Cybersecurity Wiretap #16: From Worldwide BSOD Update to OpenSSH Exploits with Focus on Python Multi-stage Loader (week of 08/05/2024)

AndySvints · Posted on

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

1.CrowdStrike Falcon Sensor Update: Worldwide Blue Screen of Death (BSOD) Incident Update – II by @CyfirmaR

  • Malicious activities directed toward orgs grappling with disruptions & reduced security
  • Phishing campaigns to mimic CrowdStrike were launched

https://www.cyfirma.com/research/crowdstrike-falcon-sensor-update-worldwide-blue-screen-of-death-bsod-incident-update-ii-2/

2.OpenSSH RCE (CVE-2024-6387) : Vulnerability Analysis and Exploitation by @CyfirmaR

  • involves sophisticated race condition during authentication phase, allowing unauthenticated remote code execution with root privileges
  • impacts most Linux distributions

https://www.cyfirma.com/research/openssh-rce-cve-2024-6387-vulnerability-analysis-and-exploitation/

3.A Dive into Earth Baku’s Latest Campaign by @TrendMicro

  • uses public-facing apps like IIS servers as entry points, deploying malware toolsets such as Godzilla webshell, StealthVector, StealthReacher & SneakCross
  • uses MEGAcmd for data exfiltration

https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html

4.OpenSSH Vulnerabilities CVE-2024-6387 & CVE-2024-6409 Pose A Significant Security Risk by @Threatlabz

  • attackers exploit sshd’s signal handler race condition, manipulating heap memory layout, and executing remote code

https://www.zscaler.com/blogs/security-research/openssh-vulnerabilities-cve-2024-6387-cve-2024-6409-pose-significant

5.Ande Loader Leads to 0bj3ctivity Stealer Infection by @esthreat

  • phishing attack->user clicked on Discord CDN link containing malicious JavaScript with instructions to retrieve & execute additional payloads in the form of AES-encrypted PowerShell script

https://www.esentire.com/blog/ande-loader-leads-to-0bj3ctivity-stealer-infection

6.PureHVNC Deployed via Python Multi-stage Loader by #FORTIGUARD LABS

  • aimed at employees & posed as customer requesting service
  • email uses urgent language to deceive into clicking attachment, initiating series of harmful activities & deploying malware

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

7.The DigiCert DCV Bug: Implications and Industry Impact by @censysio

  • compliance issue due to bug in Domain Control Verification process. CA/B requires DigiCert to revoke affected certificates within 24 hours to maintain compliance as trusted CA

https://censys.com/the-digicert-dcv-bug-implications-and-industry-impact/

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.