Cyware Daily Threat Intelligence, November 03, 2020

Share Blog Post

Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. In the past 24 hours, researchers have detected a zero-day vulnerability in the Oracle Solaris operating system, being used in the wild. The flaw is being exploited actively by the UNC1945 threat actor group to hack into corporate networks. It allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

On the other hand, a unique attack method that can enable attackers to bypass firewall protection has been demonstrated by researchers. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port.

Top Breaches Reported in the Last 24 Hours

Hacking networks
A new threat actor group called UNC1945 has been found abusing a zero-day vulnerability (CVE-2020-14871) in the Oracle Solaris operating system to hack into corporate networks. The zero-day appears to have been bought from a black market for a price of $3000. The flaw allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.

Top Malware Reported in the Last 24 Hours

Google releases patches
Google has released security patches for ten vulnerabilities affecting its Chrome browser. One of the patches is for a zero-day vulnerability that is currently being exploited in the wild. Identified as CVE-2020-16009, the flaw resides in the V8 of the Chrome component that handles JavaScript code.

Malicious npm package removed
The npm security team removed a malicious JavaScript library from the npm websites that opened backdoors on computers. Named ‘twilio-npm’, the malicious package was downloaded more than 370 times before it was removed from the site.

Top Vulnerabilities Reported in the Last 24 Hours

NAT Slipstreaming attack
A researcher has demonstrated a new technique that allows attackers to bypass firewall protection and remotely access any TCP/UDP service. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port. 

Oracle issues an emergency patch
Oracle has issued an emergency patch for a remote code execution vulnerability affecting the Oracle WebLogic server. Tracked as CVE-2020-14750, the flaw affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 of the server.

Top Scams Reported in the Last 24 Hours

Sextortion scam
Scammers are using the Zoom app in a new sextortion scam with an aim to steal funds from users. The scam, which is active since October 20, has targeted a million people in the United States. As part of the scam, the users are informed over phishing emails that they have been filmed in an inappropriate state while using Zoom. The victims are further threatened with exposure of the footage if they did not pay a ransom. The email used for the scam is titled ‘Regarding Zoom Conference Call’.

 Tags

nat slipstreaming
tcpudp port
malicious npm package
oracle solaris operating system
unc1945 threat actor group

Posted on: November 03, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!