Cybersecurity Newsletter

                December 11, 2023

            Cybersecurity Newsletter 

                Dec 11th 2023

            In this week’s news: Bluetooth vuln allows keyboard and other hacks, two critical vulns found in a filesharing solution, 8 process injection techniques allow EDR bypass, Service Provider HTC is breached, Hackers breach US water utility through PLC, Nissan discloses breach in Aus, and another ColdFusion vulnerability.

Thanks for reading Bagheera’s Newsletter! Subscribe for free to receive new posts and support my work.

Can we hack your keyboard? CVE-2023-45866: A Critical Bluetooth Security Flaw, allows remote escalation of privileges without additional execution privileges or user interaction:
https://www.thefinalhop.com/understanding-cve-2023-45866-a-critical-bluetooth-security-flaw/

https://github.com/skysafe/reblog/tree/main/cve-2023-45866
After filesharing solution MoveIT’s a few months ago, we should pay close attention to two critical CVE’s in OwnCloud:
https://www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users. Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and financial information to blackmail them, and in the end gain their funds”:
https://thehackernews.com/2023/12/spyloan-scandal-18-malicious-loan-apps.html
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems:
https://thehackernews.com/2023/12/new-poolparty-process-injection.html
IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries:
https://www.bleepingcomputer.com/news/security/htc-global-services-confirms-cyberattack-after-data-leaked-online/
In a recent revelation by Akamai security researchers, a chink in the armor of DNS security has been exposed. This vulnerability, resulting from exploiting DHCP DNS Dynamic Updates, opens the door for attackers to engage in the deceptive art of DNS record spoofing:
https://gbhackers.com/active-directory-dns-spoofing-exploit/
Fact Sheet on Russian APT:
https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet
MrAnon Stealer is capable of stealing data and gathering information from cryptocurrency wallets, browsers, messaging apps and VPN clients. Cybersecurity researchers at FortiGuard Labs have created a new email phishing campaign exploiting false hotel reservations to lure unsuspecting victims. The phishing attack involves the deployment of a malicious PDF file that, once opened, unleashes a chain of events leading to the activation of the MrAnon Stealer malware:
https://www.hackread.com/phishing-fake-hotel-reservation-scam-mranon-stealer/
Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information:
https://www.helpnetsecurity.com/2023/12/04/booking-com-hotel-booking-scam/
CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs:
https://cyber.vumetric.com/security-news/2023/12/04/cyberav3ngers-hit-unitronics-plcs-at-multiple-us-based-water-facilities/
Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared:
https://www.helpnetsecurity.com/2023/12/06/cve-2023-26360-government-servers/
Nissan discloses cyber incident in Australia and NZ. The company said in a statement overlaid on its homepage that the “Australian and New Zealand Nissan Corporation and Financial Services advises that its systems have been subject to a cyber incident.”:
https://www.itnews.com.au/news/nissan-discloses-cyber-incident-in-australia-and-nz-603212
Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal law enforcement and launched an investigation into the incident with the help of a leading forensic security provider:
https://securityaffairs.com/155495/data-breach/norton-healthcare-ransomware-attack.html
This one is interesting to anyone who has spent time finding secrets in js files: Short-term AWS access tokens allow attackers to linger for a longer while:
https://www.helpnetsecurity.com/2023/12/07/aws-access-tokens-abuse/
New RCE vulnerability in Apache Struts 2:
https://www.helpnetsecurity.com/2023/12/08/cve-2023-50164/
Apk.sh , a tool to reverse engineer android apps has a new release:
https://github.com/ax/apk.sh

                Don't miss what's next. Subscribe to BagheeraAltered's CyberSecurity Newsletter: