TheCyberThrone Security Week In Review

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 16, 2023.

Adobe Patches a Zero Day Bug – CVE-2023-26369

Adobe has urgently shipped a security update addressing a dire flaw in Adobe Acrobat and Reader. If left unchecked, this critical vulnerability could set the stage for arbitrary code execution, giving cyber attackers a potential backdoor into your system. The issue isn’t restricted to a single OS either – it’s wreaking havoc on both Windows and macOS systems.

The vulnerability dubbed as CVE-2023-26369, this nefarious zero-day vulnerability stems from an out-of-bounds write weakness. In layman’s terms, attackers leveraging this flaw can gain the capability to run malicious code on your device without your consent.

3 AM Ransomware Dissection

A new ransomware strain dubbed as “3AM” has been detected in an incident that attempted to infect a victim with LockBit ransomware had been blocked.

3AM ransomware is written in the Rust programming language and is new to the threat landscape. It attempts to stop multiple services on the infected computer before it begins encrypting files. Once encryption is complete, it attempts to delete Volume Shadow copies.

Cuba Ransomware Latest Tactics Analysis

Researchers have unveiled research into the activities of the notorious Cuba ransomware group known as Cuba targeting organizations worldwide, spanning various industries.

The group has changed names several times since its inception. The following aliases it has used:

ColdDraw
Tropical Scorpius
Fidel
Cuba

Four extortion models exist today in terms of tools used for pressuring the victim.

Single extortion: encrypting data and demanding a ransom just for decryption.
Double extortion: besides encrypting, attackers steal sensitive information. They threaten to both withhold the encryption key and publish the stolen information online unless the victim pays up. This is the most popular model among ransomware gangs today.
Triple extortion: adding a threat to expose the victim’s internal infrastructure to DDoS attacks.
The fourth model is the least common one, as it implies maximum pressure and is thus more costly. It adds spreading news of the breach among the victim’s investors, shareholders, and customers.

Craft CMS Critical RCE Bug – CVE-2023-41892

Researchers has recently disclosed a vulnerability CVE-2023-41892, a Remote Code Execution flaw in Craft CMS application.

CVE-2023-41892 is a bug identified in Craft CMS that can grant malicious actors the ability to execute arbitrary code on the server where the CMS is hosted. This vulnerability has a CVSS score of 10, it signifies that the vulnerability is not only easy to exploit due to its reduced attack code complexity, but it can also be harnessed from a remote location and doesn’t require any authentication on the target device which makes it a prime target for attackers.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Google Addresses a Zero Day Bug in Chrome – CVE-2023-4863

Google has issued an emergency patch to address a critical vulnerability found in its Chrome web browser. The flaw, known as CVE-2023-4863, is a heap buffer overflow in the WebP image format. Exploiting this vulnerability can potentially result in arbitrary code execution or system crashes.

This latest security patch from Google not only addresses CVE-2023-4863 but also tackles three additional zero-day vulnerabilities (CVE-2023-2033, CVE-2023-2136, CVE-2023-3079) that have been discovered earlier this year.

MGM Resorts and Cyber Attacks are tightly coupled

MGM Resorts has been forced to shut down some casino and hotel systems following what the company described as a “cybersecurity issue.”

The incident began on Sunday and affected systems, including websites, online reservations, ATMs, and credit card machines. The company owns hotels, casinos, and resorts in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio, as well as Las Vegas. The outages included slot machines, and some guests reported that their room keys were not working.

Save the Children NGO Possibly hit by BianLian Ransomware

Bian Lian ransomware gang claims the responsibility towards the cyber attack on the non-profit organization and has stolen a ton of files, including what the miscreants claim is financial, health, and medical data.

Active since 2022, Bian Lian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram

Like this:

Related Stories

Leave a ReplyCancel reply

Related Post

You may have missed