In today’s edition: Avada, WordPress, Zyxel, Gafgyt Botnet, Zoom, AudioCodes, Magento, CODESYS, DroxiDat, Zunami, Viasat, Indian Protection Bill.
A series of critical vulnerabilities has been unveiled in the widely utilized Avada theme and its companion Avada Builder plugin, potentially jeopardizing the security of numerous WordPress websites. Discovered by security researcher Rafie Muhammad of Patchstack, these flaws cast a shadow over the integrity of the WordPress ecosystem. Among the vulnerabilities, the Avada Builder plugin emerges as a weak point, revealing both Authenticated SQL Injection (CVE-2023-39309) and Reflected Cross-Site Scripting (CVE-2023-39306) risks, enabling unauthorized access and potential data breaches.
The Gafgyt botnet has resurfaced, with researchers raising the alarm about its current exploitation of a critical vulnerability impacting end-of-life Zyxel P660HN-T1A routers. This vulnerability, known as CVE-2017-18368 and possessing a CVSS v3 score of 9.8, centers around a command injection flaw within the Remote System Log forwarding function, accessible to unauthorized users. Despite Zyxel’s prior attempt to address the issue through firmware updates, the botnet’s persistence in exploiting the vulnerability, as indicated by Fortinet’s alert, underscores the urgent need for mitigation.
Security researchers uncover alarming vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning, enabling potential remote attacks. Researchers warn that exploiting these weaknesses could grant malicious actors full control over devices, allowing eavesdropping on calls, network attacks, and even the creation of botnets. The vulnerabilities were presented at the Black Hat USA conference, prompting the need for immediate attention to secure these systems against such attacks.
Ecommerce platforms powered by Adobe’s open source Magento 2 software are facing a relentless onslaught from an ongoing exploitation campaign, honing in on a critical vulnerability previously disclosed in early 2022. This relentless endeavor has been unveiled by security experts at Akamai, who have unearthed a server-side template injection offensive targeted at Magento 2 online stores that have yet to rectify CVE-2022-24086, an input validation vulnerability rated at a staggering CVSS score of 9.8. This pursuit for financial gain, which the researchers have aptly named “Xurum,” began its silent conquest in January 2023, meticulously exploiting older vulnerabilities as businesses struggle to maintain a fortified digital defense against resolute threat actors.
A set of 16 high-severity security vulnerabilities have been brought to light within the CODESYS V3 software development kit (SDK), known as CoDe16, potentially enabling remote code execution and denial-of-service incidents in operational technology (OT) settings. Tracked from CVE-2022-47378 through CVE-2022-47393, these flaws carry a CVSS score of 8.8, except for CVE-2022-47391 with a severity rating of 7.5. While user authentication and knowledge of CODESYS V3’s proprietary protocol are necessary for successful exploitation, the consequences of a breach could lead to shutdowns and malicious interference with critical automation processes. The potential misuse of these vulnerabilities, particularly the remote code execution flaws, could facilitate backdooring of OT devices and disruption of programmable logic controllers (PLCs), potentially enabling information theft and unauthorized control.
Security researchers have unveiled a set of severe vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). These vulnerabilities, ranging from CVE-2023-3259 to CVE-2023-3267, could potentially lead to unauthenticated access and allow attackers to orchestrate extensive damage within target environments. The treacherous flaws, carrying severity scores from 6.7 to 9.8, have the capacity to cripple data centers, compromise data integrity, and unleash large-scale attacks, underscoring the urgent need for comprehensive security measures.
A previously unknown threat actor has been associated with a targeted attack on a power generation company in southern Africa, utilizing a fresh variant of the SystemBC malware named DroxiDat. According to Kaspersky’s Global Research and Analysis Team (GReAT), the attack, which occurred in late March 2023, exhibited early signs of a potential ransomware strike. The DroxiDat malware was employed to profile the system and channel network traffic through SOCKS5 proxies to and from command-and-control (C2) infrastructure.
Zunami, a prominent Defi protocol specializing in stablecoin staking, faced a distressing incident as blockchain security firm PeckShield detected a targeted attack on August 13, leading to a significant loss of approximately $2.1 million. The attack exploited price manipulation vulnerabilities, allowing perpetrators to skew calculations through donations. Zunami, known for its high APY returns, confirmed the breach shortly after its detection, impacting stablecoins, USD stablecoins, and Zunami Ether.
In a presentation at the Black Hat conference, officials from the National Security Agency (NSA) and satellite internet provider Viasat provided in-depth information about a significant cyberattack that targeted Viasat during Russia’s invasion of Ukraine. The hack, attributed to Russian cybercriminals, disrupted Viasat’s KA-SAT modems and had downstream effects, impacting wind turbines in Germany and organizations across Europe. The attack was actually two separate incidents, one targeting a management center in Italy and another flooding Viasat’s systems with requests, highlighting the complexity of the operation. The NSA’s efforts to attribute the attack to Russian actors also played a role in imposing sanctions on Russia.
Cumbria Police’s confidential information took an unexpected public stroll as the names and salaries of their entire workforce, comprising over 2,000 employees, were accidentally published online. The blunder, which occurred in March but was only recently unveiled, prompted an official apology from the police force. Although not as grave as a previous similar incident involving the Police Service of Northern Ireland, where the risk was even greater due to potential terrorist threats, the leak has still left Cumbria’s force red-faced, considering the exposed data spanned covert and sensitive roles among its 2,112 personnel.
The Indian Parliament has approved data protection legislation aimed at regulating major tech companies and imposing penalties for data breaches. The legislation, while seeking to establish a framework for data protection authority and cross-border data transfer limitations, has sparked concerns over potential privacy violations and government access to personal data without consent. Critics argue that the new law could weaken citizens’ rights, grant excessive exemptions to the government, and enhance censorship, raising debates over the balance between data security and individual freedoms.
In response to the sanctions imposed due to the conflict in Ukraine, Microsoft has announced its decision to cease renewing licenses for its products to Russian companies starting in October. The move comes as a blow to many Russian corporate clients who heavily rely on Microsoft’s software. This decision has raised concerns about the cybersecurity vulnerability of Russian services without Microsoft’s software updates, potentially leaving them susceptible to cyberattacks, and may also push businesses towards using pirated tools as domestic alternatives are still in development.
In a significant cyber operation, law enforcement agencies have arrested five individuals and seized servers of Lolek bulletproof hosting provider, a platform allegedly facilitating Netwalker ransomware attacks and various malicious activities. Bulletproof hosting providers offer cybercriminals a safe haven to launch attacks without fear of shutdown, making them a prime target for authorities. Europol and the US Department of Justice revealed that Lolek was involved in cybercrimes ranging from DDoS attacks to hosting command and control servers, with charges brought against an individual who allegedly enabled criminal activities under the guise of privacy-focused services.
The Department of Homeland Security’s Cyber Safety Review Board (CSRB) has initiated a comprehensive examination of cloud security practices in response to recent Chinese cyberattacks targeting US government agency Microsoft Exchange accounts. Comprising public and private sectors, the CSRB’s role is to conduct thorough investigations, identify root causes, and offer cybersecurity recommendations. In this instance, the CSRB aims to enhance identity management and authentication within cloud environments, presenting actionable guidance to both the government and cloud service providers (CSPs) for safeguarding critical systems and data.
Asian smartphone giant Xiaomi has begun blocking the popular messaging platform Telegram from being installed on devices using its MIUI system and firmware interface. This development raises concerns about potential implications for free speech and privacy, as MIUI’s security feature labels Telegram as a “fraudulent” and “dangerous” app. The move is suspected to align with the Chinese government’s ongoing efforts to restrict digital communication spaces and control information flow, reflecting their broader narrative of limiting personal privacy and stifling free expression.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: