Table of Contents
- A Short-Look to The Dark Web
- Security News of the Last Two Weeks
- Adobe Acrobat Sign Abused in Redline Stealer Distribution Campaigns
- Microsoft Fixes Multiple Vulnerabilities in March 2023 Updates
- Threat Actors Behind GoAnywhere Attacks Target Japan-based Hitachi Energy Firm
- Apache Fineract Has Three Critical SQL Injection Vulnerabilities | CVE-2023-25196
- Hackers Are Targeting Organizations with FortiOS Vulnerability Exploitation
We’ve gathered dark web insights, cyber security news, vulnerabilities, and CVEs, ransomware for you. Enjoy!
- Meow stealer (A NEW MALWARE), as we found out, only 4 out of 26 antivirus scanners can detect it. It steals sensitive data like browser info, crypto wallets, messaging apps, password managers, Discord tokens, and Windows product keys.
- An alleged 7GB database leak exposes data of 50M Instagram users – emails, names, followers, following, bios, status, last update & locations.
- Powerful macOS Stealer is now on the dark web. It can extract passwords and cookies from Chrome, Firefox, Brave, and Edge browsers. Also, it extracts the credit card details from the browsers we say above.
- Brandefense CTI analysts uncovered a Russian underground forum post claiming to have breached BP PLC’s China database, with 7GB of sensitive data offered for $3000.
Security News of the Last Two Weeks
What happened in cyberspace in last two weeks? Here is a quick shot of security news from the world.
Avast security researchers have observed that the Adobe Acrobat Sign software is being manipulated in Redline Stealer distribution campaigns by threat actors. It allows registered users to send document signing requests to anyone. This will create an email that will be sent to the targeted recipients containing a link to the document (PDF, Word document, HTML) that will be hosted on Adobe’s servers. The sender can also add text to the email, which is an important detail that can be easily exploited by cybercriminals.
Microsoft has released its March 2023 Patch Tuesday software updates, which include two zero-days. The first vulnerability is an information disclosure issue that can allow a remote attacker to send specially crafted email messages to a victim’s inbox. This will cause Windows Mail or Outlook to crash and restart, allowing the attacker to obtain the NTLMv2 hash of the victim’s account.
Hitachi Energy has confirmed a data breach as part of the GoAnywhere attacks. The Cl0p ransomware gang behind the attacks exploited a 0-day vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) to gain access. Recently, it was discovered that a third-party software provider named FORTRA GoAnywhere MFT was vulnerable to a zero-day vulnerability and was being used in attacks by the Cl0p ransomware group targeting institutions/organizations in various countries.
Three critical vulnerabilities have been discovered in Apache Fineract, a platform designed to bring the world’s unbanked population into the modern financial ecosystem. These vulnerabilities, namely CVE-2023-25195, CVE-2023-25196, and CVE-2023-25197, could allow unauthorized users to access sensitive data or take control of the system.
Hackers exploit a severe vulnerability, CVE-2022-41328, in FortiOS – an operating system widely used by governments and large organizations. This flaw enables them to execute arbitrary code and has already caused data loss and system corruption in targeted organizations.