{"id":15007,"date":"2023-02-17T10:32:33","date_gmt":"2023-02-17T17:32:33","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=15007"},"modified":"2023-04-06T15:14:42","modified_gmt":"2023-04-06T22:14:42","slug":"securins-threat-intelligence-feb-13-2023-feb-17-2023","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securins-threat-intelligence-feb-13-2023-feb-17-2023\/","title":{"rendered":"Securin&#8217;s Threat Intelligence: Feb 13, 2023 to Feb 17, 2023"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15007\" class=\"elementor elementor-15007\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c7926eb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c7926eb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-33243357\" data-id=\"33243357\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc45ac1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc45ac1\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9a03310\" data-id=\"9a03310\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91253d0 elementor-widget elementor-widget-text-editor\" data-id=\"91253d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: left;\">This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c6088c elementor-widget elementor-widget-heading\" data-id=\"0c6088c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Why play catch up when you can fix it now?<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-634700b elementor-widget elementor-widget-spacer\" data-id=\"634700b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5981555 elementor-widget elementor-widget-heading\" data-id=\"5981555\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5fa93a elementor-widget elementor-widget-text-editor\" data-id=\"c5fa93a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#cisa-adds-3-new-cves-to-the-kev-catalog\">CISA Adds 3 New CVEs to the KEV Catalog<\/a><\/li><li><a href=\"#microsoft-fixes-80-flaws-on-february-patch-tuesday\">Microsoft Fixes 80 Flaws on February Patch Tuesday<\/a><\/li><li><a href=\"#new-malware-from-redeyes-m2rat\">New Malware from RedEyes: M2RAT<\/a><\/li><li><a href=\"#clop-ransomware-exploits-goanywhere-zero-day-to-breach-130-organizations\">Clop Ransomware Exploits GoAnywhere Zero-day to Breach 130 Organizations<\/a><\/li><li><a href=\"#new-scar-rental-botnet-gooberbot\">New Scar Rental Botnet &#8211; GooberBot<\/a><\/li><li><a href=\"#new-chinese-apt-group-dalbit-m00nlight\">New Chinese APT Group &#8211; Dalbit (m00nlight)<\/a><\/li><li><a href=\"#microsoft-exchange-proxyshell-vulnerabilities-exploited\">Microsoft Exchange ProxyShell Vulnerabilities Exploited<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2952cac elementor-widget elementor-widget-heading\" data-id=\"2952cac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33b4b1b elementor-widget elementor-widget-text-editor\" data-id=\"33b4b1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul dir=\"ltr\"><li><a href=\"#zero-day-vulnerability-in-apples-iphones-macs\">Zero-day Vulnerability in Apple\u2019s iPhones, Macs<\/a><\/li><li><a href=\"#cve-2023-25194-remote-code-execution-flaw-in-apache-kafka\">CVE-2023-25194: Remote Code Execution Flaw in Apache Kafka<\/a><\/li><li><a href=\"#cve-2022-47986-ibm-aspera-faspex-vulnerability\">CVE-2022-47986: IBM Aspera Faspex Vulnerability<\/a>\u00a0<\/li><li><a href=\"#cve-2023-20032-critical-flaw-in-clamav-open-source-antivirus-software\">CVE-2023-20032: Critical Flaw in ClamAV Open-Source Antivirus Software\u00a0<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6aeae0 elementor-widget elementor-widget-spacer\" data-id=\"e6aeae0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-285ec51 elementor-widget elementor-widget-heading\" data-id=\"285ec51\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51ca22b elementor-widget elementor-widget-text-editor\" data-id=\"51ca22b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CISA has taken special notice of the vulnerability now because North Korean nation-state hackers are said to have\u00a0<a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-february-6-2022-february-10-2022.html#Healthcare%20and%20Critical%20Infrastructure%20Sectors%20Under%20Attack%20From%20Korean%20Actors\" target=\"_blank\" rel=\"noopener\">weaponized this exploit<\/a>.\u00a0<\/p><p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-0669\" target=\"_blank\" rel=\"noopener\">CVE-2023-0669<\/a>\u00a0is the\u00a0<a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-february-6-2022-february-10-2022.html#GoAnywhere%20MFT%20Zero-day%20Vulnerability\" target=\"_blank\" rel=\"noopener\">GoAnywhere MFT zero-day vulnerability<\/a>\u00a0that hackers are actively exploiting now. Clop ransomware has breached more than 130 organizations by exploiting this vulnerability.<\/p><p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-2291\" target=\"_blank\" rel=\"noopener\">CVE-2015-2291<\/a>\u00a0impacts Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys). Exploiting this vulnerability can allow an attacker to drive the device into a denial-of-service state. Recently, the Scattered Spider APT group has been exploiting this vulnerability in the wild.\u00a0<\/p><p dir=\"ltr\">On 14 Feb 2023, CISA added 4 more CVEs to the KEV &#8211; CVE-2023-23376, CVE-2023-21715, CVE-2023-21823, and CVE-2023-23529. All these vulnerabilities were added to the KEV catalog after the vendor, Microsoft released patches for them on February Patch Tuesday.<\/p><p dir=\"ltr\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23376\" target=\"_blank\" rel=\"noopener\">CVE-2023-23376<\/a>\u00a0is a privilege escalation flaw in Windows common log file system driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.<\/p><p dir=\"ltr\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21715\" target=\"_blank\" rel=\"noopener\">CVE-2023-21715<\/a>\u00a0is a feature bypass vulnerability in Microsoft Publisher. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering and attack the local device.<\/p><p dir=\"ltr\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21823\" target=\"_blank\" rel=\"noopener\">CVE-2023-21823<\/a>\u00a0is a Windows graphics component remote code execution vulnerability that can grant SYSTEM privileges to an attacker.<\/p><p dir=\"ltr\"><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/843.html\" target=\"_blank\" rel=\"noopener\">CVE-2023-23529<\/a>\u00a0is Apple\u2019s type confusion issue that can be exploited for arbitrary code execution by getting the targeted user to access a malicious website. It is actively being exploited now.<\/p><p dir=\"ltr\">On Feb 16, 2023, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-46169\" target=\"_blank\" rel=\"noopener\">CVE-2022-46169<\/a> was also added to the Known Exploitable Vulnerabilities Catalog. This vulnerability is a critical command injection flaw found in the Cacti monitoring solution. It allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. Since an exploit for it was published, attackers have been actively exploiting this vulnerability in Cacti. CVE-2022-46169 was\u00a0<a href=\"https:\/\/github.com\/Cacti\/cacti\/security\/advisories\/GHSA-6p93-p743-35gf\" target=\"_blank\" rel=\"noopener\">patched<\/a>\u00a0in December 2023.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1558ea3 elementor-widget elementor-widget-menu-anchor\" data-id=\"1558ea3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cisa-adds-3-new-cves-to-the-kev-catalog\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51aa5a8 elementor-widget elementor-widget-heading\" data-id=\"51aa5a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CISA Adds 3 New CVEs to the KEV Catalog<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac5ca53 elementor-widget elementor-widget-text-editor\" data-id=\"ac5ca53\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">On 10, Feb 2023, CISA added <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24990\" target=\"_blank\" rel=\"noopener\">CVE-2022-24990<\/a>, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-0669\" target=\"_blank\" rel=\"noopener\">CVE-2023-0669<\/a>, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-2291\" target=\"_blank\" rel=\"noopener\">CVE-2015-2291<\/a> to the KEV catalog.<\/p><p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24990\" target=\"_blank\" rel=\"noopener\">CVE-2022-24990<\/a>\u00a0is the TerraMaster RCE vulnerability that affects their network-attached storage (TNAS) devices. An unauthenticated attack can also execute commands by exploiting this vulnerability. Given below is an image of the vulnerability\u2019s progression since discovery.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c1f23d elementor-widget elementor-widget-image\" data-id=\"1c1f23d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1407\" height=\"242\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/pasted-image-0-11.png\" class=\"attachment-full size-full wp-image-15010\" alt=\"img37\" srcset=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/pasted-image-0-11.png 1407w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/pasted-image-0-11-300x52.png 300w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/pasted-image-0-11-1024x176.png 1024w, https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/02\/pasted-image-0-11-768x132.png 768w\" sizes=\"(max-width: 1407px) 100vw, 1407px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-46d3b2e elementor-widget elementor-widget-spacer\" data-id=\"46d3b2e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55ee3ee elementor-widget elementor-widget-spacer\" data-id=\"55ee3ee\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eba79d8 elementor-widget elementor-widget-menu-anchor\" data-id=\"eba79d8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"microsoft-fixes-80-flaws-on-february-patch-tuesday\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a6dfce elementor-widget elementor-widget-heading\" data-id=\"4a6dfce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Microsoft Fixes 80 Flaws on February Patch Tuesday<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1e46ef9 elementor-widget elementor-widget-text-editor\" data-id=\"1e46ef9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">These include 3 actively exploited zero-days &#8211; <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-23376\" target=\"_blank\" rel=\"noopener\">CVE-2023-23376<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21715\" target=\"_blank\" rel=\"noopener\">CVE-2023-21715<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-21823\" target=\"_blank\" rel=\"noopener\">CVE-2023-21823<\/a>. Other notable fixes include 12 elevation of privilege vulnerabilities, 2 security feature bypass vulnerabilities and 38 remote code execution vulnerabilities.\u00a0<\/p><p dir=\"ltr\">You can find all the updates\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/microsoft-patch-tuesday-reports\/February-2023.html\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d365cde elementor-widget elementor-widget-spacer\" data-id=\"d365cde\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2107947 elementor-widget elementor-widget-menu-anchor\" data-id=\"2107947\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"new-malware-from-redeyes-m2rat\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eba0fe2 elementor-widget elementor-widget-heading\" data-id=\"eba0fe2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">New Malware from RedEyes: M2RAT<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7aa875f elementor-widget elementor-widget-text-editor\" data-id=\"7aa875f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>RedEyes AKS ScarCruft has been using a new malware strain called M2RAT in their attacks on individuals for intelligence collection. This new malware uses a shared memory section for commands and data exfiltration and leaves very few operational traces on the infected machine. Initial access to victims\u2019 devices involves phishing emails with malicious attachments. The attachments are sometimes JPG image files which use steganography for malicious activity. Using steganography, attackers can\u00a0 hide code inside image files, to stealthily introduce the M2RAT executable (&#8220;lskdjfei.exe&#8221;) onto the system and inject it into &#8220;explorer.exe.&#8221; This malware can perform keylogging, data theft, command execution, and then take screenshots from the desktop. It can also be used to exfiltrate data from phones. Before exfiltration, the stolen data is compressed in a password-protected RAR archive, and the local copy is wiped from memory to eliminate any traces.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db8b7a5 elementor-widget elementor-widget-spacer\" data-id=\"db8b7a5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-220a9e2 elementor-widget elementor-widget-menu-anchor\" data-id=\"220a9e2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"clop-ransomware-exploits-goanywhere-zero-day-to-breach-130-organizations\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5ca447 elementor-widget elementor-widget-heading\" data-id=\"e5ca447\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Clop Ransomware Exploits GoAnywhere Zero-day to Breach 130 Organizations<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-093a3c1 elementor-widget elementor-widget-text-editor\" data-id=\"093a3c1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Last week we learnt of the zero-day vulnerability in GoAnywhere MFT application, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-0669\" target=\"_blank\" rel=\"noopener\">CVE-2023-0669<\/a>. More than 1000 administrative ports of this solution are exposed to the public internet. It is now discovered that the Clop ransomware group has been exploiting this vulnerability to breach servers in around 130 organizations and steal their data. The group claimed that they could even move laterally through their victims\u2019 networks and deploy ransomware payloads to encrypt their systems but resigned to just stealing the data for the time being. There is no news on ransom demands from the group or the affected organizations.<\/p><p dir=\"ltr\">The MFT vulnerability has received two patches from Forta since its disclosure. One\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/actively-exploited-goanywhere-mft-zero-day-gets-emergency-patch\/\" target=\"_blank\" rel=\"noopener\">emergency patch<\/a>\u00a0was released immediately after the discovery and the other which can be accessible only after logging in with a user account. All GoAnywhere MFT users should apply these patches without delay.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dccfe11 elementor-widget elementor-widget-spacer\" data-id=\"dccfe11\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a6aa00 elementor-widget elementor-widget-menu-anchor\" data-id=\"6a6aa00\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"new-scar-rental-botnet-gooberbot\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77b4866 elementor-widget elementor-widget-heading\" data-id=\"77b4866\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">New Scar Rental Botnet - GooberBot<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6358c91 elementor-widget elementor-widget-text-editor\" data-id=\"6358c91\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">The Scar rental botnet is a malware service that attackers can buy for low-cost attacks. Their latest development is the GooberBot which exploits <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30525\" target=\"_blank\" rel=\"noopener\">CVE-2022-30525<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205\" target=\"_blank\" rel=\"noopener\">CVE-2021-22205<\/a>, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-35394\" target=\"_blank\" rel=\"noopener\">CVE-2021-35394<\/a>.\u00a0 More than 10 products are affected by these vulnerabilities and exploits are also available for CVE-2022-30525 and CVE-2021-22205 . The malware is said to be still in development. There are 3 versions of the malware. In the first version, the botnet communicates with the C2 server in plaintext directly instead of encrypted data. In the next version, an encryption algorithm was used in communication. In the latest version, the single instance check method was changed to determine if the network communication of the C2 server is established.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4cb82c1 elementor-widget elementor-widget-spacer\" data-id=\"4cb82c1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70f9af1 elementor-widget elementor-widget-menu-anchor\" data-id=\"70f9af1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"new-chinese-apt-group-dalbit-m00nlight\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1fcee70 elementor-widget elementor-widget-heading\" data-id=\"1fcee70\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">New Chinese APT Group - Dalbit (m00nlight)<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cabfdfa elementor-widget elementor-widget-text-editor\" data-id=\"cabfdfa\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">This new Chinese APT group calls itself Dalbit (moonlight in Korean) and targets Korean companies. This group relies on open-source tools to profile themselves and sometimes leaves some infected companies as proxies and download servers. They later use them as means to communicate with the threat actor upon infiltration of another company. Dalbit targets small-mid range companies in multiple sectors and exploits them for ransom. Dalbit targets three vulnerabilities:<\/p><p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-8639\" target=\"_blank\" rel=\"noopener\">CVE-2018-8639<\/a>\u00a0and\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-1458\" target=\"_blank\" rel=\"noopener\">CVE-2019-1458<\/a>: Elevation of privilege vulnerabilities that exist in Windows when the Win32k component fails to properly handle objects in memory.<\/p><p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-10271\" target=\"_blank\" rel=\"noopener\">CVE-2017-10271<\/a>: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in the takeover of the Oracle WebLogic Server.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e9d23e elementor-widget elementor-widget-spacer\" data-id=\"2e9d23e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-03d1299 elementor-widget elementor-widget-menu-anchor\" data-id=\"03d1299\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"microsoft-exchange-proxyshell-vulnerabilities-exploited\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-73c44a7 elementor-widget elementor-widget-heading\" data-id=\"73c44a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Microsoft Exchange ProxyShell Vulnerabilities Exploited<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b59d13c elementor-widget elementor-widget-text-editor\" data-id=\"b59d13c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Threat actors are targeting the proxyshell vulnerabilities <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34473\" target=\"_blank\" rel=\"noopener\">CVE-2021-34473<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34523\" target=\"_blank\" rel=\"noopener\">CVE-2021-34523<\/a> to deliver ProxyShellMiner to Windows endpoints in a highly evasive malware campaign. After initial access and successful delivery of the malware, the attackers compromised the mail servers that host the malware-dependent files. The malware requires a command line parameter to be supplied upon execution. This parameter is later used as a key for the XMRig miner configuration, and as an anti-runtime analysis tactic. The malware uses XMrig (Open source cryptocurrency miner) to mine cryptocurrency in the compromised systems.<\/p><p dir=\"ltr\">Exchange servers that contain the remote code execution vulnerability\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34473\" target=\"_blank\" rel=\"noopener\">CVE-2021-34473\u00a0<\/a>and the privilege escalation vulnerability\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34523\" target=\"_blank\" rel=\"noopener\">CVE-2021-34523<\/a>\u00a0are targeted in these attacks. Organizations using Microsoft Exchange servers should take steps to immediately patch these vulnerabilities.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0371f6b elementor-widget elementor-widget-spacer\" data-id=\"0371f6b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb7c0c2 elementor-widget elementor-widget-heading\" data-id=\"fb7c0c2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f7ec6fb elementor-widget elementor-widget-spacer\" data-id=\"f7ec6fb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0b0aa58 elementor-widget elementor-widget-menu-anchor\" data-id=\"0b0aa58\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"zero-day-vulnerability-in-apples-iphones-macs\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0345e89 elementor-widget elementor-widget-heading\" data-id=\"0345e89\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Zero-day Vulnerability in Apple\u2019s iPhones, Macs<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0737983 elementor-widget elementor-widget-text-editor\" data-id=\"0737983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23529\" target=\"_blank\" rel=\"noopener\">CVE-2023-23529<\/a>\u00a0 is a WebKit confusion flaw that can allow arbitrary code execution and trigger OS crashes on compromised devices. An attacker can achieve this by sending maliciously crafted web content. Apple addressed this vulnerability with improved checks in iOS\u00a0<a href=\"https:\/\/support.apple.com\/en-us\/HT213635\" target=\"_blank\" rel=\"noopener\">16.3.1<\/a>, iPadOS 16.3.1, and macOS Ventura\u00a0<a href=\"https:\/\/support.apple.com\/en-us\/HT213633\" target=\"_blank\" rel=\"noopener\">13.2.1<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-716cc8c elementor-widget elementor-widget-spacer\" data-id=\"716cc8c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-436e252 elementor-widget elementor-widget-menu-anchor\" data-id=\"436e252\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-25194-remote-code-execution-flaw-in-apache-kafka\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-118e0a7 elementor-widget elementor-widget-heading\" data-id=\"118e0a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-25194: Remote Code Execution Flaw in Apache Kafka<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36c1f26 elementor-widget elementor-widget-text-editor\" data-id=\"36c1f26\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-25194\" target=\"_blank\" rel=\"noopener\">CVE-2023-25194<\/a> was discovered in Apache Kafka Connect, a free, open-source component of Apache Kafka that operates as a central hub for data integration between systems, databases, and key-value stores. When exploited, it can lead to remote code execution or denial-of-service. However, it can only be triggered when there is access to a Kafka Connect worker \u2013 a logical work unit component \u2013 and the user must also be able to create or modify worker connectors with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol.\u00a0<\/p><p dir=\"ltr\"><strong><em>Apache released a\u00a0<a href=\"https:\/\/kafka.apache.org\/cve-list\" target=\"_blank\" rel=\"noopener\">patch<\/a>\u00a0for it and recommends that users update to the latest version.<\/em><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b81cac elementor-widget elementor-widget-spacer\" data-id=\"5b81cac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-788a530 elementor-widget elementor-widget-menu-anchor\" data-id=\"788a530\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2022-47986-ibm-aspera-faspex-vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61ced82 elementor-widget elementor-widget-heading\" data-id=\"61ced82\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2022-47986: IBM Aspera Faspex Vulnerability <\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c4667f elementor-widget elementor-widget-text-editor\" data-id=\"3c4667f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">This\u00a0 is a YAML deserialization flaw that can be exploited by a remote attacker for arbitrary code execution using specially crafted API calls. It was discovered in October 2022 and\u00a0<a href=\"https:\/\/www.ibm.com\/support\/pages\/node\/6952319\" target=\"_blank\" rel=\"noopener\">fixed<\/a>\u00a0in Jan 2023. It is classified as a high-severity vulnerability and more than 100 internet-exposed Aspera Faspex servers are available all over the world. An\u00a0<a href=\"https:\/\/blog.assetnote.io\/2023\/02\/02\/pre-auth-rce-aspera-faspex\/\" target=\"_blank\" rel=\"noopener\">exploit concept<\/a>\u00a0for this vulnerability was recently published making it even more dangerous to leave it unpatched.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-857d3da elementor-widget elementor-widget-spacer\" data-id=\"857d3da\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c04fc8 elementor-widget elementor-widget-menu-anchor\" data-id=\"3c04fc8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-20032-critical-flaw-in-clamav-open-source-antivirus-software\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c45cee4 elementor-widget elementor-widget-heading\" data-id=\"c45cee4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-20032: Critical Flaw in ClamAV Open-Source Antivirus Software<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-887a570 elementor-widget elementor-widget-text-editor\" data-id=\"887a570\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">The <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20032\" target=\"_blank\" rel=\"noopener\">CVE-2023-20032<\/a> vulnerability is found in the HFS+ file parser component of the antivirus software ClamAV. It has a critical rating of 9.8 on the CVSS scale and affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.\u00a0 If exploited, it could allow an attacker to run arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the process, resulting in a denial-of-service (DoS) condition. CISCO has published an <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-clamav-q8DThCy\" target=\"_blank\" rel=\"noopener\">advisory<\/a>\u00a0for this vulnerability.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-d07bcdb elementor-widget elementor-widget-spacer\" data-id=\"d07bcdb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc3ccab elementor-widget elementor-widget-text-editor\" data-id=\"dc3ccab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: center;\">Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6c64b6 elementor-cta--skin-classic elementor-animated-content elementor-bg-transform elementor-bg-transform-zoom-in elementor-widget elementor-widget-call-to-action\" data-id=\"c6c64b6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"call-to-action.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-cta\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta__content\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h3 class=\"elementor-cta__title elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tLeverage our expertise to continuously manage your threats & exposures.\t\t\t\t\t<\/h3>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__button-wrapper elementor-cta__content-item elementor-content-item \">\n\t\t\t\t\t<a class=\"elementor-cta__button elementor-button elementor-size-lg\" href=\"\/vulnerability-intelligence\/\" target=\"_blank\">\n\t\t\t\t\t\tLEARN HOW\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.<\/p>\n","protected":false},"author":1,"featured_media":13471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,146],"tags":[603,107,89,605,584,601,586,600,604,602,598,116,150,91,597,599,424,108],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15007"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=15007"}],"version-history":[{"count":33,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15007\/revisions"}],"predecessor-version":[{"id":17448,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15007\/revisions\/17448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=15007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=15007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=15007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}