Security Newsletter | March 30, 2023

MARCH 29, 2023

Introduction
A Short-Look to The Dark Web
Security News of the Last Two Weeks

[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]

We’ve gathered dark web insights, cyber security news, vulnerabilities, and CVEs, ransomware for you. Enjoy!

[/vc_column_text][vc_column_text]

A Short-Look to The Dark Web

Here are the insights from dark-web. Learn and protect yourself before threats reach you. If you want to reach more insight, follow us on Twitter and Subscribe to our Ransomware Newsletter![/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”18369″ img_size=”medium” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]

  • Meow stealer (A NEW MALWARE), as we found out, only 4 out of 26 antivirus scanners can detect it. It steals sensitive data like browser info, crypto wallets, messaging apps, password managers, Discord tokens, and Windows product keys.
  • An alleged 7GB database leak exposes data of 50M Instagram users – emails, names, followers, following, bios, status, last update & locations.

[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”18370″ img_size=”large” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]

  • Powerful macOS Stealer is now on the dark web. It can extract passwords and cookies from Chrome, Firefox, Brave, and Edge browsers. Also, it extracts the credit card details from the browsers we say above.
  • Brandefense CTI analysts uncovered a Russian underground forum post claiming to have breached BP PLC’s China database, with 7GB of sensitive data offered for $3000.

[/vc_column_text][vc_empty_space height=”10px”][vc_column_text]

Security News of the Last Two Weeks

What happened in cyberspace in last two weeks? Here is a quick shot of security news from the world.

Adobe Acrobat Sign Abused in Redline Stealer Distribution Campaigns

Avast security researchers have observed that the Adobe Acrobat Sign software is being manipulated in Redline Stealer distribution campaigns by threat actors. It allows registered users to send document signing requests to anyone. This will create an email that will be sent to the targeted recipients containing a link to the document (PDF, Word document, HTML) that will be hosted on Adobe’s servers. The sender can also add text to the email, which is an important detail that can be easily exploited by cybercriminals.

[/vc_column_text][pix_button btn_text=”Learn More” btn_target=”true” btn_size=”normal” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-right” btn_link=”https://brandefense.io/security-news/adobe-acrobat-sign-redline-stealer/”][vc_empty_space height=”10px”][vc_column_text]

Microsoft Fixes Multiple Vulnerabilities in March 2023 Updates

Microsoft has released its March 2023 Patch Tuesday software updates, which include two zero-days. The first vulnerability is an information disclosure issue that can allow a remote attacker to send specially crafted email messages to a victim’s inbox. This will cause Windows Mail or Outlook to crash and restart, allowing the attacker to obtain the NTLMv2 hash of the victim’s account.

[/vc_column_text][pix_button btn_text=”Learn More” btn_target=”true” btn_size=”normal” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-right” btn_link=”https://brandefense.io/security-news/microsoft-march-2023-updates/”][vc_empty_space height=”10px”][vc_column_text]

[/vc_column_text][vc_empty_space height=”10px”][vc_single_image image=”18330″ img_size=”large” alignment=”center”][vc_empty_space height=”10px”][vc_column_text]

Threat Actors Behind GoAnywhere Attacks Target Japan-based Hitachi Energy Firm

Hitachi Energy has confirmed a data breach as part of the GoAnywhere attacks. The Cl0p ransomware gang behind the attacks exploited a 0-day vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) to gain access. Recently, it was discovered that a third-party software provider named FORTRA GoAnywhere MFT was vulnerable to a zero-day vulnerability and was being used in attacks by the Cl0p ransomware group targeting institutions/organizations in various countries.

[/vc_column_text][pix_button btn_text=”Learn More” btn_target=”true” btn_size=”normal” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-right” btn_link=”https://brandefense.io/security-news/goanywhere-target-japan-based-hitachi/”][vc_empty_space height=”10px”][vc_column_text]

Apache Fineract Has Three Critical SQL Injection Vulnerabilities | CVE-2023-25196

Three critical vulnerabilities have been discovered in Apache Fineract, a platform designed to bring the world’s unbanked population into the modern financial ecosystem. These vulnerabilities, namely CVE-2023-25195, CVE-2023-25196, and CVE-2023-25197, could allow unauthorized users to access sensitive data or take control of the system.

[/vc_column_text][pix_button btn_text=”Learn More” btn_target=”true” btn_size=”normal” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-right” btn_link=”https://brandefense.io/security-news/sql-injection-in-apache-fineract/”][vc_empty_space height=”10px”][vc_column_text]

Hackers Are Targeting Organizations with FortiOS Vulnerability Exploitation

Hackers exploit a severe vulnerability, CVE-2022-41328, in FortiOS – an operating system widely used by governments and large organizations. This flaw enables them to execute arbitrary code and has already caused data loss and system corruption in targeted organizations.

[/vc_column_text][pix_button btn_text=”Learn More” btn_target=”true” btn_size=”normal” btn_effect=”” btn_hover_effect=”” btn_add_hover_effect=”” btn_div=”text-right” btn_link=”https://brandefense.io/security-news/fortios-vulnerability-exploitation/”][vc_empty_space][/vc_column][/vc_row]

SHARE THIS

Get insight, Analysis &
News Straight to Your
Inbox

By submitting this form, you agree to our Privacy Policy

Latest News