Daily Threat Intelligence – June 08 – 2023

b27c shutterstock 1980034757

VMware has addressed multiple critical and high-severity security issues in VMware Aria Operations for Networks. These could have allowed an attacker to expose devices to remote code execution threats or provide unauthorized access to sensitive data stored on them. Separately, two vulnerabilities were identified in the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). These vulnerabilities can lead to the privilege escalation to the administrator status with read-only credentials on the affected system.

Speaking of system flaws, security experts also uncovered a bug duo in ABB’s Aspect building management system (BMS) posing risks that could enable threat actors to gain full control over the vulnerable systems. Also, learn about the new information-stealing malware – Fractureiser.

Top Breaches Reported in the Last 24 Hours


The first two MOVEit victims
The government of Nova Scotia, Canada, and the University of Rochester, New York, have disclosed suffering security breaches owing to the exploitation of a recently discovered vulnerability in MOVEit Transfer. The government of Nova Scotia has warned that the personal information of some residents was accessed in the incident. The attack has compromised the data of over 100,000 employees in the healthcare sector of Nova Scotia.

Attack on pharmaceutical group
Japan-based pharmaceutical group Eisai is currently dealing with a ransomware intrusion that has impacted certain servers within the organization. The attack had an impact on the group’s servers both within and outside of Japan. Some of its IT functions, including logistics systems, were taken offline. The group has stated that its corporate websites and email services are still operational.

API flaws expose Honda’s data
Japanese automobile manufacturer Honda’s e-commerce platform contained API flaws that enabled password reset for any dealer account without proper authentication. A myriad of customer data, including 21,393 customer orders, 1,090 dealer emails, 11,034 customer emails, and financial reports were laid bare for anyone to tamper with. 

Top Malware Reported in the Last 24 Hours


Fractureiser – new entrant for info-stealers
A cybercriminal group is reportedly spreading the new Fractureiser info-stealer malware via Minecraft modding platforms Bukkit and CurseForge. Criminals first compromised multiple CurseForge and Bukkit accounts and then injected malicious code into existing projects (various plugins and mods) which, in turn, were adopted by popular modpacks such as ‘Better Minecraft.’ 

Top Vulnerabilities Reported in the Last 24 Hours


Security lapse in BMS
Cybersecurity company Prism Infosec has identified two sensitive flaws within ABB’s Aspect Control Engine BMS. The flaws impact versions before 3.07.01. An attacker could utilize the default credentials provided in the publicly accessible user manual to access the administrative interface. A flaw in the Network Diagnostic function of the Aspect device made it susceptible to RCE attacks. This enabled access to the underlying Linux OS and the internal network infrastructure through a reverse shell.

Multiple bugs in network monitoring tool
VMware Aria Operations for Networks, previously known as vRealize Network Insight (vRNI), was found to be affected by three security bugs: CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889. The first one is the most critical one among them that could be exploited in low-complexity attacks without requiring any user interaction. Also, abuse of the first two bugs results in an RCE attack, meanwhile, the third one leads to sensitive information disclosure.

Privilege escalation bugs in Cisco
Cisco has issued patches to address critical privilege escalation security flaws—CVE-2023-20105 and CVE-2023-20192— in its Expressway Series and TelePresence Video Communication Server (VCS). Meanwhile, it also fixed another privilege escalation issue in the Cisco Secure Client (formerly known as AnyConnect Secure Mobility Client) software that could elevate an attacker’s privileges to the SYSTEM level.

Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn