Unpatched zero-day vulnerabilities can be a potential gold mine for cybercriminals to take control over systems and launch a variety of attacks. In the past 24 hours, researchers have detected a zero-day vulnerability in the Oracle Solaris operating system, being used in the wild. The flaw is being exploited actively by the UNC1945 threat actor group to hack into corporate networks. It allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.
On the other hand, a unique attack method that can enable attackers to bypass firewall protection has been demonstrated by researchers. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port.
Top Breaches Reported in the Last 24 Hours
A new threat actor group called UNC1945 has been found abusing a zero-day vulnerability (CVE-2020-14871) in the Oracle Solaris operating system to hack into corporate networks. The zero-day appears to have been bought from a black market for a price of $3000. The flaw allowed the attackers to bypass authentication procedures and install a backdoor named SLAPSTICK on internet-exposed Solaris servers.
Top Malware Reported in the Last 24 Hours
Google releases patches
Malicious npm package removed
Top Vulnerabilities Reported in the Last 24 Hours
NAT Slipstreaming attack
A researcher has demonstrated a new technique that allows attackers to bypass firewall protection and remotely access any TCP/UDP service. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site which, in turn, allows attackers to circumvent restrictions and open any TCP/UDP port.
Oracle issues an emergency patch
Oracle has issued an emergency patch for a remote code execution vulnerability affecting the Oracle WebLogic server. Tracked as CVE-2020-14750, the flaw affects versions 10.3.6.0.0, 22.214.171.124.0, 126.96.36.199.0, 188.8.131.52.0, and 184.108.40.206.0 of the server.
Top Scams Reported in the Last 24 Hours
Scammers are using the Zoom app in a new sextortion scam with an aim to steal funds from users. The scam, which is active since October 20, has targeted a million people in the United States. As part of the scam, the users are informed over phishing emails that they have been filmed in an inappropriate state while using Zoom. The victims are further threatened with exposure of the footage if they did not pay a ransom. The email used for the scam is titled ‘Regarding Zoom Conference Call’.