Cybersecurity Digest #82: 05/09/2023 – 19/09/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • According to the Netwrix survey, 69% of organisations in the education sector suffered a cyberattack within the last 12 months. Phishing and user account compromise were the most common attack paths for these organisations, while phishing and malware topped the list for other verticals. What’s more, 3 out of 4 attacks (75%) in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.
  • TrustedSec experts conducted research on creating emails using HTML injection. As a result, they concluded that if an email with HTML support contains user-input data, it may be vulnerable to the injection of malicious HTML, potentially allowing an attacker to modify the entire email text and insert malicious links.
  • During their research, the Security Joes Incident Response team discovered a set of relatively new CVEs that were released in late March 2023. The chain of vulnerabilities identified during the investigated attack represents a situation where malicious actors potentially could gain the ability for remote code execution and full control over systems running vulnerable versions of the high-performance distributed object storage system MinIO.
  • A research report from BlackBerry Global Threat Intelligence, focusing on the analysis of existing cyber threats during the period of March to May 2023, has been published.
  • The SSD Secure Disclosure team has provided a description and a Proof of Concept (PoC) for a privilege escalation vulnerability in the Windows “File History” service (CVE-2023-35359). This vulnerability allows, through the use of a malicious manifest, for the service to load an external DLL when launched, potentially granting the DLL elevated privileges. This could be leveraged to create a service that runs with SYSTEM-level privileges.
  • In the Fortinet’s company report highlighted multiple instances of vulnerabilities exploitation that were previously discovered in Adobe ColdFusion. It is noted that in July 2023, Adobe released a series of security updates (APSB23-40, APSB23-41, and APSB23-47) following reports of several critical vulnerabilities in its platform.
  • ESET researchers have uncovered a new hacking campaign by the Charming Kitten hacker group (also known as Phosphorus, TA453, APT35, APT42), during which 34 organizations in various countries were targeted. The hackers employed previously undisclosed malware called “Sponsor.”

Major Cyber Incidents