Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending October, 2023

Subscribers favorite #1

HTTP/2 Rapid Reset Vulnerability Detailed Out

All the leading OEMs are actively tracking the novel distributed denial-of-service attacks that were disclosed earlier this week. The techniques described resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.

CVE-2023-44487, a vulnerability resides in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets. The layer 7 attacks were detected in late August 2023. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487 and carries a CVSS score of 7.5.

Subscribers favorite #2

Israel Hamas Conflict reflects on Cyberspace

Several threat actors have joined the Israel-Hamas conflict escalation. These groups have targeted various organizations and infrastructure in Israel and Gaza, using DDoS attacks, with the latest attacks aimed at SCADA systems and ICS. An analysis found that numerous ICSs are vulnerable, and threat actors can readily exploit lax security measures.

• Several Israeli organizations have left their Modbus, a SCADA communications protocol was exposed, and the investigators have identified 400 such instances.
• There are more than 150 Message Queuing Telemetry Transport (MQTT) ports that are still open. This system facilitates communication between MES and SCADA. 
• The Palestine entities are similarly leaving Modbus and MQTT exposed, in addition to Siemens automation and Symantec systems.
• A hacking group called Predatory Sparrow, believed to have links to the Israeli government, reemerged to support the government.
• Anonymous Sudan has targeted emergency warning systems in Israel and also attacked The Jerusalem Post, a prominent newspaper in Israel.
• The pro-Hamas group, Cyber Av3ngers, launched cyberattacks against the Israel Independent System Operator (Noga), the Israel Electric Corporation, and a power plant in Israel.
• A notorious pro-Russian group named Killnet attacked several Israeli government websites.
• On the pro-Israel front, ThreatSec claimed to have compromised the infrastructure of the Gaza-based ISP, AlfaNet.
• The medical aid for Palestinians has said that their website is under cyber attack, which has hindered relief efforts for Gaza. It has also issued a warning that the website might fall offline shortly as a result of the disturbances.
• Hacker group claiming to be from Jordan breached the system of Ono Academic College, a school near Tel Aviv, and published about 250,000 records of employees, students, and more on Telegram.

These assaults, targeting critical infrastructures and media outlets, underscore the increasing role of cyber operations in contemporary conflicts.

Subscribers favorite #3

Second Cisco IOS XE Zero Day Exploited in Wild – CVE-2023-20273

A second IOS XE zero-day vulnerability in Cisco tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Earlier last week, customers of Cisco were warned about a zero-day vulnerability, tracked as CVE-2023-20198, in its IOS XE Software that is actively exploited in attacks.

Threat actors have exploited the recently disclosed critical zero-day vulnerability to compromise thousands of Cisco IOS XE devices. The vulnerability can be exploited by an attacker to gain administrator privileges and take over vulnerable routers.

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Subscribers favorite #4

StripedFly Malware in radar infects millions of devices

Kaspersky researchers warned about malware dubbed as StripedFly, saying it has affected over a million people across the world in the past six years. Active since 2017, StripedFly was acting as a cryptocurrency miner, but it turned out to be a complex malware with a multi-functional wormable framework, the Russia-based entity said in a report released here.

The malware payload encompasses multiple modules, enabling the actor to perform as an APT as a crypto miner and even as a ransomware group, potentially expanding its motives from financial gain to espionage.

Subscribers favorite #5

CCleaner latest victim of MOVEit Supply chain Vulnerability

CCleaner, the popular system optimization software, has been identified as one of the victims of the MOVEit hack due to that some limited personal information of CCleaner customers had indeed been compromised.

The exposed data by MOVEit hack was primarily restricted to customers’ names, contact information, and details about the products they had purchased from the company. Importantly, no sensitive financial information, including banking details or credit card numbers, was compromised. High-risk data such as login credentials and account details also remained secure.

The discovery of the CCleaner data breach was made public when Troy Hunt, founder of Have I Been Pwned, received a notification from the firm official account.

This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram