Black Hat USA 2023 – Announcements Summary

Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas.

The post Black Hat USA 2023 – Announcements Summary appeared first on SecurityWeek.

Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe

New SystemBC Malware Variant Targets South African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation's critical infrastructure," Kurt Baumgartner, principal security researcher at

CVE-2023-33242 allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol

The security of digital wallets has never been more critical, with cryptocurrencies enjoying unprecedented adoption worldwide. In this realm, a recent discovery by Fireblocks’ research team has unmasked a chilling vulnerability that has set...

The post CVE-2023-33242 allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol appeared first on Penetration Testing.

India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation

Indian lawmakers approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.

The post India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation appeared first on SecurityWeek.

Spyware maker LetMeSpy shuts down a month after suffering a breach

Recently, LetMeSpy, the manufacturer of espionage software used for monitoring Android devices, issued a notice on its official website stating that, due to prior cyberattacks, for security considerations, it will cease offering its services...

The post Spyware maker LetMeSpy shuts down a month after suffering a breach appeared first on Penetration Testing.

PoC released for CVE-2023-26067 flaw in Lexmark Printers

Horizon3 security researchers have released proof-of-concept (PoC) code for a critical privilege escalation vulnerability (CVE-2023-26067) in Lexmark printers. This vulnerability has a CVSS score of 8.0 and could allow an attacker to gain elevated...

The post PoC released for CVE-2023-26067 flaw in Lexmark Printers appeared first on Penetration Testing.

MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs

MoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks.

The post MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs appeared first on SecurityWeek.

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log […]

The post Gafgyt botnet is targeting EoL Zyxel routers appeared first on Security Affairs.

CVE-2023-33241 allows an attacker to extract a full private key from wallet using the GG18 and GG20 protocols

The cybersecurity landscape is ever-changing, and vulnerabilities can emerge in even the most secure of systems. Such is the case with the CVE-2023-33241 vulnerability, a critical security flaw that has recently been discovered in...

The post CVE-2023-33241 allows an attacker to extract a full private key from wallet using the GG18 and GG20 protocols appeared first on Penetration Testing.

Charming Kitten APT is targeting Iranian dissidents in Germany

Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country. The Federal Office for the Protection of the Constitution (BfV) is warning that an alleged nation-state actor targeted Iranian dissident organizations and individuals in the country. The intelligence agency attributes the attack […]

The post Charming Kitten APT is targeting Iranian dissidents in Germany appeared first on Security Affairs.

Dissect: The Open-Source Framework for Large-Scale Host Investigations

dissect Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artifacts from various disk and file formats, developed by Fox-IT (part of NCC...

The post Dissect: The Open-Source Framework for Large-Scale Host Investigations appeared first on Penetration Testing.

15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47379 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It

CobaltStrike BOF: spawn Beacons using DLL Application Directory Hijacking

DropSpawn DropSpawn is a CobaltStrike BOF used to spawn additional Beacons via a relatively unknown method of DLL hijacking. Works x86-x86, x64-x64, and x86-x64/vice versa. Use as an alternative to process injection. Windows executables...

The post CobaltStrike BOF: spawn Beacons using DLL Application Directory Hijacking appeared first on Penetration Testing.

Microsoft Expands Cloud Security Posture Management to Google Cloud

Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix.

What's in New York's 'First Ever' Cyber Strategy?

Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.

NSA: Codebreaker Challenge Helps Drive Cybersecurity Education

The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.

Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, […]

The post Statc Stealer, a new sophisticated info-stealing malware appeared first on Security Affairs.

Rhysida Ransomware Trains Its Sights on Healthcare Operations

The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.

CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain

Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

Threat actors used SugarCRM's zero-day CVE-2023-22952 and cloud account misconfigurations to access credentials. We offer prevention advice.

The post When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability appeared first on Unit 42.

Dell Credentials Bug Opens VMWare Environments to Takeover

Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.

Gafgyt malware exploits five-years-old flaw in EoL Zyxel router

Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks.

The malware targets CVE-2017-18368, a critical severity (CVSS v3: 9.8) unauthenticated command injection vulnerability in the device's Remote System Log forwarding function, which was patched by Zyxel in 2017.

Zyxel previously highlighted the threat from the then-new Gafgyt variant in 2019, urging users still using an outdated firmware version to upgrade to the latest release to protect their devices from takeover.

However, Fortinet continues to see an average of 7,100 attacks per day since the beginning of July 2023, with the volume of attacks continuing today.

"[As of] Aug 7, 2023, FortiGuard Labs continue to see attack attempts targeting the 2017 vulnerability and has blocked attack attempts of over thousands of unique IPS devices over the last month," reads a new Fortinet outbreak alert released today.

Attempts to exploit CVE-2017-18368 in Zyxel routers
Source: Fortinet

It is unclear what portion of the observed attack attempts resulted in successful infections. However, the activity has remained at a steady volume since July.

CISA also warned this week about the active exploitation of CVE-2017-18368 in the wild, adding the flaw to its catalog of known exploited vulnerabilities.

The cybersecurity agency now requires federal agencies to patch the Zyxel vulnerability by August 28th, 2023.

In response to the exploitation outbreak, Zyxel updated its security advisory, reminding customers that CVE-2017-18363 only impacts devices running firmware versions 7.3.15.0 v001/3.40(ULM.0)b31 or older.

P660HN-T1A routers running the latest firmware version made available in 2017 to remediate the flaw, version 3.40(BYF.11), are not impacted by these attacks.

However, the vendor highlights that the device has reached end-of-life and is no longer supported, so switching to a newer model would be wise.

"Please note that the P660HN-T1A reached end-of-life several years ago; therefore, we strongly recommend that users replace it with a newer-generation product for optimal protection," warns Zyxel.

Common signs of botnet infections on routers include unstable connectivity, device overheating, sudden configuration changes, unresponsiveness, atypical network traffic, opening up of new ports, and unexpected reboots.

If you suspect a compromise from botnet malware, perform a factory reset, update your device firmware to the latest version, and change the default admin user credentials.

Also, it advised that you disable the remote administration panel and only manage the devices from your internal network.

Cyber Insurance Experts Make a Case For Coverage, Protection

At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage — and the risk of doing without.