{"id":15811,"date":"2023-03-03T13:37:05","date_gmt":"2023-03-03T20:37:05","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=15811"},"modified":"2023-04-19T03:15:44","modified_gmt":"2023-04-19T10:15:44","slug":"securins-threat-intelligence-feb-27-2023-mar-3-2023","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securins-threat-intelligence-feb-27-2023-mar-3-2023\/","title":{"rendered":"Securin&#8217;s Threat Intelligence: Feb 27, 2023 &#8211; Mar 3, 2023"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15811\" class=\"elementor elementor-15811\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c7926eb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c7926eb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-33243357\" data-id=\"33243357\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc45ac1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc45ac1\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9a03310\" data-id=\"9a03310\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-91253d0 elementor-widget elementor-widget-text-editor\" data-id=\"91253d0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: left;\">This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c6088c elementor-widget elementor-widget-heading\" data-id=\"0c6088c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Why play catch up when you can fix it now?<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-012e894 elementor-widget elementor-widget-spacer\" data-id=\"012e894\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5981555 elementor-widget elementor-widget-heading\" data-id=\"5981555\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5fa93a elementor-widget elementor-widget-text-editor\" data-id=\"c5fa93a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#new-backdoor-from-lazarus-apt\">New Backdoor from Lazarus APT<\/a><\/li><li><a href=\"#cisa-adds-cve-2022-36537-to-the-kev-catalog\">CISA Adds CVE-2022-36537 to the KEV Catalog<\/a><\/li><li><a href=\"#the-very-active-rig-exploit-kit\">The Very Active RIG Exploit Kit\u00a0<\/a><\/li><li><a href=\"#ares-hacking-group-uses-kaiji-botnet-in-attacks\">Ares Hacking Group uses Kaiji Botnet in Attacks<\/a><\/li><li><a href=\"#blacklotus-bypasses-uefi-secure-boot\">BlackLotus Bypasses UEFI Secure Boot<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2952cac elementor-widget elementor-widget-heading\" data-id=\"2952cac\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33b4b1b elementor-widget elementor-widget-text-editor\" data-id=\"33b4b1b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul dir=\"ltr\"><li><a href=\"#critical-flaws-in-wordpress\">Critical flaws in WordPress<\/a><\/li><li><a href=\"#cve-2022-38108-solarwinds-vulnerability\">CVE-2022-38108: SolarWinds Vulnerability<\/a><\/li><li><a href=\"#critical-vulnerabilities-in-cisco\">Critical Vulnerabilities in CISCO<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6aeae0 elementor-widget elementor-widget-spacer\" data-id=\"e6aeae0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-285ec51 elementor-widget elementor-widget-heading\" data-id=\"285ec51\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a04a63a elementor-widget elementor-widget-spacer\" data-id=\"a04a63a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a24710 elementor-widget elementor-widget-menu-anchor\" data-id=\"8a24710\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"new-backdoor-from-lazarus-apt\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51aa5a8 elementor-widget elementor-widget-heading\" data-id=\"51aa5a8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">New Backdoor from Lazarus APT<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac5ca53 elementor-widget elementor-widget-text-editor\" data-id=\"ac5ca53\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">The notorious Lazarus APT group (origin: North Korea) is found to have been using a new backdoor, WinorDLL64 in a recent attack campaign in South Korea. WinorDLL64 can perform file manipulation, such as exfiltrating, overwriting, and removing files. Apart from this, it can also execute additional commands and acquire extensive system information. The group exploited <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-21551\" target=\"_blank\" rel=\"noopener\">CVE-2021-21551<\/a>, Dell dbutil Driver\u2019s insufficient access control vulnerability to gain initial access. The WinorDLL64 campaign technique overlaps with Lazarus\u2019 previous attack campaign Operation GhostSecret. The loader for it is virtualized by the Oreans\u2019 Code Virtualizer, which is a commercial protector that is used frequently by Lazarus.<\/p><p dir=\"ltr\"><strong>CVE Details<\/strong><\/p><p dir=\"ltr\">CVE: CVE-2021-21551<\/p><p dir=\"ltr\">CVSS: 7.8<\/p><p dir=\"ltr\">CWE ID: CWE-285<\/p><p dir=\"ltr\">Exploit Type: RCE,PE,WebApp<\/p><p dir=\"ltr\">Affected Product Count: 1<\/p><p dir=\"ltr\">Patch Link:\u00a0<a href=\"https:\/\/www.tenable.com\/plugins\/nessus\/149524\" target=\"_blank\" rel=\"noopener\">Download<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-abb5975 elementor-widget elementor-widget-spacer\" data-id=\"abb5975\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b2cf20 elementor-widget elementor-widget-menu-anchor\" data-id=\"5b2cf20\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cisa-adds-cve-2022-36537-to-the-kev-catalog\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a6dfce elementor-widget elementor-widget-heading\" data-id=\"4a6dfce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CISA Adds CVE-2022-36537 to the KEV Catalog<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1e46ef9 elementor-widget elementor-widget-text-editor\" data-id=\"1e46ef9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">On February 27, 2023, CISA added the R1Soft Server Backup Manager vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-36537\" target=\"_blank\" rel=\"noopener\">CVE-2022-36537<\/a> to the Known Exploitable Vulnerabilities database. This vulnerability allows an attacker to bypass authentication and even remotely execute code in R1Soft server software and its connected backup agents. It is currently being exploited by the attackers in the wild prompting the CISA to take notice of this and add it to the KEV list.<\/p><p dir=\"ltr\"><strong><span style=\"color: #000000;\">We had warned you about this threat in our last week\u2019s\u00a0<\/span><a href=\"\/securins-threat-intelligence-feb-20-2022-feb-24-2022\/\" target=\"_blank\" rel=\"noopener\">threat intelligence blog<\/a><span style=\"color: #000000;\">. We again urge users to patch this vulnerability as soon as possible.\u00a0<\/span><\/strong><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f4c9947 elementor-widget elementor-widget-spacer\" data-id=\"f4c9947\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d4d661 elementor-widget elementor-widget-menu-anchor\" data-id=\"7d4d661\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"the-very-active-rig-exploit-kit\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eba0fe2 elementor-widget elementor-widget-heading\" data-id=\"eba0fe2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">The Very Active RIG Exploit Kit <\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7aa875f elementor-widget elementor-widget-text-editor\" data-id=\"7aa875f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">RIG exploit kit was first released in 2014 and has been used as a malware distributor since then. It is a set of malicious JavaScript scripts embedded in compromised or malicious websites by the threat actors, which are then promoted through malvertising. The RIG kit was taken down in 2017 and most of its operations were halted. However, in 2019, RIG began ransomware distribution for Sodinokibi (REvil), Nemty, and ERIS ransomware. It also exploited <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0674\" target=\"_blank\" rel=\"noopener\">CVE-2020-0674<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-26411\" target=\"_blank\" rel=\"noopener\">CVE-2021-26411<\/a> in Internet Explorer to achieve this. Now, the RIG kit is found to be dropping the Redline information-stealer malware onto victims. It is targeting enterprise devices that still use Internet Explorer. The RIG exploit is also distributing Dridex, SmokeLoader, RaccoonStealer, Zloader, Truebot, and IcedID malware. Enterprises that use the outdated Internet Explorer browser should immediately switch to another browser to avoid falling victim to ransomware attacks.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b4390ba elementor-widget elementor-widget-spacer\" data-id=\"b4390ba\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bab2cb2 elementor-widget elementor-widget-menu-anchor\" data-id=\"bab2cb2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"ares-hacking-group-uses-kaiji-botnet-in-attacks\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f5d5d5c elementor-widget elementor-widget-heading\" data-id=\"f5d5d5c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Ares Hacking Group uses Kaiji Botnet in Attacks<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-410a773 elementor-widget elementor-widget-text-editor\" data-id=\"410a773\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">Kaiji is a botnet written in the GO language. It was discovered in 2020 and its variant is called Chaos. Recently, it was discovered that this botnet is related to Ares, a hacking group that rents botnets. Some of their popular botnets are\u00a0 Mirai, Moobot, and Lucifer. They\u2019ve been used to launch DDoS attacks and crypto-mining activities (by distributing XMRig). Chaos uses stolen SSH keys to infect vulnerable devices with brute force attacks. It can run on both Linux and Windows devices. Chaos establishes persistence and connects to an embedded command and control (C&amp;C) server. Next, it receives staging commands, such as to start propagation via known CVEs or SSH, or to begin IP spoofing. On infected Windows systems, the malware first creates a mutex by binding to a UDP port that it shields from analysis. If the binding fails, the malware exits its process. It also executes a number of commands to further comprise the infected device, launch DDoS attacks and mine crypto currency.\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b710b4a elementor-widget elementor-widget-spacer\" data-id=\"b710b4a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6106cb elementor-widget elementor-widget-menu-anchor\" data-id=\"b6106cb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"blacklotus-bypasses-uefi-secure-boot\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8823342 elementor-widget elementor-widget-heading\" data-id=\"8823342\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">BlackLotus Bypasses UEFI Secure Boot<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-164a95b elementor-widget elementor-widget-text-editor\" data-id=\"164a95b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">It was recently discovered that BlackLotus, a UEFI bootkit can bypass UEFI Secure Boot on fully updated systems. This is the first instance of a malware that can perform this action.\u00a0\u00a0<\/p><p dir=\"ltr\">BlackLotus exploits a security flaw <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21894\" target=\"_blank\" rel=\"noopener\">CVE-2022-21894<\/a> (aka Baton Drop) which allows arbitrary code execution during early boot phases, permitting a threat actor to carry out malicious actions on a system with UEFI Secure Boot enabled without having physical access to it. It also enables Bring Your Own Vulnerable Driver (BYOVD) attacks by bringing own copies of legitimate\u00a0 and vulnerable binaries to the system in order to exploit <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21894\" target=\"_blank\" rel=\"noopener\">CVE-2022-21894<\/a>. Validly signed binaries have still not been added to the UEFI revocation list which makes it possible for BlackLotus to carry out BYOVD attacks.\u00a0<\/p><p dir=\"ltr\">CVE-2022-21894 was\u00a0<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21894\" target=\"_blank\" rel=\"noopener\">fixed<\/a>\u00a0in Microsoft\u2019s January Patch Tuesday.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0371f6b elementor-widget elementor-widget-spacer\" data-id=\"0371f6b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb7c0c2 elementor-widget elementor-widget-heading\" data-id=\"fb7c0c2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b277a8a elementor-widget elementor-widget-spacer\" data-id=\"b277a8a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0deedfc elementor-widget elementor-widget-menu-anchor\" data-id=\"0deedfc\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"critical-flaws-in-wordpress\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0345e89 elementor-widget elementor-widget-heading\" data-id=\"0345e89\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Critical Flaws in WordPress<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0737983 elementor-widget elementor-widget-text-editor\" data-id=\"0737983\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-26545\" target=\"_blank\" rel=\"noopener\">CVE-2023-26540<\/a> and CVE-2023-26009 are vulnerabilities in the Houzez Theme plugin used in WordPress. The plugin is used primarily in real estate websites for easy listing management and customer experience enhancement.\u00a0<\/p><p dir=\"ltr\"><a href=\"https:\/\/patchstack.com\/database\/vulnerability\/houzez\/wordpress-houzez-theme-2-7-1-privilege-escalation\" target=\"_blank\" rel=\"noopener\">CVE-2023-26540<\/a>\u00a0(CVSS v3.1: 9.8) occurs because of a security misconfiguration in the plugin and allows privilege escalation to an unauthenticated attacker.<\/p><p dir=\"ltr\"><a href=\"https:\/\/patchstack.com\/database\/vulnerability\/houzez-login-register\/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation\" target=\"_blank\" rel=\"noopener\">CVE-2023-26009<\/a>\u00a0 (CVSS v3.1: 9.8) also allows unauthenticated attackers to perform privilege escalation on sites using the plugin.\u00a0<\/p><p dir=\"ltr\">PatchStack has fixed these vulnerabilities in the plugin versions 2.7.2 and higher.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1b3a6c1 elementor-widget elementor-widget-spacer\" data-id=\"1b3a6c1\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9596428 elementor-widget elementor-widget-menu-anchor\" data-id=\"9596428\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2022-38108-solarwinds-vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-118e0a7 elementor-widget elementor-widget-heading\" data-id=\"118e0a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2022-38108: SolarWinds Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36c1f26 elementor-widget elementor-widget-text-editor\" data-id=\"36c1f26\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">This vulnerability impacts SolarWinds Network Performance Monitor. It allows a remote,\u00a0 authenticated attacker to\u00a0 execute arbitrary code under the security context of SYSTEM by sending crafted requests to an affected server. It has been\u00a0<a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2022-38108\" target=\"_blank\" rel=\"noopener\">patched<\/a>\u00a0by SolarWinds.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a19ec9c elementor-widget elementor-widget-spacer\" data-id=\"a19ec9c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1632ffa elementor-widget elementor-widget-menu-anchor\" data-id=\"1632ffa\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"critical-vulnerabilities-in-cisco\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61ced82 elementor-widget elementor-widget-heading\" data-id=\"61ced82\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Critical Vulnerabilities in CISCO<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c4667f elementor-widget elementor-widget-text-editor\" data-id=\"3c4667f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CISCO\u00a0<a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ip-phone-cmd-inj-KMFynVcP\" target=\"_blank\" rel=\"noopener\">addressed<\/a>\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20078\" target=\"_blank\" rel=\"noopener\">CVE-2023-20078<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-20079\" target=\"_blank\" rel=\"noopener\">CVE-2023-20079<\/a> that impacts multiple IP Phone models.<\/p><ul dir=\"ltr\"><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20078\" target=\"_blank\" rel=\"noopener\">CVE-2023-20078:<\/a> Allows attackers to inject arbitrary commands that will be executed with root privileges.<\/li><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-20079\" target=\"_blank\" rel=\"noopener\">CVE-2023-20079:<\/a> Can be exploited to trigger denial-of-service (DoS) conditions.<\/li><\/ul><p dir=\"ltr\">Both these vulnerabilities are caused by insufficient validation of user-supplied input and can be exploited using maliciously crafted requests sent to the targeted device&#8217;s web-based management interface.<\/p><p dir=\"ltr\"><span style=\"color: #000000;\"><strong>Users of CISCO\u00a0 IP Phones should ensure that these vulnerabilities are patched immediately.<\/strong><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-634700b elementor-widget elementor-widget-spacer\" data-id=\"634700b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-b7735a5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b7735a5\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-c14f26d\" data-id=\"c14f26d\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ee17afe elementor-widget elementor-widget-spacer\" data-id=\"ee17afe\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dc3ccab elementor-widget elementor-widget-text-editor\" data-id=\"dc3ccab\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: center;\">Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.<\/p><p dir=\"ltr\" style=\"text-align: center;\"><strong>Leverage our expertise and manage your threats continuously to stay safe from attackers.\u00a0<\/strong><a href=\"https:\/\/webdev.securin.xyz\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Talk to Us!<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6f96ebb elementor-widget elementor-widget-spacer\" data-id=\"6f96ebb\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We bring you threats that are currently trending and new vulnerabilities that hackers are exploiting.<\/p>\n","protected":false},"author":1,"featured_media":13471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,146],"tags":[617,618,89,220,616,614,270,338,615,432],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15811"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=15811"}],"version-history":[{"count":22,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15811\/revisions"}],"predecessor-version":[{"id":17814,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/15811\/revisions\/17814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=15811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=15811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=15811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}