A joint report from the FBI, CISA, and CNMF reveals that advanced persistent threat (APT) actors exploited vulnerabilities in Zoho ManageEngine and Fortinet VPN products to hack an organization in the aeronautical sector. The first vulnerability, CVE-2022-47966, allowed remote attackers to execute arbitrary code on affected systems, while the second vulnerability, CVE-2022-42475, impacted multiple Fortinet products. The attackers gained root level access, performed reconnaissance, deployed malware, and harvested credentials, using readily available tools such as Mimikatz and Metasploit.
Endpoint security firm Emsisoft is advising its users to update their anti-malware and security products and reboot their systems after using an improperly issued digital certificate to sign them. The certificate authority, GlobalSign, informed Emsisoft that the certificate had the wrong business number and needed to be revoked and reissued. Emsisoft has re-signed all files using the correct certificate and has made updates available, but users may need to reinstall affected software and reboot their systems to restore protection.
Cisco has released security fixes for multiple vulnerabilities, including a critical authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. The vulnerability could allow an unauthenticated, remote attacker to forge credentials and gain unauthorized access to an affected system. Cisco has also resolved a high-severity flaw in the RADIUS message processing feature of Cisco Identity Services Engine that could cause the system to stop processing RADIUS packets.
Cybersecurity firm Check Point has discovered a new phishing campaign that utilizes Google Looker Studio to bypass security measures and deceive victims. In this attack, threat actors create fake crypto pages using Looker Studio and send them to victims via email. The phishing emails appear legitimate due to the use of authorized IP addresses and pass email authentication checks, making it crucial for recipients to remain vigilant and not fall for the scam.
Cisco has identified a zero-day vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that has been exploited in Akira ransomware attacks since August. The vulnerability, tracked as CVE-2023-20269, allows remote attackers to exploit the remote access VPN feature without authentication in brute force attacks. Cisco is working on security updates to address the vulnerability and has provided indicators of compromise (IoCs) and mitigation measures for organizations.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.