Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
Threat Actor Profile: Strox Phishing-as-a-Service
Strox has become one of the most complete phishing solutions for fraud actors available, offering advanced phishing kits, hosting services, mail spam scripts, and an automated market for selling stolen credentials. Read more.
The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages
This campaign stands out because of its three advanced concealment techniques, one of which we had never seen before — specifically, manipulating the website’s default 404 error page to hide malicious code — that poses unique challenges for detection and mitigation. Read more.
Vulnerability Exposed in WordPress Plugin User Submitted Posts
Source: InfoSecurity Magazine
A new vulnerability in the User Submitted Posts WordPress plugin (versions 20230902 and below) has been discovered by the Patchstack team. With over 20,000 active installations, this popular plugin is used for user-generated content submissions and is developed by Plugin Planet. Read more.
ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses
ASEC has recently discovered a change in the distribution method of the ShellBot malware, which is being installed on poorly managed Linux SSH servers. The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value. Read more.
Microsoft: State hackers exploiting Confluence zero-day since September
Source: BLEEPING COMPUTER
Microsoft says a Chinese-backed threat group tracked as ‘Storm-0062’ (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. Read more.
Multiple Citrix NetScaler Flaw Leads to DoS Attack and Data Exposure
Critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have exposed sensitive information and a denial of service attack. A malicious cyber actor can exploit one of these vulnerabilities to gain control of an affected machine. Citrix has published security upgrades to address the vulnerabilities impacting several products. Read more.
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Source: SECURITY WEEK
Microsoft’s security response team on Tuesday pushed out a massive batch of software and OS updates to cover more than 100 vulnerabilities across the Windows ecosystem and warned that three of the flaws are already being exploited in the wild. Read more.
Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
Source: The Hacker News
Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. Read more.
#StopRansomware: AvosLocker Ransomware (Update)
AvosLocker affiliates compromise organizations’ networks by using legitimate software and open-source remote system administration tools. AvosLocker affiliates then use exfiltration-based data extortion tactics with threats of leaking and/or publishing stolen data. Read more.
Fortinet Releases Security Updates for Multiple Products
Fortinet has released security advisories addressing vulnerabilities in multiple products. These vulnerabilities may allow cyber threat actors to take control of the affected systems. Read more.
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS
Source: SECURITY WEEK
The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges. Read more.
Biggest DDoSes of all time generated by protocol 0-day in HTTP/2
Source: ars TECHNICA
Unlike other high-severity zero-days in recent years—Heartbleed or log4j, for example—which caused chaos from a torrent of indiscriminate exploits, the more recent attacks, dubbed HTTP/2 Rapid Reset, were barely noticeable to all but a select few engineers. Read more.
Ransomlooker, A New Tool To Track And Analyze Ransomware Groups’ Activities
Source: Security Affairs
The researchers have created the tool to help cybersecurity experts in their daily jobs by providing real-time updates and actionable insights. It offers various statistical insights into data, the ability to determine attack perpetrators, and incorporates filtering by country, industries, time span, and other parameters for journalistic investigations. Read more.
Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure
Source: SECURITY WEEK
Dozens of vulnerabilities affecting the Squid caching and forwarding web proxy remain unpatched two years after a researcher responsibly disclosed them to developers. Read more.