HADESS
Cyber Security Magic

Threat Overview for the week ( 25 Jun – 2 Jul)

VMware Aria Operations for Logs Vulnerability (CVE-2023-20864): A critical vulnerability has been found in VMware Aria Operations for Logs, which could lead to remote code execution. Users are strongly advised to update their installations with the released security patches to protect their systems.

Remote Code Execution in Spring Cloud Function: Certain versions of Spring Cloud Function, including 3.1.6 and 3.2.2, are vulnerable to remote code execution when using routing functionality. Attackers can exploit this issue by providing a specially crafted SpEL as a routing-expression, potentially gaining access to local resources.

Qakbot “obama270” Variant Detection: A YARA rule has been created to identify the presence of specific strings related to the Qakbot variant known as “obama270.” This rule checks for specific filenames, DLLs, directory creation, and a malicious URL associated with this variant.

ERC20 Approval Phishing Attack Leads to $UMBR Token Loss: An investor has suffered a significant loss of $1.08 million worth of $UMBR tokens due to falling victim to an ERC20 Approval phishing attack. This incident highlights the risks associated with phishing scams in the cryptocurrency domain.

Detection of QuasarRAT and RDP Brute Force Tools: An “opendir” hosting server has been found to contain QuasarRAT, a remote administration tool, and RDPbruteforcer, a tool used for brute-forcing Remote Desktop Protocol (RDP) credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *