Threat Intel Roundup: WebKit, Akira, Kimsuky

WebKit Vulnerabilities CVE-2023-42916 and CVE-2023-42917

• CVE-2023-42916: An out-of-bounds read in WebKit, potentially leading to sensitive information disclosure. Addressed with improved input validation.
• CVE-2023-42917: A memory corruption issue in WebKit, potentially leading to arbitrary code execution. Addressed with improved locking.
• Affected Products: iOS, iPadOS, macOS, Safari.
• Patch Availability: Updates released in iOS 17.1.2, iPadOs 17.1.2, macOS 14.1.2, Safari 17.1.2.

APT Patchwork Cyber Attack Campaign.

• Attack Vector: Utilizes a malicious PDF document link and a secondary payload hosted on a compromised CDN.
• Key Components: Involves a disguised shortcut file and executable payloads downloaded from a CDN.
• C2 Server: kungkao[.]online used for command and control.

D-Link D-View Coreservice_Action_Script RCE Vulnerability (CVE-2023-44414)

• Vulnerability: Remote Code Execution in D-Link D-View.
• Impact: Allows unauthenticated remote attackers to execute arbitrary code.
• Severity: CVSS score of 9.8 (Critical).

OwnCloud CVE-2023-49103

• Vulnerability: Affects OwnCloud software.
• Impact: Potential for remote, unauthenticated attackers to execute arbitrary code.
• Severity Assessment: While numerous IP addresses are exposed, the actual severity is limited to a smaller subset.

Report on “State of Cloud Security” by Datadog

• Focus: Analysis of security posture of organizations using AWS, Azure, or Google Cloud.
• Key Findings: Issues with long-lived credentials, insufficient MFA enforcement, IMDSv2 adoption, and over-privileged workloads.
• Mitigation Strategies: Restrict interaction with the application, apply patches, and monitor network traffic.

“Your #Booking Admin Account #violates our partnership terms” Malware Campaign

• Attack Method: Phishing emails with malicious attachments and links.
• Impact: Targets users with a deceptive message leading to malware installation.
• Mitigation: Educate users, use endpoint protection, and monitor network traffic.

Report on Akira Ransomware Intrusion Set and CERT Intrinsec’s Recommendations

• Intrusion Set: Analysis of Akira ransomware’s tactics, techniques, and procedures.
• Recommendations: Include patch management, multi- factor authentication, and network monitoring.

Views: 3