Barracuda Networks, a provider of security solutions, has urged its customers to replace email security gateways (ESGs) due to a CVE-2023-2868 vulnerability. The flaw, which has been exploited in the wild, allows remote attackers to remotely execute a system command using Perl’s qx operator with the privileges of the ESG product via a failure to comprehensively sanitize the processing of .tar file. The earliest evidence of exploitation was found in October 2022 by Australian Capital Territory government, resulting in a data breach via the flaw.
PowerDrop, a new PowerShell Remote Access Tool (RAT), has targeted an unnamed US aerospace defense contractor in a cyber-attack. Researchers at Adlumin discovered the malware, which uses a combination of Windows PowerShell script and Windows Management Instrumentation (WMI) to create the RAT. While researchers remain unclear about the attribution, Adlumin believes that based on the target and living off the land tactics, nation-state aggressors are likely behind this attack.
Ransomware group Cl0p claims responsibility for the utilization of the MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362). The ransomware group gave a June 14th deadline for victims to contact them, which is a departure from the group’s usual method of approach. This change in tactics could be related to the unusually large amount of data stolen by the group. The company initially targeted HR outsourcing firm Zellis, which resulted in more than 100,000 employees of firms such as BBC, British Airways, and Boots being warned that payroll data may have been taken.
Anonymous Sudan has launched a DDoS campaign against Microsoft services, disabling Outlook and ChatGPT, and demanding $1mn. The group originally targeted Lyft and hospitals after comments by US Secretary of State Anthony Blinken regarding US potential involvement in Sudan.
Researchers at Bitdefender have found a sophisticated malware campaign on mobile devices worldwide. The malware is designed to push adware into unsuspecting smartphone users’ online experience and disguise itself as legitimate apps, including game cracks, free VPNs, Netflix, YouTube, or TikTok without ads, and fake security software. The campaign can transition to pushing Trojans and other malware onto already infected devices.
In the Russia-Ukraine hybrid war update, the US Department of Defense has bought Starlink connectivity for additional support to Ukraine’s communications.
Researchers at Varonis have identified the UI bug (CVE-2023-28299) in Microsoft Visual Studio extension installer that could allow an attacker to impersonate any publisher. The flaw can be exploited by opening the VSIX file as a ZIP file and adding newline characters to the extension name, hiding the “Digital Signature: None” warning in the installation prompt, and adding a phony digital signature label at the beginning of the file name.
The US Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions against Iranian company ArvanCloud for its alleged role in facilitating the government censorship of the internet. The sanctions identified ArvanCloud as a key partner in establishing the National Information Network, a government-controlled internet that gave officials the power to limit citizens’ access to online content.