Cyber Security Weekly Briefing, 4 – 10 February
Critical vulnerability in Atlassian Jira
Atlassian has issued a security advisory in which it releases fixes to resolve a critical vulnerability in Jira Service Management Server and Data Center.
According to the vendor, this security flaw has been registered as CVE-2023-22501, CVSSv3 of 9.4, and has been classified as a low attack complexity because a malicious actor could gain access to registration tokens sent to users with accounts that have never been logged in.
This could lead to a user impersonation that would allow unauthorised access to critical instances of Jira Service Management. Atlassian says the security issue affects versions 5.3.0 to 5.5.0, and advises upgrading to versions 5.3.3, 5.4.2, 5.5.1 and 5.6.0 or later. In case the patches cannot be applied as soon as possible, the manufacturer has provided a workaround to manually update the asset.
* * *
Mustang Panda campaign to distribute PlugX
Researchers at EclecticIQ have detected the existence of a PlugX malware distribution campaign and attribute it to the APT Mustang Panda.
According to the published information, Mustang Panda sent out EU-themed emails containing a supposed Word file that was in fact an LNK-like executable that downloads PlugX onto the victim's system.
EclecticIQ claims that the target of the campaign is European governmental institutions and recalls that a similar campaign was attributed to the same actor last October, although in the recently detected campaign Mustang Panda has implemented more evasion techniques to avoid detection.
* * *
Tor and I2P networks hit by DDoS attacks
Tor and peer-to-peer (I2P) networks have recently been hit by distributed denial-of-service (DDoS) attacks that have caused connectivity and performance problems.
On the one hand, Isabela Dias Fernandes, executive director of the Tor Project, issued a statement saying that the network had been under DDoS attacks since July. The target of these ongoing attacks or the identity of the threat actor behind these events has not been detailed.
The company has stated that it is continuing to work to improve its defences so that users are not affected. The I2P network has also been the victim of an attack of this type over the last three days, causing performance and connectivity problems
According to the project administrator's statements, as in the case of Tor, the threat actors behind these attacks are using a variety of tactics to perpetrate these DDoS attacks.
* * *
New Google Chrome update
Google has released a new version of Chrome 110 which fixes a total of 15 vulnerabilities, 10 of which have been identified by security researchers outside the company.
The breakdown of these vulnerabilities according to their criticality is as follows: 3 with high criticality, 5 medium and 2 low.
Among these, the three with the highest severity are those identified as: firstly CVE-2023-0696, which could allow a remote attacker to exploit it through a specially crafted HTML page.
In second place, CVE-2023-0697 affecting Chrome for Android, which could allow a remote attacker to use a manipulated HTML page to spoof the content of the security user interface.
Lastly, CVE-2023-0698 which would allow a remote attacker to perform an out-of-bounds memory read via a malicious HTML page. It is recommended to update to Chrome versions 110.0.5481.77/.78 for Windows and 110.0.5481.77 for Mac and Linux to fix these vulnerabilities.