December 11, 2023

BatLoader targets WebEx Users with malicious AD campaigns

Researchers have spotted a malvertising campaign targeting corporate users who are downloading the widely used web conferencing application, Webex. The malicious threat actors have purchased an advertisement that mimics Cisco’s branding, and it appears as the top result when conducting a Google search. 

The ad appears completely legitimate at first glance, featuring both the Webex logo and the official website. However, if you click on the menu to the right of the ad, you’ll find additional details that reveal the advertiser to be an individual from Mexico, which is highly unlikely to be associated with Cisco.

GitLab Addresses Critical Vulnerability -CVE-2023-4998

Researchers have discovered vulnerability in GitLab’s armor that affects both GitLab Community Edition (CE) and Enterprise Edition (EE) spanning versions 13.12 to 16.2.7 and versions 16.3 to 16.3.4.

The vulnerability CVE-2023-4998, with a CVSS v3.1 score of 9.6, discovered as a sibling of a previously detected vulnerability, CVE-2023-3932, which was addressed in August. Despite the initial fix, researcher managed to find a bypass, proving that attackers could still exploit the vulnerability – hence raising its severity rating to critical.


Cisco Acquires Splunk in a blockbuster deal

Cisco has confirmed that it has reached an agreement to acquire unified security and observability platform developer Splunk for roughly $28bn to drive the next generation of AI-enabled security and observability.

The blockbuster acquisition agreement was announced today, with San Jose, California-based Cisco planning to pay $157 per share in cash to buy San Francisco-based Splunk. The deal is expected to close in the third quarter of 2024, pending regulatory approval and other customary closing conditions including acceptance by Splunk’s board.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Microsoft Fixes Several Vulnerabilities on Chromium Edge Browser

Microsoft has patched three security vulnerabilities in Microsoft Edge (Chromium-based) that could allow attackers to spoof websites, gain elevated privileges on the system, or even escape the browser sandbox.

  • CVE-2023-36727
  • CVE-2023-36562
  • CVE-2023-36735

MGM Resorts and Caesars Attacks – Lesson Learnt

The latest cyber attack on MGM Resorts and Caesars Entertainment has taught a lesson from two similar organizations, under similar attacks by the same threat actor, to pursue contrasting incident response strategies. 

Both were victims of a Scattered Spider /ALPHV cyberattack. Caesars took a root of quick negotiation and handed over a $15 million ransom payout, which allowed it to proceed with business in relatively short order. On the other side MGM, meanwhile, flatly refused to pay and just  announced that its operations have been recovered after 10+ days of casino and hotel operational downtime

Trend Micro Endpoint Vulnerability – CVE-2023-41179

Researchers have identified a security bug that targets Trend Micro’s Endpoint security products designed primarily for enterprises.

The vulnerability tracked as CVE-2023-41179 with a  CVSS score of 9.1 resides with the 3rd Party AV Uninstaller Module within Trend Micro Endpoint security products. This flaw allows for arbitrary code execution. An attacker, with access to the product’s administration console, possesses the ability to execute any code with the system privilege on the PC where the security agent resides.


Fortinet Fixes Vulnerabilities in FortiOS

Researchers have identified vulnerabilities in Fortinet FortiOS that can be used by threat actors for malicious activities.

The vulnerabilities are Cross-Site scripting (XSS) and Cross-Site request forgery (CSRF) vulnerabilities. These vulnerabilities have been given the CVE IDs CVE-2023-29183 with a CVSS score of 5.4 and CVE-2023-34984 with a CVSS score of 8.8.

Snatch ransomware Dissection

The U.S. FBI and the CISA released a joint cybersecurity advisory warning of the Snatch ransomware operation. Snatch first appeared in 2018 and operates on a ransomware-as-a-service model. The first known victim in the U.S. of a Snatch ransomware attack was ASP.NET hosting provider SmarterASP.NET in 2019. The joint advisory echos the TTP’s associated with Snatch ransomware identified through FBI investigations as recently as June 1, 2023.

    1 thought on “TheCyberThrone Security Week In Review – September 23, 2023

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.