Week in Overview(14 Sep-19 Sep)
Technical Summary
Silent Skimmer Campaign
- Nature: Financially motivated campaign targeting online payment businesses.
- Regions Affected: APAC and NALA.
- Method: Compromises web servers, exploits vulnerabilities for initial access, and deploys payment scraping mechanisms.
- Duration: Active for over a year.
- Key Tools: Obfuscated JavaScript files, Godzilla Webshells, PowerShell RATs, Cobalt Strike Beacon.
CVE-2023-34040 – Spring Kafka Deserialization RCE Vulnerability
- Nature: Deserialization vulnerability leading to remote code execution.
- Affected Software: Spring Kafka.
- Impact: Allows unauthorized attackers to execute arbitrary code on the server where Spring Kafka is running.
- Mitigation: Update to the latest patched version of Spring Kafka.
North Korean Lazarus Group’s Involvement in Cryptocurrency Hacks
- Nature: State-sponsored cyber-espionage group.
- Origin: North Korea.
- Recent Activity: Involved in a series of cryptocurrency hacks.
- Tactics: Spear-phishing campaigns, advanced malware strains, and exploiting software vulnerabilities.
Microsoft AI Data Exposure of 38 Terabytes
- Nature: Data exposure incident.
- Data Involved: 38 Terabytes of AI training data.
- Cause: Misconfigured cloud storage.
- Impact: Potential misuse of AI data, intellectual property theft, and competitive disadvantage.
- Mitigation: Secure cloud storage configurations and regular audits.
Exploitation of “search-ms” URI Protocol Handler Distributing XWorm Malware
- Nature: Malware distribution via URI protocol handler.
- Affected Protocol: “search-ms”.
- Malware: XWorm.
- Impact: Unauthorized system access, data theft, and potential system damage.
- Mitigation: Update software to the latest versions, avoid clicking on unknown links, and use updated antivirus solutions.
Lumma Stealer Malware Variant (14.09) Detection and Mitigation
- Nature: Information-stealing malware.
- Variant: 14.09.
- Tactics: Harvests user credentials, browser history, and other sensitive information.
- Impact: Data theft, unauthorized access to accounts, and potential financial loss.
- Mitigation: Regular system scans, avoid downloading files from untrusted sources, and update to the latest security patches.
Key Findings
it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate risks associated with various vulnerabilities and threats:
- Silent Skimmer Campaign
- Lumma Stealer Malware Variant
- CVE-2023-34040 – Spring Kafka Deserialization Remote Code Execution Vulnerability
- North Korean Lazarus Group’s Involvement in Recent Cryptocurrency Hacks
- Microsoft AI Data Exposure of 38 Terabytes
- Exploitation of “search-ms” URI Protocol Handler Distributing XWorm Malware
- Open Directory Exploitation with Rhadamanthys Malware
