December 12, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, October 21, 2023.

Fake Browser Updates Distributes Malware

Researchers have identified a rising trend in threat activity that employs fake browser updates to disseminate malware. Fake browser updates are compromised websites that display fake notifications mimicking popular browsers like Chrome, Firefox, or Edge, luring users into downloading malicious software instead of legitimate updates.

The threat campaigns comprise three stages: injection on a compromised website; traffic to actor-controlled domains; and payload execution on the user’s device. These threats infiltrate websites using JavaScript or HTML-injected code to direct traffic to their controlled domains and automatically download malicious payloads.

WinRAR Vulnerability CVE-2023-38831 Surge in exploitation

Google TAG has come up with warnings to users about a vulnerability in WinRAR that’s being actively exploited by hacking groups, including allegedly state-sponsored actors. Threat groups are leveraging a vulnerability tracked as CVE-2023-38831 that resides in versions of WinRAR before 6.23 and allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

Though its first detected in April and even a patch was issued, many users remain susceptible. The vulnerability lies in WinRAR’s file extraction logic, which allows attackers to execute arbitrary code on a user’s system.


Cisco IOS Privilege Escalation Vulnerability – CVE-2023-20198

Cisco comes with a warning to its customers about an IOS XE devices of a critical vulnerability that has no patch and is actively being exploited in the wild. The vulnerability, tracked as CVE-2023-20198, with a CVSS score of 10 and is found in all Cisco IOS XE devices that have the Web UI feature enabled. The vulnerability affects physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS Server feature enabled.

The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access, which gives the attacker complete control of the affected system.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

BlackCat added MCH to its leak site

The BlackCat (aka ALPHAV) ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The threat actors claim to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more. The gang also published a sample as proof of the stolen data

The group states that it has started contacting journalists because the representatives of the Morrison Community Hospital haven’t provided a clear response. The Alphv gang also threatens to initiate patient calls shortly.

LockBit lists CDW to its leak site

The Lockbit ransomware gang has claimed the responsibility of breaching CDW and threatens to leak the stolen data. CDW has announced that it launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site.

CDW Corporation is a provider of technology solutions and services for business, government, and education. The LockBit ransomware gang demanded an $80 million ransom, but the group claims that the company only offered $1 million.


BackBox’s Network Vulnerability Manager for Automation

Backbox Software,  a network management and automation platform  has announced the launch of Network Vulnerability Manager, a new service that offers deep integration with vulnerability management for network teams. The new NVM, offered alongside Backbox’s existing Network Automation Platform, integrates automated operating system upgrades and network configuration management capabilities with network vulnerability management into common workflows.

NVM has been built for network teams to discover vulnerabilities in their network easily, prioritize common vulnerabilities and exposures according to their unique risk profile and automate multiple levels of remediation, no matter the network complexity.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.