TheCyberThrone Security Week In Review

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, November 04, 2023.

7-Zip Remote Code Execution Vulnerability – CVE-2023-31102

A vulnerability in utility software, 7-Zip could allow attackers to remotely execute code on vulnerable systems. The vulnerability, tracked as CVE-2023-31102 with a CVSS score of 7.8, is an integer underflow vulnerability in the parsing of 7Z files. An attacker can exploit this vulnerability by crafting a malicious 7Z file that, when opened by the victim, will cause the 7-Zip application to overwrite memory with arbitrary code. This code can then be executed, giving the attacker full control over the victim’s system.

This vulnerability can be exploited remotely. An attacker can simply trick the victim into opening a malicious 7Z file, perhaps by sending it to them in an email or uploading it to a malicious website. Once the victim opens the file, the exploit will be executed without any further interaction from the user.

Cisco FMC Critical Vulnerability – CVE-2023-20048

Cisco has released an advisory warning of a critical vulnerability in its Firepower Management Center (FMC) Software. The vulnerability, tracked as CVE-2023-20048, with a CVSS score of 9.9, making it one of the most severe security vulnerabilities ever discovered.

The FMC is the brains behind Cisco’s Firepower Threat Defense (FTD), orchestrating security measures and shielding networks from threats. The vulnerability lays bare an oversight in the web services interface of this software, a gateway for the authenticated, yet not necessarily authorized, to commandeer the system.

Russia Rosgosstrakh Data Breach

A cybersecurity incident targeted Rosgosstrakh (Росгосстрах), Russia’s second-largest insurance company after SOGAZ, successfully exfiltrated a substantial amount of customer and sensitive financial data. The individual goes by Apathy has announced the sale of data in the dark web. The Rosgosstrakh data has emerged on well-known Breach Forums, with a price tag set at $50,000 in Bitcoin for the extensive collection of information

The compromised data includes investment and life insurance department records dating back to 2010. The breach, which has put approximately 3 million bank statements at risk, has also compromised data on 730,000 individuals, with approximately 80,000 individuals’ Russian Social Security Numbers (SNILS) and 45,000 individuals’ complete bank routing information now in jeopardy.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Mandiant Advise on Citrix NetScaler ADC Vulnerability

Mandiant has advised security teams that only applying the patch that was released to fix a recent Citrix NetScaler ADC and Gateway vulnerability was not enough they need to close all active sessions to ensure that the vulnerable code is not resident in memory. The vulnerability CVE-2023-4966, which is rated a critical 9.4 by Citrix, lets attackers steal the token of recently connected users, allowing the attacker to gain access to whatever resources the user has permissions to access in Citrix.

Mandiant is observing that threat actors can perform credential harvesting, move laterally in the victim’s network via RDP, and conduct reconnaissance of the victim’s environment. Mandiant also said it’s investigating intrusions across multiple verticals, including legal and professional services, technology, and government organizations in the Americas, Europe, the Middle East and Africa, and the Asia-Pacific and Japan regions.

Apache ActiveMQ Vulnerability exploited by HelloKitty ransomware

Researchers are observing the activities of threat actors exploiting a critical remote code execution vulnerability in Apache ActiveMQ servers and deploying HelloKitty ransomware. The Apache Software Foundation disclosed the vulnerability, tracked as CVE-2023-46604 late last month. The bug allows a remote attacker with access to an ActiveMQ message broker to execute arbitrary commands on affected systems.

PoC exploit code and full details of the vulnerability are publicly available, meaning that threat actors have both the means and the information to launch attacks against the vulnerability.

Atlassian Confluence Critical Auth Vulnerability

Atlassian is a warning of a critical security flaw, tracked as CVE-2023-22518 with a CVSS score 9.1, which affects all versions of Confluence Data Center and Server. The identified vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.

Atlassian are not aware of attacks in the wild, exploiting this vulnerability. However, the company urges customers to immediately take action to protect their installs. The issue has been addressed with the release of Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram