December 6, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, October 14, 2023.

HTTP/2 Rapid Reset Vulnerability Detailed Out

All the leading OEMs are actively tracking the novel distributed denial-of-service attacks that were disclosed earlier this week. The techniques described resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.

CVE-2023-44487, a vulnerability resides in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets. The layer 7 attacks were detected in late August 2023. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487 and carries a CVSS score of 7.5.

Israel Hamas Conflict reflects on Cyberspace

Several threat actors have joined the Israel-Hamas conflict escalation. These groups have targeted various organizations and infrastructure in Israel and Gaza, using DDoS attacks, with the latest attacks aimed at SCADA systems and ICS.

An analysis found that numerous ICSs are vulnerable, and threat actors can readily exploit lax security measures. These assaults, targeting critical infrastructures and media outlets, underscore the increasing role of cyber operations in contemporary conflicts.

Advertisements

Microsoft Patch Tuesday – October 2023

Microsoft addresses 103 CVEs with 12 rated as critical and 91 rated as important and including two vulnerabilities that were exploited in the wild.

Microsoft announced that Windows Server 2012 and Windows Server 2012 R2 has reached its end of life as of October 10, 2023. This means that users of these versions of Windows Server will no longer receive security updates and should upgrade to a supported version as soon as possible.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Sophos Firewall and SG UTM affected by recently identified Exim Vulnerability

A critical vulnerability has been discovered in the Exim mailer software, which is widely used in Sophos Firewall and SG UTM products. The vulnerability tracked as CVE-2023-42118, could allow a remote attacker to execute arbitrary code on the system, which could in turn lead to a complete compromise of the device.

The vulnerability is caused by a flaw in the parsing of Sender Policy Framework (SPF) macros. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

ToddyCat – Chinese APT in Action with Stayin Alive Campaign

Researchers have discovered a new malicious espionage campaign “Stayin’ Alive’” is targeting telecommunications organizations and governments across Central and Southeast Asia tagged to the group ToddyCat.

ToddyCat is a Chinese-affiliated APT group that has been active since at least 2020. The group is known for targeting high-profile organizations in Asia, including telecoms, government agencies, and military contractors. Active since 2021, the campaign leverages spear-phishing emails to deliver archived files using DLL side-loading schemes, hijacking dal_keepalives.dll in Audinate’s Dante Discovery software (CVE-2022-23748).

Advertisements

Simpson Manufacturing suffers a Cyber Attack

Simpson Manufacturing, an engineering firm and building material provider in the U.S., has been struck by a cyberattack that caused disruptions in its IT infrastructure and applications. The disclosure was made in a filing with the SEC, elaborating that after becoming aware of the malicious activity, it began taking steps to stop and remediate the activity, including taking certain systems offline.

It had hired third-party cybersecurity experts to support its investigation and recovery efforts, Simpson Manufacturing added that the incident “has caused and is expected to continue to cause disruption to parts of the company’s business operations”

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

You may have missed

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023
%d