InfoSec Weekly
July 10, 2023
Table Of Contents
40,000+ Fall Victim To SSL Certified Phishing Pages
Description
A phishing campaign affected over 40,000 victims in which the scammers used the Salesforce email service to send emails impersonating Facebook. The email directs recipients to click on a phishing link that appears to be from Meta. After clicking the link, victims are taken to a fake website that looks like Facebook or Meta and claims their profile has been marked for questionable conduct and offers an appeal option. The appeal page is equipped with a form where the phishing attack takes place. The page looks legitimate as it has an SSL certification issued by Google Trust Service LLC but is indeed a malicious page made to steal Personally Identifiable Information (PII). The phishing pages in these campaigns also mimicked other well-known brands like Dropbox Business, Microsoft Outlook, and SharePoint, aiming to collect user login credentials. All the phishing pages involved had EmailJS API used by hackers to send information they had gathered, such as complete identities, login email addresses, phone numbers, passwords, and MFA codes.
Infected Technology
Meta, Dropbox Business, Microsoft Outlook, and SharePoint
Source
https://cybersecuritynews.com/facebook-phishing-attack-chain/
Recommendation
• Be on the lookout for domains listed here and cross check when in doubt before giving out personal information on any type of website.
• Do not open attachments or click links in emails or websites that seem suspicious.
• Emails from unknown senders should be avoided, especially if they include strangely alarming or urgent requests.
• To further strengthen account security, use two-factor authentication.
• Educate yourself and colleagues on the most recent phishing scams and how to avoid them.
Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Description
Progress Software has discovered and patched a critical SQL injection vulnerability, identified as CVE-2023-36934, in its popular MOVEit Transfer software, which is used for secure file transfer. This vulnerability could potentially allow unauthorized access to the MOVEit Transfer database by unauthenticated attackers. The exploit is particularly concerning as it can be carried out without valid credentials. However, no active exploitation of this vulnerability has been reported thus far. In addition to addressing CVE-2023-36934, Progress Software has also patched two other high-severity vulnerabilities: CVE-2023-36932, a SQL injection flaw that requires attackers to be logged in, and CVE-2023-36933, which allows attackers to unexpectedly shut down the MOVEit Transfer program. These vulnerabilities affect various versions of MOVEit Transfer, and users are strongly advised to update to the latest version to mitigate the risks associated with these vulnerabilities.
Infected Technology
MOVEit Transfer software
Source
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html
Recommendation
• Apply the latest security update provided by Progress Software. • Implement strong access controls, including strong passwords and multi-factor authentication. • Update MOVEit Transfer to the latest version
Beware of Two Spyware Apps on Google Play: 15 Million Users at Risk
Description
Two file management apps available on the Google Play Store, File Recovery and Data Recovery, and File Manager, have been identified as spyware, potentially jeopardizing the privacy and security of up to 1.5 million Android users. Pradeo, a leading mobile security company, discovered that these apps engage in deceptive behavior by secretly sending sensitive user data to malicious servers in China. Despite claiming on the Google Play Store that no data is collected, Pradeo’s investigation revealed that the spyware apps collect various personal information without user consent, including contact lists, media files, real-time location, network details, and device information. The apps also employ advanced techniques to appear more legitimate and difficult to uninstall, such as artificially increasing download numbers and hiding their icons on the home screen.
Infected Technology
Android Devices
Source
https://thehackernews.com/2023/07/two-spyware-apps-on-google-play-with-15.html
Recommendation
• Conduct a thorough review of installed apps and promptly remove any unfamiliar or suspicious applications
330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw
Description
No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild.Cybersecurity firm Bishop Fox, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997 (CVSS score: 9.8), also called XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN appliances that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Infected Technology
FortiOS, FortiProxy appliances
Source
https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.html
Recommendation
• Update to the latest version
CVE ID
CVE-2023-27997
New Linux Kernel ‘StackRot’ Privilege Escalation Vulnerability
Description
Dubbed StackRot security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. The flaw is essentially rooted in a data structure called maple tree, which was introduced in Linux kernel 6.1 as a replacement for red-black tree (rbtree) to manage and store virtual memory areas (VMAs), a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution.. Maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging.
Infected Technology
• Linux Kernel from 6.1 to 6.4
Source
https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html
Recommendation
• Use updated version of linux system
Ready to get started?
Don’t let the attacker get the upper hand – protect your services with our expertise. Contact us now and stay ahead of the game.
Contact Us