{"id":15789,"date":"2023-02-24T09:17:11","date_gmt":"2023-02-24T16:17:11","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=15789"},"modified":"2023-04-19T03:19:50","modified_gmt":"2023-04-19T10:19:50","slug":"securins-threat-intelligence-feb-20-2023-feb-24-2023","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securins-threat-intelligence-feb-20-2023-feb-24-2023\/","title":{"rendered":"Securin&#8217;s Threat Intelligence: Feb 20, 2023 &#8211; Feb 24, 2023"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15789\" class=\"elementor elementor-15789\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c7926eb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c7926eb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-33243357\" data-id=\"33243357\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc45ac1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc45ac1\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9a03310\" data-id=\"9a03310\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91253d0 elementor-widget elementor-widget-text-editor\" data-id=\"91253d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: left;\">This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c6088c elementor-widget elementor-widget-heading\" data-id=\"0c6088c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Why play catch up when you can fix it now?<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-634700b elementor-widget elementor-widget-spacer\" data-id=\"634700b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5981555 elementor-widget elementor-widget-heading\" data-id=\"5981555\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5fa93a elementor-widget elementor-widget-text-editor\" data-id=\"c5fa93a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#earth-kitsune-uses-new-malware-whiskerspy\">Earth Kitsune Uses New Malware, WhiskerSpy<\/a><\/li><li><a href=\"#cisa-added-3-new-vulnerabilities-to-the-kev-catalog\">CISA Added 3 New Vulnerabilities to the KEV Catalog<\/a><\/li><li><a href=\"#indian-apt-group-sidewinder-targets-educational-institutions\">Indian APT Group Sidewinder Targets Educational Institutions<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2952cac elementor-widget elementor-widget-heading\" data-id=\"2952cac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33b4b1b elementor-widget elementor-widget-text-editor\" data-id=\"33b4b1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul dir=\"ltr\"><li><a href=\"#cve-2022-39952-and-cve-2021-42756-critical-flaws-in-fortinet\">CVE-2022-39952 and CVE-2021-42756: Critical Flaws in Fortinet<\/a><\/li><li><a href=\"#cve-2023-20858-critical-vmware-vulnerability\">CVE-2023-20858: Critical VMware Vulnerability<\/a><\/li><li><a href=\"#critical-vulnerabilities-in-apple-os\">Critical Vulnerabilities in Apple OS<\/a><\/li><li><a href=\"#cve-2022-36537-vulnerability-in-r1soft-server-backup-manager\">CVE-2022-36537: Vulnerability in R1Soft Server Backup Manager<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6aeae0 elementor-widget elementor-widget-spacer\" data-id=\"e6aeae0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-285ec51 elementor-widget elementor-widget-heading\" data-id=\"285ec51\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bb8cd34 elementor-widget elementor-widget-spacer\" data-id=\"bb8cd34\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0084fd elementor-widget elementor-widget-menu-anchor\" data-id=\"e0084fd\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"earth-kitsune-uses-new-malware-whiskerspy\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51aa5a8 elementor-widget elementor-widget-heading\" data-id=\"51aa5a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Earth Kitsune Uses New Malware, WhiskerSpy<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac5ca53 elementor-widget elementor-widget-text-editor\" data-id=\"ac5ca53\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Earth Kitsune is a new threat actor known for targeting North Korean entities. In a recent campaign, researchers have found that the group is using a new backdoor known as WhiskerSpy. This malware was delivered to the victims\u2019 devices when they tried to watch videos on a malicious website. The attacker compromised the website and injected a malicious script that asked the victim to install a video codec for the media to run. This tactic is known as a watering hole attack. WhiskerSpy can perform a number of actions including: interactive shell, download file, upload file, delete file, list files, take screenshot, load executable and call its export, and inject shellcode into a process.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8be3c51 elementor-widget elementor-widget-spacer\" data-id=\"8be3c51\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c6316e0 elementor-widget elementor-widget-menu-anchor\" data-id=\"c6316e0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cisa-added-3-new-vulnerabilities-to-the-kev-catalog\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a6dfce elementor-widget elementor-widget-heading\" data-id=\"4a6dfce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CISA Added 3 New Vulnerabilities to the KEV Catalog<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1e46ef9 elementor-widget elementor-widget-text-editor\" data-id=\"1e46ef9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">On February 22, 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) added <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-47986\" target=\"_blank\" rel=\"noopener\">CVE-2022-47986<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41223\" target=\"_blank\" rel=\"noopener\">CVE-2022-41223<\/a>, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-40765\" target=\"_blank\" rel=\"noopener\">CVE-2022-40765<\/a> to the Known Exploitable Vulnerabilities catalog.\u00a0<\/p><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-47986\" target=\"_blank\" rel=\"noopener\">CVE-2022-47986<\/a> is the IBM Aspera Faspex remote code execution vulnerability that could allow a remote attacker to execute arbitrary code in a compromised system. There is evidence that this vulnerability is actively exploited in the wild, especially after a proof of concept for the exploit was released.\u00a0<\/p><\/li><\/ul><p dir=\"ltr\">We warned our customers regarding this vulnerability in last week\u2019s\u00a0<a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-february-13-2022-february-17-2022.html\" target=\"_blank\" rel=\"noopener\">threat intelligence blog<\/a>.<\/p><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41223\" target=\"_blank\" rel=\"noopener\">CVE-2022-41223<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-40765\" target=\"_blank\" rel=\"noopener\">CVE-2022-40765<\/a> impact Mitel\u2019s MiVoice Connect product. These code and command injection vulnerabilities allow an authenticated attacker with internal network access to execute arbitrary code. Mitel\u00a0<a href=\"https:\/\/helpx.adobe.com\/security\/products\/character_animator\/apsb21-95.html\" target=\"_blank\" rel=\"noopener\">patched<\/a>\u00a0these vulnerabilities in October 2022 but they still are targeted by attackers.<\/p><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-722575c elementor-widget elementor-widget-spacer\" data-id=\"722575c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-96e2891 elementor-widget elementor-widget-menu-anchor\" data-id=\"96e2891\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"indian-apt-group-sidewinder-targets-educational-institutions\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eba0fe2 elementor-widget elementor-widget-heading\" data-id=\"eba0fe2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Indian APT Group Sidewinder Targets Educational Institutions<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7aa875f elementor-widget elementor-widget-text-editor\" data-id=\"7aa875f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Sidewinder (AKA Rattlesnake) is an Indian APT group that has been active since 2012. It carries out cyber espionage campaigns in Asian countries such as China, Pakistan, Bangladesh , etc. In a recent attack the group targeted Chinese scientific research universities and institutions using phishing emails with malicious attachments. In addition to this, they\u2019ve also used template injection to deliver malicious documents and launched attacks on the Pakistani government, military and other units. The group is suspected to download trojan horses in every download to carry out subsequent attacks. To gain initial access, Sidewinder has exploited\u00a0\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-11882\" target=\"_blank\" rel=\"noopener\">CVE-2017-11882<\/a>. It is a Microsoft Office memory corruption vulnerability. It has over 1500 exploits and is associated with 8 ransomware strains.\u00a0<\/p><p dir=\"ltr\"><strong>CVE Details<\/strong><\/p><p dir=\"ltr\">CVE: CVE-2017-11882<\/p><p dir=\"ltr\">CVSS: 9.3<\/p><p dir=\"ltr\">CWE ID: CWE-119<\/p><p dir=\"ltr\">Exploit Type: RCE,PE,WebApp<\/p><p dir=\"ltr\">Affected Product Count: 4<\/p><p dir=\"ltr\">APT Associations: Swede, Lone Wolf, and 21 others<\/p><p dir=\"ltr\">Ransomware Associations: Zemblax, Fake Globe, and 6 others<\/p><p dir=\"ltr\">Patch Link:\u00a0<a href=\"https:\/\/exchange.xforce.ibmcloud.com\/vulnerabilities\/134283\" target=\"_blank\" rel=\"noopener\">Download<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0371f6b elementor-widget elementor-widget-spacer\" data-id=\"0371f6b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb7c0c2 elementor-widget elementor-widget-heading\" data-id=\"fb7c0c2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e96873c elementor-widget elementor-widget-spacer\" data-id=\"e96873c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7193e87 elementor-widget elementor-widget-menu-anchor\" data-id=\"7193e87\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2022-39952-and-cve-2021-42756-critical-flaws-in-fortinet\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0345e89 elementor-widget elementor-widget-heading\" data-id=\"0345e89\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2022-39952 and CVE-2021-42756: Critical Flaws in Fortinet<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0737983 elementor-widget elementor-widget-text-editor\" data-id=\"0737983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Fortinet fixed two critical remote code execution flaws in its products.<\/p><p dir=\"ltr\"><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-300\" target=\"_blank\" rel=\"noopener\">CVE-2022-39952<\/a>\u00a0affects FortiNAC. It has a critical rating of 9.8 on the CVSS scale. An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system using this vulnerability.<\/p><p dir=\"ltr\"><strong>Update<\/strong>: Threat actors are actively exploiting CVE-2022-39952 targeting Internet-exposed Fortinet appliances. They\u2019ve been observed using corn jobs to open reverse shells to attackers&#8217; IP addresses after gaining initial access.\u00a0<\/p><p dir=\"ltr\"><a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-21-186\" target=\"_blank\" rel=\"noopener\">CVE-2021-42756<\/a>\u00a0affects FortiWeb and it has 9.3 on the CVSS scale. Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb&#8217;s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d192eae elementor-widget elementor-widget-spacer\" data-id=\"d192eae\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-796aab1 elementor-widget elementor-widget-menu-anchor\" data-id=\"796aab1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-20858-critical-vmware-vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-118e0a7 elementor-widget elementor-widget-heading\" data-id=\"118e0a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-20858: Critical VMware Vulnerability <\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36c1f26 elementor-widget elementor-widget-text-editor\" data-id=\"36c1f26\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20858\" target=\"_blank\" rel=\"noopener\">CVE-2023-20858<\/a> is a vulnerability in VMware\u2019s Carbon Black App Control product. It rates 9.1 on the CVSS scale. An authenticated threat actor with access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. VMware released a\u00a0<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0004.html\" target=\"_blank\" rel=\"noopener\">security advisory<\/a>\u00a0for this vulnerability and urged users to update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1151be4 elementor-widget elementor-widget-spacer\" data-id=\"1151be4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e3e4d4 elementor-widget elementor-widget-menu-anchor\" data-id=\"2e3e4d4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"critical-vulnerabilities-in-apple-os\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61ced82 elementor-widget elementor-widget-heading\" data-id=\"61ced82\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Critical Vulnerabilities in Apple OS<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c4667f elementor-widget elementor-widget-text-editor\" data-id=\"3c4667f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23530\" target=\"_blank\" rel=\"noopener\">CVE-2023-23530<\/a>, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-23531\" target=\"_blank\" rel=\"noopener\">CVE-2023-23531<\/a>, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23520\" target=\"_blank\" rel=\"noopener\">CVE-2023-23520<\/a> were recently disclosed by Apple in a\u00a0<a href=\"https:\/\/support.apple.com\/en-us\/HT213605\" target=\"_blank\" rel=\"noopener\">security advisory<\/a>.\u00a0<\/p><ul><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23530\" target=\"_blank\" rel=\"noopener\">CVE-2023-23530<\/a> is due to a race condition in the\u00a0 Crash Reporter component. If exploited, it could enable a malicious actor to read arbitrary files as root.\u00a0<\/p><\/li><li dir=\"ltr\" aria-level=\"1\"><p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-23531\" target=\"_blank\" rel=\"noopener\">CVE-2023-23531<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23520\" target=\"_blank\" rel=\"noopener\">CVE-2023-23520<\/a> are present in the Foundation Framework. They could allow an attacker to remotely execute code in the compromised device.<\/p><\/li><\/ul><p dir=\"ltr\">All three are classified as medium severity vulnerabilities.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-be2f369 elementor-widget elementor-widget-spacer\" data-id=\"be2f369\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eefdf8a elementor-widget elementor-widget-menu-anchor\" data-id=\"eefdf8a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2022-36537-vulnerability-in-r1soft-server-backup-manager\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c45cee4 elementor-widget elementor-widget-heading\" data-id=\"c45cee4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2022-36537: Vulnerability in R1Soft Server Backup Manager<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-887a570 elementor-widget elementor-widget-text-editor\" data-id=\"887a570\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-36537\" target=\"_blank\" rel=\"noopener\">CVE-2022-36537<\/a> is actively being exploited by deploying backdoors. It is a vulnerability in the ZK Java Framework that R1Soft Server Backup Manager utilizes. An attacker can exploit it to bypass authentication and even remotely execute code in R1Soft server software and its connected backup agents. In one of the recent attacks, researchers discovered that the vulnerability was used to gain initial access and drop a malicious JDBC driver. This driver can load new functionalities in memory and execute commands. ZK released a\u00a0<a href=\"https:\/\/tracker.zkoss.org\/browse\/ZK-5150\" target=\"_blank\" rel=\"noopener\">security advisory<\/a>\u00a0for this vulnerability and recommends users to patch it as soon as possible.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-d07bcdb elementor-widget elementor-widget-spacer\" data-id=\"d07bcdb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4191c27 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4191c27\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-86fdcef\" data-id=\"86fdcef\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fa347a6 elementor-widget elementor-widget-spacer\" data-id=\"fa347a6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc3ccab elementor-widget elementor-widget-text-editor\" data-id=\"dc3ccab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: center;\">Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.<\/p><p dir=\"ltr\" style=\"text-align: center;\"><strong>Leverage our expertise and manage your threats continuously to stay safe from attackers.\u00a0<\/strong><a href=\"https:\/\/webdev.securin.xyz\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Talk to Us!<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c35a2b2 elementor-widget elementor-widget-spacer\" data-id=\"c35a2b2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.<\/p>\n","protected":false},"author":1,"featured_media":13471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,146],"tags":[612,107,89,608,344,116,613,611,610,218,139,609],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15789"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=15789"}],"version-history":[{"count":24,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15789\/revisions"}],"predecessor-version":[{"id":17816,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15789\/revisions\/17816"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=15789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=15789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=15789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}