Tag Archive for: alert

Alert: Chinese Threat Actors Exploit Barracuda Zero-Day Flaw

/in


In recent developments, Barracuda, a prominent network and email cybersecurity firm, has been grappling with a zero-day vulnerability. The vulnerability has been identified as CVE-2023-7102 in its Email Security Gateway (ESG) appliances. The situation has been exacerbated by the active exploitation of this flaw by a Chinese hacker group known as UNC4841 Chinese. In this blog, we’ll look into the Barracuda zero-day flaw, exploring its intricacies and the consequential impact on cybersecurity.


The Barracuda Zero-Day Flaw

 

The root cause of the Barracuda ESG appliances vulnerability lies in a weakness within the Spreadsheet::ParseExcel third-party library, integral to the Amavis virus scanner running on Barracuda ESG appliances. The flaw enables threat actors to execute arbitrary code on vulnerable ESG devices through parameter injection.

 

Barracuda Zero-Day Flaw Exploited By Chinese Hackers

 

UNC4841 leveraged this Arbitrary Code Execution (ACE) vulnerability to deploy a meticulously crafted Excel email attachment, exploiting the Spreadsheet::ParseExcel library. As a result, a limited number of ESG devices fell prey to the attack, giving rise to cybersecurity threats in ESG appliances

Barracuda responded swiftly by deploying a patch on December 22, 2023, to remediate compromised ESG appliances, which exhibited indicators of compromise linked to new variants of SEASPY and SALTWATER malware.

In the ongoing investigation of the Barracuda zero-day flaw, the organization assured customers that no immediate action is required. They also emphasized their commitment to resolving the issue and ensuring the security of ESG appliances.

 

CVE-2023-7101: A Wider Concern


Notably, Barracuda has filed CVE-2023-7101 for a vulnerability in the open-source library, impacting various products across multiple organizations. As of now, this concern remains unaddressed, adding an extra layer of urgency to the cybersecurity landscape.


A Recap of May’s Security Warning


These zero-day exploits in network security devices aren’t the first time Barracuda has faced cybersecurity challenges. In May, the company issued a warning to customers about breaches in some of its Email Security Gateway…

Source…

Alert: New Chrome Zero-Day Vulnerability Being Exploited

/in


Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It’s worth noting that the vulnerability pertains to the WebRTC framework and, when exploited, can lead to program crashes or arbitrary code execution. Given its severity, it has raised significant online security risks

In this article, we’ll dive into details of the vulnerability and the countermeasures Google has implemented to keep the vulnerability from being exploited further.

 

Chrome Zero-Day Vulnerability Discovered


As of now, Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) are the two personnel credited with discovering the vulnerability. However, details of any other security defects resulting in Google Chrome exploits have not been released till now, as it prevents further exploits. Despite this, Google has acknowledged that:

“An exploit for CVE-2023-7024 exists in the wild.”

The Chrome zero-day vulnerability, identified as CVE-2023-7024, is being described as a heap-based buffer overflow bug in the WebRTC framework. Those concerned about their internet browser safety and online security posture must know buffer overflows can be used for the execution of arbitrary code outside of the program’s implicit security policy. 

They can also be used to write function pointers pertaining to the attacker’s code. In cases where the exploit leads to arbitrary code execution, additional web browser security services can be subverted by the attacker. It’s worth mentioning that such browser vulnerabilities raise significant concerns pertaining to online security risks.

Google Chrome has widespread usage across multiple platforms and is often used by high-value targets. Such circumstances make exploiting the Chrome zero-day vulnerability a feasible option for threat actors, as it can be used to expand the attack surface once initial access has been acquired. 


Chrome Security Updates


As far as countermeasures for the vulnerability are concerned, Google has stated that: “Access to bug details and links may be kept restricted until…

Source…

Chrome Browser Alert! This Cookie Malware Can Access Your Google Accounts Even If You Reset Password, Log Out; Details

/in


Online threats and malware can be tough to track in the rapidly evolving digital world. As these dangers replicate in the internet landscape, a new data-stealing malware, which abuses Google’s OAuth endpoint called ‘MultiLogin’ to revive expired cookies and sign in to user accounts is among the new concerns, according to a report from BleepingComputer. This works even after you reset an account’s password or log out from the internet browser.

For the unaware, session cookies store authentication details of an account that lets users log in to websites automatically next time without entering the sign-in credentials. They have an expiration period to limit their misuse by bad actors, such as stealing access to user accounts. The news outlet earlier reported about information-stealers that could restore access to expired authentication cookies last month.

Also Read: Google Is Taking Scammers To Court For Creating Malware Copies Of Bard, Exploiting Businesses Via Hoax Copyright Claims

Such malware allows a cybercriminal to access Google accounts even if the victim has logged out, changed their password or reached session expiry. According to a new report from CloudSEK, it was first chased by threat actor PRISMA in October, who posted about the exploit on the messaging platform Telegram. As per the researchers, the exploit uses the Google OAuth endpoint that synchronises accounts across Google services.

The session cookie can be regenerated only once if a user changes their password.(Image:Canva/peshkov from Getty Images)

The malware abuses the endpoint to extract tokens and accounts of Chrome profiles logged into a Google account. Later, this data (including saved passwords) is decrypted to extract information. With the stolen token, the cybercriminals regenerate the cookie and can ensure continuous access to these accounts.

Also Read: FB Account Hacking Malware Targeting Indian HRs, Digital Marketers Via ‘Google Docs Offline’ Extension; Safety Tips

CloudSek Researcher Pavan Karthick told BleepingComputer that the cookie can be regenerated only once if a user changes their password. In other cases, it can be refreshed multiple times. According to the report, a minimum of…

Source…

Akira Ransomware Alert! Kaspersky Reveals Global Impact on Windows and Linux

/in


Ransomware

Ransomware, Stealers and Fake Updates – Inside the Evolving Cybercrime Landscape

The online dangers we face are always changing, with cybercriminals coming up with new ways to harm people on the internet. Experts at Kaspersky keep an eye on these threats and study them to help everyone stay safe.

One group at Kaspersky called the Global Research and Analysis Team (GReAT), is focused on understanding and stopping new kinds of malicious software. They’re looking into tricky attacks, like ransomware that works on different devices, viruses that go after Apple computers, and sneaky methods hackers use to trick people, like fake browser alerts. According to Kaspersky’s latest findings, cybercriminals are getting smarter and using more advanced tricks to infect computers without getting caught.

Fake Browser Updates Hide Trojans

One threat uncovered by Kaspersky GReAT researchers is the cunning FakeSG campaign. Legitimate websites are compromised to display fake browser update alerts. Clicking these prompts a file download that seems to update the browser but actually runs hidden malicious scripts. These establish persistence and expose command infrastructure revealing the operation’s sophistication.

Cross-Platform Ransomware Wreaking Havoc

Akira ransomware is the latest threat able to infect both Windows and Linux systems. Within months over 60 organizations globally were impacted, including in retail, manufacturing and education. Akira shares code similarities with Conti ransomware but has an old-school command panel design making analysis trickier. Its cross-platform adaptability shows the broad reach of modern ransomware.

MacOS Malware Joining the Fray

The AMOS information stealer surfaced in April 2023, was sold via Telegram and was initially written in Go before shifting to C code. By deploying malvertising on phishing sites spoofing popular Mac apps, AMOS can infiltrate Apple systems and exfiltrate sensitive user data. This reflects a wider trend of Mac-focused malware moving beyond traditional Windows targets.

Staying Safe in an Evolving Landscape

With cybercriminals rapidly innovating their tools and tactics, end users must be proactive about security. Maintaining device software…

Source…