InfoSec News 20231113
Top News
-
Update:LockBit ransomware leaks gigabytes of Boeing data
"The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems."
TLP1 : Green
-
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
"Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink."
TLP1 : Green
-
Chess.com Faces Second Data Leak: 476,000 Scraped User Records Leaked
"Earlier, Chess.com confirmed to Hackread.com that malicious threat actors exploited the “find friends” feature in the platform’s API to extract publically available user data."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
"Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations."
TLP1 : Green
-
OracleIV DDoS Botnet Malware Targets Docker Engine API Instances
"The OracleIV botnet malware employs various tactics, with a primary focus on executing DDoS attacks through UDP and SSL-based floods."
TLP1 : Green
-
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
"Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital
"The Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
CVE-2023-36844 Detail
"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities."
TLP1 : Green
-
CVE-2023-36845 Detail
"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Empowering cybersecurity leadership: Strategies for effective Board engagement
"With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are – serious threats to business operations, profitability and business survivability."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584
"During our analysis of a July 2023 campaign targeting groups supporting Ukraine's admission into NATO, we discovered a new vulnerability for bypassing Microsoft's Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use of the RomCom backdoor). This group used a highly complex and well-developed exploit chain leveraging a remote code execution (RCE) vulnerability in Microsoft Office designated CVE-2023-36884 to infect its targets with malware."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.