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Leave a Reply

Related Post

TheCyberThrone Security Week In Review – September 16, 2023

September 17, 2023

TheCyberThrone Security Week In Review – September 2, 2023

September 3, 2023

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: