{"id":16593,"date":"2023-03-24T07:35:36","date_gmt":"2023-03-24T14:35:36","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=16593"},"modified":"2023-04-27T08:42:00","modified_gmt":"2023-04-27T15:42:00","slug":"securins-threat-intelligence-mar-20-2023-mar-24-2023","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/securins-threat-intelligence-mar-20-2023-mar-24-2023\/","title":{"rendered":"Securin&#8217;s Threat Intelligence: Mar 20, 2023 &#8211; Mar 24, 2023"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"16593\" class=\"elementor elementor-16593\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-02c8318 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"02c8318\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ddbe16e\" data-id=\"ddbe16e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a3fa264 elementor-widget elementor-widget-text-editor\" data-id=\"a3fa264\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"line-height: 1.8; background-color: #ffffff; margin-top: 0pt; margin-bottom: 0pt; padding: 0pt 0pt 4pt; text-align: left;\"><span style=\"font-weight: 400;\">This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d81a1c5 elementor-widget elementor-widget-heading\" data-id=\"d81a1c5\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Why play catch up when you can fix this now?<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f513b4 elementor-widget elementor-widget-spacer\" data-id=\"0f513b4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06e09ce elementor-widget elementor-widget-heading\" data-id=\"06e09ce\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d7532f9 elementor-widget elementor-widget-text-editor\" data-id=\"d7532f9\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#enhanced-capabilities-of-the-chaos-malware\">Enhanced Capabilities of the Chaos Malware<\/a><\/li><li><a href=\"#new-botnet-hinata\">New Botnet: Hinata<\/a><\/li><li><a title=\"Qakbot\" href=\"#qakbot-onenote\">QakBot&#8217;s Latest Campaign Exploits Onenote<\/a><\/li><li><a href=\"#unc961-new-threat -actor-with-financial-motives\"><span style=\"font-weight: 400;\">UNC961: New Threat Actor with Financial Motives<\/span><\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45e16b3 elementor-widget elementor-widget-heading\" data-id=\"45e16b3\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78d7bb2 elementor-widget elementor-widget-text-editor\" data-id=\"78d7bb2\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li><a href=\"#cve-2023-0179-linux-vulnerability\">CVE-2023-0179: Linux Vulnerability<\/a><\/li><li><a href=\"#android-zero-day\">Android Zero-Days<\/a><\/li><li><a href=\"#cve-2023-0391\">CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability<\/a><\/li><li><a href=\"#cve-2023-23397\">CVE-2023-23397: Microsoft Outlook Vulnerability<\/a><\/li><li><a href=\"#netgear\">PoC Released for Netgear Vulnerabilities<\/a><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c5581d4 elementor-widget elementor-widget-spacer\" data-id=\"c5581d4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1272e27 elementor-widget elementor-widget-heading\" data-id=\"1272e27\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Trending Threats<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d252bc8 elementor-widget elementor-widget-menu-anchor\" data-id=\"d252bc8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"enhanced-capabilities-of-the-chaos-malware\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13dc0cf elementor-widget elementor-widget-heading\" data-id=\"13dc0cf\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Enhanced Capabilities of the Chaos Malware<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55db5e8 elementor-widget elementor-widget-text-editor\" data-id=\"55db5e8\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>As seen before, Chaos is a Go-based malware and a variant of Kaiji botnet malware. It is being used as a ransomware strain, a remote access trojan (RAT), and also a DDoS malware variant. There have been wide sightings of multiple variants of this malware in the wild. It is constantly upgraded with the threat actors trying to develop a variant that persists even after a container reboot. Thus far, the malware is powerful in terms of persistence but is unable to survive a container reboot. Chaos is deployed in devices that are compromised after exploiting <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-17215\" target=\"_blank\" rel=\"noopener\">CVE-2017-17215<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30525\" target=\"_blank\" rel=\"noopener\">CVE-2022-30525<\/a>, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-1388\" target=\"_blank\" rel=\"noopener\">CVE-2022-1388<\/a>. To avoid falling victim to Chaos, users are recommended to patch the mentioned vulnerabilities.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b086a7 elementor-widget elementor-widget-spacer\" data-id=\"2b086a7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9178bd6 elementor-widget elementor-widget-menu-anchor\" data-id=\"9178bd6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"new-botnet-hinata\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7595659 elementor-widget elementor-widget-heading\" data-id=\"7595659\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">New Botnet: Hinata<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e72d174 elementor-widget elementor-widget-text-editor\" data-id=\"e72d174\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Hinata is a new malware botnet that is targeting\u00a0 Realtek SDK, Huawei routers, and Hadoop YARN servers. It is used by threat actors to launch powerful DDoS attacks. It is even capable of\u00a0 sending HTTP packets of size range between 484 and 589 bytes. The UDP packets generated by HinataBot are particularly large (65,549 bytes) and consist of null bytes capable of overwhelming the target with a large traffic volume. Hinata may be based on the Mirai botnet and is developed using the Go language. This malware was discovered exploiting old CVEs such as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8361\" target=\"_blank\" rel=\"noopener\">CVE-2014-8361<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2017-17215\" target=\"_blank\" rel=\"noopener\">CVE-2017-17215<\/a>. <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8361\" target=\"_blank\" rel=\"noopener\">CVE-2014-8361<\/a> is a vulnerability in the Realtek SDK that can be exploited to perform\u00a0 arbitrary code execution. It has 7 publicly exposed exploits. Given below is the timeline of the CVE. From this, we can see that our analysis tool marked this as highly exploitable in Dec 2017 itself.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aa7d5d6 elementor-widget elementor-widget-text-editor\" data-id=\"aa7d5d6\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2017-17215\" target=\"_blank\" rel=\"noopener\">CVE-2017-17215<\/a> is a vulnerability in Huawei HG532.\u00a0 An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-75ba9d4 elementor-widget elementor-widget-text-editor\" data-id=\"75ba9d4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Our ML based analytical tool has been mapping the exploits of this CVE. The predictive VRS of this vulnerability has been continuously at the highest range since Jul 2020.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c9ce26a elementor-widget elementor-widget-spacer\" data-id=\"c9ce26a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3066a66 elementor-widget elementor-widget-menu-anchor\" data-id=\"3066a66\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"qakbot-onenote\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18a6f13 elementor-widget elementor-widget-heading\" data-id=\"18a6f13\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">QakBot's Latest Campaign Exploits OneNote<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b29d5a4 elementor-widget elementor-widget-text-editor\" data-id=\"b29d5a4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Following the exploitation of the Mark-of-the-Web vulnerability (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41091\" target=\"_blank\" rel=\"noopener\">CVE-2022-41091<\/a>), Microsoft had blocked Excel-4 and VBA macros downloaded from unknown sources on the internet. The threat actors behind QakBot found a way to bypass this restriction by using OneNote attachments with malicious files. In the latest phishing campaign, OneNote attachments were initially embedded with HTML Application (.HTA) files, capable of executing JavaScript, Jscript and VBScript. They were then used to deploy malware samples and further exploit the compromised systems.\u00a0<\/p><p>QakBot&#8217;s campaign is a reminder for us to verify the legitimacy of emails and attachments before downloading them onto our devices.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a1d5095 elementor-widget elementor-widget-spacer\" data-id=\"a1d5095\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a5bf52a elementor-widget elementor-widget-menu-anchor\" data-id=\"a5bf52a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"unc961-new-threat-actor-with-financial-motives\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06c66b0 elementor-widget elementor-widget-heading\" data-id=\"06c66b0\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">UNC961: New Threat Actor with Financial Motives<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e7d4b37 elementor-widget elementor-widget-text-editor\" data-id=\"e7d4b37\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">A new threat actor tracked as UNC961 was found targeting organizations between December 2021 and July 2022. They were exploiting internet-facing servers and vulnerabilities for which the exploits were already publicly available. One of their famous exploits is the Log4Shell (<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2021-44228<\/span><\/a><span style=\"font-weight: 400;\">) vulnerability. UNC961 has also targeted Atlassian Confluence (<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-26084\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2021-26084<\/span><\/a><span style=\"font-weight: 400;\">), Citrix ADC (<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2019-19781\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2019-19781<\/span><\/a><span style=\"font-weight: 400;\">), Oracle WebLogic (<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-14750\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2020-14750<\/span><\/a><span style=\"font-weight: 400;\">), Gitlab (<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2021-22205<\/span><\/a><span style=\"font-weight: 400;\">). After initial access was achieved, they exfiltrated sensitive data, including network reconnaissance and credential information that could be sold or used in support of follow-on missions. The attacks were usually followed by MAZE and EGREGOR ransomware deployments. The threat actors seem financially motivated and are also going for low-hanging fruits in terms of exploits.\u00a0<\/span><\/p><p><span style=\"font-weight: 400;\">All the above mentioned vulnerabilities have patches and organizations should ensure that they are applied.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f99739b elementor-widget elementor-widget-spacer\" data-id=\"f99739b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0937f84 elementor-widget elementor-widget-heading\" data-id=\"0937f84\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vulnerabilities to Watch Out For<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ba4d590 elementor-widget elementor-widget-menu-anchor\" data-id=\"ba4d590\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-0179-linux-vulnerability\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77b0b26 elementor-widget elementor-widget-heading\" data-id=\"77b0b26\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-0179: Linux Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32bb1a4 elementor-widget elementor-widget-text-editor\" data-id=\"32bb1a4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-0179\" target=\"_blank\" rel=\"noopener\">CVE-2023-0179<\/a> is a local privilege escalation vulnerability in the Linux kernel. An attacker can exploit this vulnerability to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems. A proof of concept has also been released for this vulnerability. Ubuntu has <a href=\"https:\/\/ubuntu.com\/security\/CVE-2023-0179\" target=\"_blank\" rel=\"noopener\">patched<\/a> this CVE in the latest release.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f14a2e elementor-widget elementor-widget-spacer\" data-id=\"2f14a2e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0b003e elementor-widget elementor-widget-menu-anchor\" data-id=\"e0b003e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"android-zero-day\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-94e622e elementor-widget elementor-widget-heading\" data-id=\"94e622e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Android Zero-Days\n<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34d7581 elementor-widget elementor-widget-text-editor\" data-id=\"34d7581\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">4 new vulnerabilities have been discovered in the special mobile phone networking firmware that runs on the phone\u2019s baseband chip. An attacker can break into the phone network system as well as the phone&#8217;s main operating system to control it. One of the bugs is tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-24033\" target=\"_blank\" rel=\"noopener\">CVE-2023-24033<\/a> and could allow remote code execution without user interaction.\u00a0<\/p><p dir=\"ltr\">Google has fixed these bugs in the <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/pixel\/2023-03-01\" target=\"_blank\" rel=\"noopener\">latest update<\/a> and recommends users to apply it immediately.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0ccb4d elementor-widget elementor-widget-spacer\" data-id=\"d0ccb4d\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-62da92e elementor-widget elementor-widget-menu-anchor\" data-id=\"62da92e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-0391\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8722c2b elementor-widget elementor-widget-heading\" data-id=\"8722c2b\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a16c352 elementor-widget elementor-widget-text-editor\" data-id=\"a16c352\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p dir=\"ltr\">CloudPanel has 3 issues reported in its software. The first issue is regarding the authenticity verification of the installation script provided by the vendor. Since it is not properly verified, an attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.<\/p><p dir=\"ltr\">The second bug allows the installer to overwrite local firewall rules and use an excess number of allowed inputs during setup.<\/p><p dir=\"ltr\">The third issue, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-0391\" target=\"_blank\" rel=\"noopener\">CVE-2023-0391<\/a> in the CloudPanel software allows all installations to share the same SSL certificate private key which the attackers can use to gain access to the victim\u2019s account.\u00a0<\/p><p dir=\"ltr\">The firewall bug and the private key bug can be chained together and exploited to take over new CloudPanel instances as they are being deployed.\u00a0<\/p><p dir=\"ltr\"><b>CloudPanel is yet to address these issues and release fixes.<\/b><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-24afe3e elementor-widget elementor-widget-menu-anchor\" data-id=\"24afe3e\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"cve-2023-23397\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9ba361 elementor-widget elementor-widget-spacer\" data-id=\"a9ba361\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cfc7b3a elementor-widget elementor-widget-heading\" data-id=\"cfc7b3a\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">CVE-2023-23397: Microsoft Outlook Vulnerability\n<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5d6d67 elementor-widget elementor-widget-text-editor\" data-id=\"b5d6d67\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">The Microsoft zero-day vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23397\" target=\"_blank\" rel=\"noopener\">CVE-2023-23397<\/a> is a cause for concern as it is very easy to exploit. Moreover, it allows the hackers access to Net-NTLMv2 hashes, which enable authentication in Windows environments. Attackers can use this to authenticate themselves as the victims, escalate privileges, or further compromise the environment. This vulnerability impacts all supported versions of Microsoft Outlook for Windows including the locally installed Outlook from M365. Other versions of Microsoft Outlook such as Android, iOS, Mac as well as Outlook on the web and other M365 services on the web are not affected.<\/span><\/p><p><b>Users need to immediately <\/b><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-23397\" target=\"_blank\" rel=\"noopener\"><b>patch<\/b><\/a><b> this vulnerability if they use Microsoft Outlook for emails and calendar.<\/b><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9d989b7 elementor-widget elementor-widget-spacer\" data-id=\"9d989b7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ffe7f39 elementor-widget elementor-widget-menu-anchor\" data-id=\"ffe7f39\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"netgear\"><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a7f37f7 elementor-widget elementor-widget-heading\" data-id=\"a7f37f7\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">PoC Released for Netgear Vulnerabilities\n<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-56a2c59 elementor-widget elementor-widget-text-editor\" data-id=\"56a2c59\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"font-weight: 400;\">Proof-of-concept exploits for 4 vulnerabilities in Netgear\u2019s Orbi 750 series router and extender satellites have been released.\u00a0<\/span><\/p><p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-37337\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2022-37337<\/span><\/a><span style=\"font-weight: 400;\"> is a remotely exploitable command execution vulnerability in the access control functionality of the Netgear Orbi router. An attacker can exploit publicly accessible admin consoles by sending a specially-crafted HTTP request to the vulnerable router to execute arbitrary commands on the device.<\/span><\/p><p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38452\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2022-38452<\/span><\/a><span style=\"font-weight: 400;\"> is a high-severity remote command execution vulnerability in the router\u2019s telnet service. The flaw\u2019s exploitation requires valid credentials and a MAC address.\u00a0<\/span><\/p><p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-36429\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2022-36429<\/span><\/a><span style=\"font-weight: 400;\">, a high-severity command injection in the backend communications functionality of the Netgear Orbi Satellite, which links to the router to extend the network coverage. An attacker can exploit this flaw by sending a sequence of specially-crafted JSON objects to the device. However, retrieving an admin token is required for the attack to work.<\/span><\/p><p><span style=\"font-weight: 400;\">\u00a0<\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38458\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">CVE-2022-38458<\/span><\/a><span style=\"font-weight: 400;\">, a cleartext transmission problem impacting the Remote Management functionality of the Netgear Orbi router, enabling man-in-the-middle attacks that can lead to sensitive information disclosure.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fda4b9f elementor-widget elementor-widget-spacer\" data-id=\"fda4b9f\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5661ac2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5661ac2\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-12cd24e\" data-id=\"12cd24e\" data-element_type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6a79af4 elementor-widget elementor-widget-spacer\" data-id=\"6a79af4\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f8edd1c elementor-widget elementor-widget-text-editor\" data-id=\"f8edd1c\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: center;\"><strong><span style=\"color: #000000;\">Follow our weekly blog and podcast to get proactive alerts on trending threats.<\/span><\/strong><\/p><p style=\"text-align: center;\"><strong>Leverage our expertise and manage your threats continuously to stay safe from attackers. <\/strong><a href=\"\/contact-us\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Talk to Us!<\/span><\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-56b9a97 elementor-widget elementor-widget-spacer\" data-id=\"56b9a97\" data-element_type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We bring you threats that are currently trending as well as new vulnerabilities that hackers are exploiting.<\/p>\n","protected":false},"author":1,"featured_media":13471,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,146],"tags":[624,570,655,656,116,657,658,108],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/16593"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=16593"}],"version-history":[{"count":92,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/16593\/revisions"}],"predecessor-version":[{"id":17477,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/16593\/revisions\/17477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/13471"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=16593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=16593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=16593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}