May 6, 2024

In 2023, the threat of cyber-attacks, hacks, and security breaches loomed large, with numerous high-profile incidents impacting companies and individuals. Both in terms of cybersecurity and business generally, the past couple of years have been anything but typical.

Cyber threat actors have tested new strategies and techniques and have successfully incorporated them into their standard toolkits. As the effects of cyberattack were felt well beyond their intended target companies in 2021, and in 2022 several cyberattack operations and cyber threat actors rose to prominence. Several organizations were attacked/breached multiple times this year which shows the blind spots still exist even after taking mitigation and remediation steps after the 1st attack.

Advertisements

This particular writeup is just a review of 2023 most favorite stories read/viewed by subscribers and readers from TheCyberThrone. In the last few days, we have reviewed the most prolific ransomware stories of 2023, malware stories of 2023, famous data breaches of 2023,  most headlined security acquisitions of 2023, and most exposed vulnerabilities including Zeroday identified and exploited in 2023, Major vulnerabilities fixed by Microsoft in 2023, CVE numbers published in year 2023, Threat landscape report of 2023.

Now it’s time to review our own backyard. An abundance of articles has been published across the cybersecurity area with coverage of diversified events, and new releases. Here we are taking this as an opportunity to look back and review the most liked/viewed articles of 2023.

Top Viewed Article # 1

Apache Struts fixes Critical Vulnerability – CVE-2023-50164 – This particular vulnerability came as a disguise during the last month of the Year 2023. It raises an alarm similar to Apache Log4j

The security flaw, identified as CVE-2023-50164, poses a severe threat to systems running certain versions of Apache Struts. This vulnerability is rooted in the framework’s handling of file upload parameters, which, if manipulated, can lead to unauthorized path traversal.

Top Viewed Article # 2

PoC Exploit released for Microsoft Bug CVE-2023-36025 The second most viewed article of the year 2023 related to a vulnerability in Windows SmartScreen

CVE-2023-36025 is a security bypass flaw that gives attackers a way to sneak malicious code past Windows Defender SmartScreen checks without triggering any alerts. To exploit the flaw, an attacker would need to get a user to click on a maliciously crafted Internet shortcut (.URL) or a link pointing to such a file.

Advertisements

Top Viewed Article # 3

HTTP/2 Rapid Reset Vulnerability Detailed Out – The thirds most viewed article of the year 2023 related to a vulnerability leads to DDoS attack

CVE-2023-44487, a vulnerability resides in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets. The layer 7 attacks were detected in late August 2023. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487 and carries a CVSS score of 7.5.

Top Viewed Article # 4

Israel Hamas Conflict reflects on Cyberspace – The fourth most viewed article of the year 2023 related to change in cyber landscape due to a war between Israel and Hamas.

Several threat actors have joined the Israel-Hamas conflict escalation. These groups have targeted various organizations and infrastructure in Israel and Gaza, using DDoS attacks, with the latest attacks aimed at SCADA systems and ICS.

Advertisements

Top Viewed Article # 5

Craft CMS Critical RCE Bug – CVE-2023-41892 -The fifth most viewed article of the year 2023 related to a RCE vulnerability leads in Craft CMS

CVE-2023-41892 is a bug identified in Craft CMS that can grant malicious actors the ability to execute arbitrary code on the server where the CMS is hosted. This vulnerability has a CVSS score of 10, it signifies that the vulnerability is not only easy to exploit due to its reduced attack code complexity, but it can also be harnessed from a remote location and doesn’t require any authentication on the target device which makes it a prime target for attackers.

Top Viewed Article # 6

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released -The sixth most viewed article of the year 2023 related to a vulnerability in Google Chrome

The PoC exploit code for a Chrome zero-day vulnerability tracked as CVE-2023-4863 which allows remote attackers to execute code has been published. The vulnerability can be exploited if the target user visits a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Advertisements

Top Viewed Article # 7

Rhysida Gang adds Chinese CEEC to its victims list -The seventh most viewed article of the year 2023 related to a Rhysida ransomware group adds Chinese CEEC to its victims list.

The Rhysida ransomware group has added the China Energy Engineering Corporation (CEEC) to the list of victims on its Tor leak site. The CEEC is one of the largest state-owned companies in China that operates in the energy and infrastructure sectors.

Top Viewed Article # 8

7-Zip Remote Code Execution Vulnerability – CVE-2023-31102 -The eighth most viewed article of the year 2023 related to a vulnerability in 7Zip Application

The vulnerability, tracked as CVE-2023-31102 with a CVSS score of 7.8, is an integer underflow vulnerability in the parsing of 7Z files. An attacker can exploit this vulnerability by crafting a malicious 7Z file that, when opened by the victim, will cause the 7-Zip application to overwrite memory with arbitrary code. This code can then be executed, giving the attacker full control over the victim’s system.

Advertisements

Top Viewed Article # 9

Zeroday Bugs in Microsoft Exchange disclosed through ZDI – The ninth most viewed article of the year 2023 related to a Exchange server vulnerabilities detected by Trend Micro ZDI

Researchers through Trend Micro’s Zero Day Initiative has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be remotely exploited by an authenticated attacker to execute arbitrary code or disclose sensitive information on vulnerable installs. The flaws was reported to Microsoft on September 7th and 8th, 2023, but the fix yet to be released by them, despite acknowledging the vulnerabilities. ZDI opted to publicly disclose the vulnerability in compliance with its responsible disclosure policy

Top Viewed Article # 10

FortiSIEM Critical RCE Vulnerability – CVE-2023-36553 – The tenth most viewed article of the year 2023 related to a vulnerability detected in FortiSIEM

The vulnerability tracked as CVE-2023-36553 and assigned a CVSS score of 9.3, stems from an OS command injection flaw in the FortiSIEM report server.

Apart from these articles, we have covered a lot much in this year 2023 across 1050+ articles. Weekly/Monthly Security newsletters on review and many more. Like 2023, TheCyberThrone will continue to cover the evolving Cyber threat intelligence space in 2024 seamlessly

This brings end of this most favorite stories review coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitter

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

TheCyberThrone DeMystifying CyberSecurity Year 2023

December 31, 2023 2

Most Prominent Security Acquisitions a review – Year 2023

December 30, 2023

You may have missed

Synlab Italia suffers a cyber incident

May 5, 2024

TheCyberThrone Security Week In Review – May 04, 2024

May 4, 2024

Microsoft initiative in response to CSRB

May 4, 2024

Aruba fixes several Critical Vulnerabilities

May 3, 2024

Dropbox suffers a Data Breach

May 3, 2024

Gitlab CVE-2023-7028 added to CISA KEV Catalog

May 2, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading