SUBSCRIBE TO OUR BLOG TODAY !We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, October 07, 2023.

Qakbot is alive despite being taken down

Earlier this year, a task force was headed by the U.S. FBI and Dutch police claimed to have taken down prolific malware and botnet operator Qakbot. The threat actors behind Qakbot are back, but in a surprising twist, it appears they never went away to begin with.

Qakbot has used a variety of infection vectors, including switching file names and formats and deploying several techniques to hide its operation. The return of Qakbot was discovered by researchers, and the threat actors behind Qakbot have been conducting a campaign since early August in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via emails.

Bunny Loader Malware-as-a-Service in Action

Researchers has identified an emerging Malware-as-a-Service (MaaS) threat known as BunnyLoader, available on underground forums. BunnyLoader, primarily written in C/C++, is a fileless loader that conducts malicious activities in memory, making detection more challenging for cybersecurity experts. It features a range of capabilities, including keylogging, clipboard monitoring to hijack cryptocurrency wallet addresses and remote command execution.

Since its initial release on September, 2023, BunnyLoader has witnessed several iterations, each bringing enhancements and fixes. These updates address bugs, introduce new functionalities, and adapt to thwart analysis attempts. The malware now offers options for payload and stub purchases at $250 and $350, respectively.

Atlassian Confluence Critical Vulnerability – CVE-2023-22515

Atlassian, has fixed a privilege escalation vulnerability bug in Confluence Server and Datacenter editions.The vulnerability, tracked as CVE-2023-22515, attackers have already exploited this flaw in some publicly accessible Confluence instances, enabling them to craft unauthorized Confluence administrator accounts and infiltrate the instances.

Atlassian Cloud sites are safe since these sites remain unaffected if the confluence site accessed through an atlassian.net domain, rest easy your data remains uncompromised.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

McLaren Healthcare suffers a Ransomware Incident

The notorious BlackCat ransomware gang boasted about the attack on their dark website, after which McLaren Healthcare confirmed the ransomware attack. McLaren Healthcare is one of the largest healthcare systems in Michigan. The BlackCat ransomware group claims to have access to sensitive data of McLaren’s 2.5 million patients and videos of hospital work, which is altogether 6TB of data.

The group did not initially name the company but added McLaren’s name hours later when the healthcare provider supposedly tried to hide the hack attack, and their spokesperson did not respond to the ransomware group’s demands.

Industrial Control Systems and Vulnerability Management Process

The evolving cyber threat landscape requires organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Threat actors are exploiting the known unpatched vulnerabilities in order to intrude into Industrial Control Systems (ICS) environments and disrupt critical operations.

Patching is a fundamental security practice, but applying it in OT (Operational Technology) settings differs substantially from IT systems. In the OT world, assessing the benefits and risks of applying a patch before doing so is essential.

Qualcomm fixes Zero Day Vulnerabilities

Qualcomm and Arm have been forced to release security updates to patch several zero-day vulnerabilities exploited in recent targeted attacks against their chips.

The four vulnerabilities are:

CVE-2023-33106: A use-after-free vulnerability in the Adreno GPU driver
CVE-2023-33107: A use-after-free vulnerability in the Compute DSP driver
CVE-2022-22071: A possible use-after-free vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2023-33063: A buffer copy without checking the size of input vulnerability in the WLAN firmware.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram

Like this:

Related Stories

Leave a ReplyCancel reply

Related Post

You may have missed