#web

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord to host second stage malware and sidestep detection tools," ReversingLabs researcher Karlo Zanki

Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.

By Deeba Ahmed From WhatsApp to Telegram: New Twist on Old Scam Exploits Users for Money via YouTube Video Engagement. This is a post from HackRead.com Read the original post: “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary code execution and privilege escalation through the unquoted service path. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center, a multi-function management platform, are affected: PowerSYSTEM Center: 2020 v5.0.x through 5.16.x 3.2 Vulnerability Overview 3.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428 Subnet Solutions PowerSYSTEM Center versions 2020 v5.0.x through 5.16.x contain a vulnerability that could allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. CVE-2023-6631 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance (ODA) Equipment: Drawing SDK Vulnerabilities: Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to disclose sensitive information on affected installations of ODA Drawing SDK. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ODA Drawing SDK are affected: Drawing SDK: Versions prior to 2024.1 3.2 Vulnerability Overview 3.2.1 USE AFTER FREE CWE-416 Open Design Alliance's Drawing SDK prior to Version 2024.1 is vulnerable to a use after free attack. Exploitation of this vulnerability requires the target to visit a malicious page or open a malicious file. The specific vulnerability exists within the parsing of DWG files. Crafted data in a DWG file can trigger a use after free attack past the end of an allocated buffer. An attacker could leverage this vulnerability in conjunction wit...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: BCU 500 Vulnerabilities: Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the affected product or compromise the web application through a cross-site request forgery (CSRF) vulnerability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of EFACEC BCU 500, an automation and control IED, is affected: BCU 500: version 4.07 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. CVE-2023-50707 has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H). 3.2....

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: EuroTel Equipment: ETL3100 Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authorization Bypass Through User-Controlled Key, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions EuroTel ETL3100 radio transmitter are affected: ETL3100: version v01c01 ETL3100: version v01x37 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307 EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. CVE-2023-6928 has been assigned to this vuln...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: UC 500 Vulnerabilities: Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve sensitive information, gain unauthorized access to the product, or redirect users to malicious websites. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of EFACEC UC 500E, a HMI, is affected: UC 500E: version 10.1.0 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. CVE-2023-50703 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vec...

The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt

The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura said. The malware family,