10 July- 17 July
Technical Summary
PHP-CGI Exploit Attempts:
- Date: 2023-07-13
- Source IP: 109.206.242.25
- IOCs (Indicators of Compromise):
- IP Address: 109.206.242.25 (Country: United States)
- hxxp://87.120.88.52/get/scan.pl (Country: Bulgaria)
- IP Address: 87.120.88.52 (Country: Bulgaria)
- IP Address: 45.77.154.55 (Country: United States)
- Malware Hash: f4eb6f3874dfeaf442e320ed6b1f4d57
Phishing Sites Impersonating ARKHAM:
- Multiple phishing sites impersonating ARKHAM were listed.
- These sites aim to deceive users and potentially steal sensitive information.
- Organizations and individuals should exercise caution when interacting with these sites and avoid sharing personal or sensitive data.
- STORMOUS and GhostSec Gang Collaboration:
- The STORMOUS ransomware gang claimed to have partnered with the GhostSec gang.
- The collaboration targeted three ministries in Cuba.
- This joint effort raises concerns about increased cyber threats and potential data breaches.
- Microsoft Vulnerability (CVE-2023-36884):
- Microsoft released a vulnerability advisory for CVE-2023-36884.
- Customers using Microsoft Defender for Office are already protected.
- Applying the “Block all Office applications from creating child processes” Attack Surface Reduction Rule can prevent exploitation.
- Alternatively, organizations can set the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key.
- Thorough testing and monitoring are recommended for any registry changes made.
Key Findings
it is crucial for organizations and individuals to prioritize remediation and patching efforts to safeguard their systems and data. The following key findings highlight the importance of proactive measures to mitigate risks associated with various vulnerabilities and threats:
- Zero-Day Vulnerability Exploited in Zimbra
- Repository for Java Exploitation Code
