Threat and Vulnerability Roundup for the week of August 6th to 12th


Join us at Cyber Writes for our weekly Threat and Vulnerability Roundup, where we provide the latest updates on cybersecurity news. Keep yourself informed and stay ahead of potential threats with our comprehensive coverage.

Our coverage extends to all major vulnerabilities, exploits, and emerging attack methods, ensuring that you are always up-to-date on the latest threats. In addition to this, we provide important details of software updates to help keep your systems secure. Trust us to keep you informed and protected.

Cyber AI

Evil – GPT

The use of generative AI models is booming dramatically since these AI models are rapidly evolving the complete tech scenario. But, along with its positive side, it also brings a multitude of opportunities for threat actors.

In short, along with the positive evolution of the current tech era, these generative AI models are also revolutionizing the threat landscape as well. 

A hacker going by the name “Amlo” has been advertising a harmful generative AI chatbot called “Evil-GPT” in forums. This chatbot is being promoted as a replacement for Worm GPT. The sale of such malicious AI tools is a cause for concern in the cybersecurity community.

Microsoft Adds ChatGPT-4 to Azure

Azure announced the global expansion of Azure OpenAI Service, including GPT-4 and GPT-35-Turbo, to its customers across the world.

Azure recently embraced the latest AI technology to improve user experiences,  efficiency, and business productivity.

As part of this expansion, Azure planned to leverage an AI optimized 4K GPU cluster and will be ramping up to hundreds of thousands of the latest GPUs in the next year. 

In addition to that, they also launched the ND H100 v5 Virtual Machine series, equipped with NVIDIA H100 Tensor Core graphics processing units (GPUs).

Hackers Creating Own ChatGPT Clone

Generative AI’s ChatGPT rapid growth is actively reshaping the current threat landscape, as hackers are exploiting it for several illicit purposes.

Shortly after ChatGPT disrupted startups, hackers swiftly developed their versions of the text-generating technologies based on OpenAI’sChatGPT.

All these advanced AI systems could be exploited by threat actors that enable them to craft sophisticated malware and phishing emails to steal login information from their targets by tricking them.

Security Updates

Android Security Updates

Android has released its August Security patches in which more than 40 vulnerabilities have been identified and fixed. Most of the vulnerabilities were related to remote code execution (RCE), Elevation of Privileges (EoP), and Information Disclosure (ID).

The vulnerabilities contribute to 37 High Severity vulnerabilities and 4 Critical Severity vulnerabilities. The most critical one was found to be the remote code execution vulnerabilities without user interaction. As of July patches, 43 vulnerabilities were patched by Android.

SAP Security Update

SAP has released patches for 16 vulnerabilities with Critical, High, Medium, and Low severities. The CVSS scores for these vulnerabilities are between 3.7 (Low) to 9.8 (Critical) which contributes to 1 Critical, 6 High, 7 Medium, and 1 Low severity vulnerability. One of the vulnerability CVSS scores is yet to be confirmed.

SAP released these patches every month on their patch day. 14 Vulnerabilities were patched as mentioned in their last patch in July.

Malware Attacks

Zyxel Router Command Injection Attack

The ZyXEL router has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user.

In the ever-evolving landscape of cyber threats, a resurgence of attacks on legacy devices has emerged. The targeted exploitation of the Zyxel P660HN-T1A v1 router exemplifies the persistence and adaptability of cybercriminals.

This article sheds light on the Zyxel Router Command Injection Attack, a vulnerability that continues to haunt the cybersecurity realm.

Cybercriminals Attacking Top-level Executives

The top-level executives at more than 100 global organizations have been shaken by cloud account takeover incidents.

Leveraging the power of EvilProxy, a cunning phishing tool employing reverse proxy architecture, attackers managed to breach multifactor authentication (MFA) defenses, reflecting the escalating arms race between hackers and organizations.

EvilProxy, a potent phishing tool, demonstrates how threat actors are increasingly employing Adversary-in-the-Middle (AitM) phishing kits (such as EvilProxy), to steal credentials and session cookies in real-time.

Ficker Stealer Malware Attacking Windows Systems

Ficker Stealer is a type of malware that steals sensitive information from over 40 browsers, including popular ones like Chrome, Firefox, Edge, and Opera. It first emerged in 2020 and is known for promoting itself with these capabilities.

Ficker Stealer primarily infiltrates systems through phishing emails, preying on unsuspecting victims who unknowingly download malicious attachments. 

It also exploits compromised websites, leveraging social engineering to deceive users and gain unauthorized access to their machines. The malware’s capabilities are chilling – it steals passwords, credit card details, files, and more.

UK Electoral Commission Hacked

The UK Electoral Commission, entrusted with safeguarding voter information, recently faced a complex breach that triggered a vital public notification. 

In a digital age, securing sensitive data is paramount, yet even the most robust systems can be vulnerable to cyber-attacks. 

This article delves into the technical intricacies of the incident, its impact on data subjects, and the Commission’s response to fortify its defenses.

Top Russian Missile Maker Hacked

North Korean threat actors actively grabbed the attention of security experts, revealing fruitful campaign insights over the year, including:-

  • New reconnaissance tools
  • Multiple new supply chain intrusions
  • Elusive multi-platform targeting
  • New sly social engineering tactics

Last year, a group of North Korean hackers that falls under the elite category secretly infiltrated the internal networks of one of the major Russian missile developers for five months.

Cybersecurity researchers at SentinelOne Labs recently identified that North Korean hackers hacked the internal networks of one of the leading Russian Missile and  Military engineering companies.

Malware Attacking Air-Gapped ICS Systems

The Industrial control systems (ICS) security teams are actively fighting against a worm that is breaching and compromising the defense mechanisms of the air-gapped systems.

A China-linked nation-state actor was suspected in a series of attacks on Eastern European industrial firms last year, targeting air-gapped systems for data theft.

Cybersecurity researchers at Kaspersky ICS-CERT recently discovered a novel second-stage malware evading air-gapped data security, targeting ICS and critical infrastructure in Eastern Europe.

LetMeSpy Shuts Down

LetMeSpy is an Android phone monitoring app that is marketed for parental control or employee monitoring. 

It has the feature of staying hidden on the phone, making it difficult to identify and remove.

Once installed on a smartphone, it discreetly uploads SMS messages, call logs, and location information to its servers, allowing the person who planted the app to track the person in real-time.

Malware-Attacking Newbie Hackers

Recent reports indicate that threat actors have been manipulating Script kiddies or amateur hackers into performing malicious actions that they never intended. This is done with the OpenBullet tool, which is used by web application testers and security professionals.

OpenBullet is an open-source security testing tool that can be used for conducting simple repetitive tasks as well as complex attacks with the help of a configuration file.

These configuration files are designed by sophisticated hackers and traded, shared, or even sold to cybercriminals.

Downfall Attack

Gather Data Sampling (GDS) impacts select Intel CPUs, enabling attackers to deduce outdated data through malicious use of gather instructions. While all these entries link to the prior thread or sibling core registers.

Like MDS, GDS (Gather Data Sampling) enables local code execution to reveal protected secret data. GDS is different from MDS as it exposes only stale vector register data through specific gathering instructions, lacking user choice in suspected data.

Cybersecurity researcher Daniel Moghimi at Google recently crafted a ‘Downfall’ CPU attack that enables threat actors to extract the following data from Intel chips

RedHotel Chinese Hackers

RedHotel (TAG-22), a Chinese-state-sponsored threat group, is well-known for its persistence, prominence, operational intensity, and global reach. RedHotel is reported to have acted upon over 17 countries in North America Asia and between 2021 and 2023.

This threat group poses a threat specifically to organizations in Southeast Asia’s government and specified sectors of private companies.

Their operational infrastructure is traced to be linked with China’s Ministry of State Security (MSS) contractor groups. The main focus of RedHotel is intelligence gathering and cyber-espionage.

Researchers Expose Hacker’s Secrets 

In the last three years, hackers unknowingly seeking data or malware deployment have found a seemingly vulnerable virtual machine that is hosted in the U.S., which in reality, is a cleverly designed trap.

While this cleverly designed, trap has been implanted by cybersecurity researchers to trick the hackers and make them reveal their dark secrets with the help of a honeypot.

Lolek Hosted

The well-known bulletproof hosting platform, Lolek Hosted, has been shut down by law enforcement officials from the United States and Poland to limit fraudsters’ access to tools that enable anonymous online behavior.

These platforms give hackers anonymity and are frequently used for malicious activities like malware distribution and assisting cyberattacks.

Since 2009, Hosted is a well-known bulletproof hosting service with headquarters in the UK and a data center in Europe. The website is frequently mentioned in stories regarding anonymous hosting services.

While promising to secure their clients’ identities, bulletproof hosting providers turn a blind eye to the content that users publish. 

MoustachedBouncer Attacking Foreign Embassies

MoustachedBouncer, a cyberespionage group active since 2014, likely has performed ISP-level adversary-in-the-middle (AitM) attacks since 2020 to compromise its targets.

For AitM, the MoustachedBouncer employs a lawful interception system like “SORM,” and besides this, it uses two toolsets like NightClub and Disco.

Vulnerability

Visual Studio Flaw Leads Denial of Service Attack

As per reports, Microsoft .NET core and Visual Studio were found with a Denial of Service, which can be exploited by threat actors. Microsoft has released patches to fix this vulnerability for both .NET and Visual Studio Products.

RedHat stated that this vulnerability allows a threat actor to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in the HTTP version 3, which causes a Denial of Service vulnerability. RedHat has also released patches for this vulnerability.

This vulnerability has a low exploitability vector. However, this highly affects the availability of the CIA triad of Microsoft products. 

Phone-Powered Acoustic Attack Records Keystrokes

The constant deep-learning advancements, widespread microphones, and online services are actively escalating the threat of acoustic side-channel attacks on keyboards.

An innovative deep learning model uses a nearby phone’s microphone to classify laptop keystrokes with 95% accuracy and 93% accuracy when trained on Zoom recordings, setting new benchmarks for acoustic attack implementation.

Rewards Platform Flaw

Security vulnerabilities have been reported on points.com between March 2023 and May 2023. 

On Aug 3, 2023, a group of cybersecurity researchers made these Points.com API vulnerabilities public, along with the technical details of their intrusion.

Through these reported vulnerabilities, attackers would have access to sensitive customer account information, transferring points from customer accounts and gaining unauthorized access to a global administrator website.

New PaperCut NG/MF Flaw

A Critical vulnerability was discovered in the widely used PaperCut MG/ NF print management software running on Windows before version 22.1.3.

As of the July 2023 security bulletin, patches have been released by PaperCut to fix this vulnerability. PaperCut is a widely used print management software that has two different software as, MG and NF.

PaperCut is a printing management and control tool, while NF is a versatile solution that offers printing, copying, scanning, and specialty printing capabilities.

Microsoft Patch Tuesday

Microsoft fixed 74 security issues in its August Patch Tuesday release, including two that were being actively exploited and twenty-three that allowed remote code execution.

Although twenty-three RCE flaws were addressed, Microsoft only categorized six of them as ‘Critical,’ and 67 have a severity rating of ‘Important.’

CODESYS

CODESYS, a widely-used integrated environment for controller programming, holds a strong presence in Operational Technology across diverse industries, such as Factory automation, Energy, Mobile, Building, Embedded and Process

Backed by more than 500 manufacturers (including Schnieder Electric, Beckhoff, Wago, Eaton, ABB, Festo, etc.) and spanning various architectures.

Acquisition

Check Point Plans to Acquire Perimeter 81

Check Point is set to purchase Perimeter 81 for $490 million without cash or debt.

Check Point’s acquisition will accelerate secure access adoption across users, sites, the cloud, data centers, and the internet, aiming to provide the most secure and fastest SSE solution.

Perimeter 81, with over 200 employees, provides cloud and on-device protection. Recognized as a Forrester Zero Trust Wave leader, it serves over 3,000 global customers.



Source link