04-Sep-23: In Security News Today

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

An unknown threat actor has been observed exploiting high-severity vulnerabilities in the MinIO storage system to achieve unauthorized code execution on servers. The vulnerabilities, CVE-2023-28432 and CVE-2023-28434, can expose sensitive information and facilitate remote code execution. The attacker leveraged a publicly available exploit chain to backdoor the MinIO instance and replace the authentic binary with a malicious version, effectively compromising the system.

Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

Chinese-speaking cybercriminals known as the Smishing Triad have launched a large-scale smishing campaign in the U.S. The campaign involves sending iMessages from compromised Apple iCloud accounts to conduct identity theft and financial fraud. The cybercrime group offers ready-to-use smishing kits via Telegram and uses breached Apple iCloud accounts to send package delivery failure messages, prompting recipients to enter their credit card information in a fake form. Resecurity’s analysis revealed an SQL injection vulnerability that allowed them to retrieve over 108,044 records of victims’ data.

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

Vietnamese cybercriminals are using malvertising on social media platforms, particularly Facebook, to distribute malware. These cybercriminals are targeting Facebook Business accounts, hijacking them for malicious purposes. They employ various methods, including social engineering, search engine poisoning, and the abuse of URL shortener services and legitimate cloud services. The malware used, known as Ducktail, steals saved session cookies from browsers and is specifically tailored to take over Facebook business accounts. The attackers continue to evolve their tactics, experimenting with different techniques to increase complexity and evade detection.

Emerging Threats in Social Media and an Update on DUCKTAIL Operation

This report discusses the current and emerging threats in Meta’s ad ecosystem, particularly originating from Vietnam. It also provides an update on the DUCKTAIL operation, a malware targeting Facebook Business accounts. Additionally, a new threat called ‘DUCKPORT’ is introduced, which shares similarities with DUCKTAIL but has distinct functionalities, tactics, techniques, and procedures (TTPs). Cybersecurity professionals can use this report to stay informed about the evolving threats in social media and take necessary measures to protect their organizations.

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have discovered a new antivirus evasion technique called MalDoc in PDF, which involves embedding a malicious Microsoft Word file into a PDF file. This technique allows attackers to evade antivirus detection and execute malicious behaviors through macros. The technique has been observed in real-world attacks and has the potential to distribute malware if the PDF file is opened as a .DOC file in Microsoft Office.

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability

Proof-of-concept (PoC) exploit code has been released for a critical vulnerability in VMware Aria Operations for Networks. The flaw allows an attacker with network access to bypass SSH authentication and gain access to the CLI. The release of the PoC coincides with VMware issuing fixes for a high-severity SAML token signature bypass flaw in VMware Tools.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.