Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 20 - 26 January
CISA orders mitigation of two Ivanti 0-days
CISA has issued the first emergency directive of the year ordering immediate mitigation of two 0-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. The vulnerabilities have been classified as CVE-2023-46805, which is an authentication bypass, and CVE-2024-21887, which is a command injection.
The vendor has not yet released security patches, so the two 0-days allow attackers to move laterally within a target's network, extract data and establish persistence to the system through backdoors.
Critical RCE vulnerability exploited in Atlassian Confluence
Security researchers have been observing attempts to exploit a critical vulnerability in Atlassian Confluence. The vulnerability has been classified as CVE-2023-22527, is a remote code execution flaw and affects versions of Confluence prior to December 5, 2023, along with some out-of-support versions.
Threat monitoring service Shadowserver has reported that its systems recorded thousands of attempts to exploit the vulnerability, with attacks originating from just over 600 unique IP addresses.
Largest data breach with 12 terabytes of information, known as MOAB, uncovered
Bob Dyachenko and the Cybernews team have discovered a massive data breach known as MOAB (Mother of all Breaches) that has exposed more than 26 billion records, making it the largest breach ever discovered. This breach contains data from multiple previous breaches and encompasses 12 terabytes of information. Researchers warn that this data can be used by malicious actors to carry out various attacks, such as identity theft, phishing and unauthorized access to personal accounts.
In addition, the leak includes records of companies and organizations, as well as several governmental organizations from countries such as the US, Brazil or Germany. Despite appearing to be a compilation of already known breaches (Twitter, LinkedIn or Dropbox), the inclusion of new sensitive data is not ruled out.
Release of the new 122 version of Mozilla Firefox
Mozilla released its 122nd version on January 23, 2024, which is more focused on security and privacy. A total of 15 vulnerabilities were corrected, five of them considered to be of high criticality and the other 10 of medium criticality. It also introduced a host of features and improvements that aim to redefine the browsing experience for users on different platforms.
Some of its new features include fingerprint resistance and the ability to copy URLs without site tracking, showing Mozilla's commitment to protecting users from invasive tracking mechanisms. The browser has also expanded its capabilities with macOS users by supporting passwords stored in the iCloud keychain.
CherryLoader: malware disguised as CherryTree to deploy Exploits
CherryLoader, a new Go-based malware, has recently been discovered. This malware is a multi-stage modular loader, which with its name and logo mimics the appearance and name of the legitimate CherryTree application to trick victims and deploy exploits. Discovered by Arctic Wolf Labs researchers in two recent intrusions,
CherryLoader removes privilege escalation tools such as PrintSpoofer or JuicyPotatoNG. It also incorporates modularized functions that allow threat actors to exchange exploits without compiling the code. Although its distribution method is unknown, CherryLoader has been observed to be contained in a RAR archive hosted on a specific IP address.
As for its attack process, it involves downloading an executable that unzips and launches the Golang binary. It then uses fileless techniques to execute privilege escalation exploits and establish persistence on the victim's device.
