Cybersecurity Wiretap #17: From U.S. Water Structure’s Vulnerability to CVE-2024-38856 Focus on Leaked Cloud Environment Variables (week of 08/012/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

1.Exploring the D3F@ck Malware-as-a-Service Loader by @esthreat

  • individual behind the orchestration of D3F@ck Loader & analysis of D3F@ck Loader samples and extensive list of indicators of compromise discovered during hunting process

https://www.esentire.com/blog/exploring-the-d3f-ck-malware-as-a-service-loader

2.Beyond the wail: deconstructing the BANSHEE infostealer by @elasticseclabs

  • targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat

https://www.elastic.co/security-labs/beyond-the-wail

3.CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz by @Threatlabz

  • vulnerabilities arise from flaw in override view functionality, which can be exploited by unauthorized threat actors through maliciously crafted requests, leading to RCE

https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz

4.ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts by #PaloAlto‘s #Unit42

  • compromise of GitHub repos & could lead to high-level access to cloud env via abuse of GitHub Actions artifacts generated as part of CI/CD workflows

https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/

5.Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments by #PaloAlto‘s #Unit42

  • leveraging exposed environment variable files that contained sensitive variables such as credentials belonging to various applications.

https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/

6.U.S. Water Structure’s Vulnerability to Cyber Attacks by @CyfirmaR

  • the key threats to water infrastructure, the potential consequences of cyberattacks, and the need for enhanced cybersecurity measures.

https://www.cyfirma.com/research/u-s-water-structures-vulnerability-to-cyber-attacks/

7.A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers by #FORTIGUARD LABS

  • multi-stage malware that can monitor & control, deploy arbitrary plugins to cause further damage •
  • heavy usage of shellcode to execute components directly in memory

https://www.fortinet.com/blog/threat-research/valleyrat-campaign-targeting-chinese-speakers

Thanks a lot for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.