Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.
CVE-2024-29510 – Exploiting Ghostscript using format strings by @CodeanIO
- impact on web-apps & other services offering doc conversion & preview that use Ghostscript under the hood
- can be exploited to bypass the
-dSAFER
sandbox & gain code execution
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/
Exploring the Infection Chain: ScreenConnect’s Link to AsyncRAT Deployment by @esthreat
- by deceiving users into downloading ScreenConnect via misleading websites, attackers gained remote access & deployed AsyncRAT
A Brief History of SmokeLoader, P2 by @Threatlabz
- overview of SmokeLoader’s development from 2015 to 2022, where the malware continued to update its algorithms and improve anti-analysis techniques
https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-2
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability by #PaloAlto‘s #Unit42
- critical signal handler race condition vulnerability in sshd on glibc-based Linux systems
- this vuln can result in unauthenticated RCE with root privileges
https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective by @TrendMicro
- exploit Jenkins vulns to run scripts that can download & execute miner binary and maintain persistence using cron jobs and systemd-run utilities
Mekotio Banking Trojan Threatens Financial Systems in Latin America by @TrendMicro
- typically arrives via emails from tax agencies alleging that the user has unpaid tax obligations
- upon execution it gathers system info & establishes connection with C&C
https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html
Kematian-Stealer : A Deep Dive into a New Information Stealer by @CyfirmaR
- newly emerging info stealer actively developed on GitHub and disseminated as open-source
- downloads and executes additional scripts and payloads directly into memory.
https://www.cyfirma.com/research/kematian-stealer-a-deep-dive-into-a-new-information-stealer/
Thanks a lot for reading.