December 12, 2023

Second Cisco IOS XE Zero Day Exploited in Wild – CVE-2023-20273

A second IOS XE zero-day vulnerability in Cisco tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Earlier last week, customers of Cisco were warned about a zero-day vulnerability, tracked as CVE-2023-20198, in its IOS XE Software that is actively exploited in attacks.

Threat actors have exploited the recently disclosed critical zero-day vulnerability to compromise thousands of Cisco IOS XE devices. The vulnerability can be exploited by an attacker to gain administrator privileges and take over vulnerable routers. The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

StripedFly Malware in radar infects millions of devices

Kaspersky researchers warned about malware dubbed as StripedFly, saying it has affected over a million people across the world in the past six years. Active since 2017, StripedFly was acting as a cryptocurrency miner, but it turned out to be a complex malware with a multi-functional wormable framework, the Russia-based entity said in a report released here.

The malware payload encompasses multiple modules, enabling the actor to perform as an APT as a crypto miner and even as a ransomware group, potentially expanding its motives from financial gain to espionage.


CCleaner latest victim of MOVEit Supply chain Vulnerability

CCleaner, the popular system optimization software, has been identified as one of the victims of the MOVEit hack due to that some limited personal information of CCleaner customers had indeed been compromised.

The exposed data by MOVEit hack was primarily restricted to customers’ names, contact information, and details about the products they had purchased from the company. Importantly, no sensitive financial information, including banking details or credit card numbers, was compromised. High-risk data such as login credentials and account details also remained secure.


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Lockbit claims responsible for Boeing Attack

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen.

The Lockbit ransomware group today added Boeing to the list of victims on its Tor leak site. The gang claims to have stolen a huge amount of sensitive data and threatens to publish it if Boeing does not contact them within the deadline (02 Nov, 2023 13:25:39 UTC). At the time of this writing, the group has yet to publish any samples.

Sophos Firewall Information Disclosure Vulnerability – CVE-2023-5552

Researchers have discovered a vulnerability in the Sophos Firewall that could leads to a sensitive information disclosure. The vulnerability tracked as CVE-2023-5552 with a CVSS score of 7.1, identified in the official vulnerability database, pertains to an information disclosure flaw. The glitch, surprisingly, finds its roots in the Secure PDF eXchange (SPX) feature—a feature designed to prioritize user security.

When the SPX feature’s password type is set to “specified by sender,” a loophole emerges. Crafty attackers, with a specially constructed request, can pry this door open, gaining access to sensitive information. Considering how many organizations handle confidential data, this loophole could potentially cost businesses a lot, both in terms of finances and reputation.


VMware vCenter Server RCE Bug – CVE-2023-34048

VMWare has patched two significant security flaws in the VMware vCenter Server that could lead to an information disclosure and code execution.

1. Out-of-Bounds Write Vulnerability

The vulnerability tracked as CVE-2023-34048, with a CVSS score of 9.8 deemed to be critical. An out-of-bounds write vulnerability has been discovered in the vCenter Server, specifically in its implementation of the DCERPC protocol. A malicious actor, if they can gain network access to the vCenter Server, might potentially initiate an out-of-bounds write, leading to the possibility of remote code execution.

2. Partial Information Disclosure Vulnerability

The vulnerability tracked as CVE-2023-34056, with a CVSS score of 4.3. A more subdued, yet still significant, vulnerability has been detected as a partial information disclosure flaw in the vCenter Server. While not as severe as the first, this vulnerability provides a gateway for malicious actors. Those with non-administrative privileges to the vCenter Server could potentially exploit this flaw to gain unauthorized access to data.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.