Week 26, June 26-July 2, 2023
Week 26, June 26-July 2, 2023. Cybersecurity Weekly Updates.
This week in the world of cybersecurity:
The ‘Rustbucket’ malware variant has been specifically targeting macOS users, making the Apple user community a little less at ease. Meanwhile, the Mockingjay process injection technique has emerged as a new threat, potentially allowing malware to evade traditional detection systems, elevating the stakes for cybersecurity professionals worldwide. On the global stage, the notorious North Korean hacker group, Andariel, has made its presence felt with a fresh malware called EarlyRat, further underlining the geopolitical implications of cyber threats.
On a different note, the 8Base Ransomware has surged in activity, posing an alarming risk to businesses in the U.S and Brazil. This reinforces the urgency to tighten cybersecurity measures across organizational infrastructures. In relation to WordPress, hackers have been exploiting an unpatched plugin flaw to create secret admin accounts, adding another layer of concern for website administrators. Alongside this, a critical security flaw in the Social Login Plugin CVE-2023-2982 (CVSS score: 9.8) for WordPress has been exposed, potentially putting countless user accounts at risk. This marks an urgent call to action for WordPress and its user base to address these vulnerabilities.
In the realm of database security, critical SQL Injection flaws are exposing Gentoo Soko to remote code execution, underscoring the necessity of robust database security practices. Lastly, to aid cybersecurity efforts, MITRE has unveiled its top 25 most dangerous software weaknesses of 2023, offering valuable insights to software developers and security professionals alike. Stay vigilant, stay safe!
Common Vulnerabilities and Exposures (CVEs)
This section highlights some CVEs with CVSS score classified as critical.
CVE-2023-31746
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.
CVE-2023-3249
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
Recent Tools and Techniques
These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.
Burp Suite Extension to find DNS Vulnerabilities in Web Applications
DNS Analyzer is a Burp Suite extension designed to aid in the discovery of DNS vulnerabilities in web applications. This tool can be compiled and installed as a precompiled JAR from its releases, or built via the fatJar Gradle task on either Linux or Windows.
Ninja UUID Shellcode Runner for x64 Windows 10
This is a tool designed for execution of shellcode within a Windows 10 x64 environment. It employs techniques such as Module Stomping and HellsGate syscaller to run the shellcode without creating new threads, thus enhancing its stealth capabilities. The tool now supports running Cobalt Strike stageless beacon payloads, adding to its versatility and practical application in penetration testing environments.
Backdoor Control Tool for PHP Websites
HIPHP is a tool designed to provide users with the ability to control PHP-based websites using HTTP/HTTPS protocol. By utilizing port 80 POST/GET method, this backdoor tool enables the sending of files, tokens, and commands, facilitating a variety of activities such as downloading and editing files. Additionally, HIPHP supports connections to Tor networks and incorporates password protection to augment its security features.
That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.
To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.
