Microsoft has disclosed that cybercriminals are exploiting previously undisclosed vulnerabilities in Exchange Server. Successful exploitation of those may allow an unauthenticated user to achieve remote code execution on affected systems. While zero-days continue to haunt Exchange Server, a well-known decentralized communication platform has urged its clients to patch a couple of high-severity security holes that leave scope for man-in-the-middle attacks. Notably, the issues are in the implementation of the encryption mechanisms and not in the protocol itself.
In other news, ransomware operations by Royal and IceFire have registered themselves as upcoming threats to organizations worldwide. Security experts have issued warning against increased activities by these groups.
Top Breaches Reported in the Last 24 Hours
Semiconductor firms grab attention
According to a Recorded Future report, the semiconductor industry witnessed at least eight attacks from ransomware and extortion groups in 2022. LockBit, Cuba, and LV gangs were behind five attacks, meanwhile, Lapsus$ and RansomHouse extortion groups were responsible for three attacks. Most of the attacks this year seemed financially motivated, said experts.
Cyberespionage against the Middle East and Africa
Witchetty espionage group, as reported by Symantec Threat Hunter Team, was seen attacking government infrastructure across Middle Eastern nations. The group specifically uses two pieces of malware: X4 and LookBack (a second-stage payload). Witchetty appears to have close ties with the Chinese threat actor APT10, aka Cicada, and is also a part of the TA410 operatives.
Top Malware Reported in the Last 24 Hours
Royal ransomware operation spikes
Launched in January 2022, a ransomware operation, recently dubbed Royal, was observed attacking corporations through targeted callback phishing campaigns. In the campaign, hackers pose as software providers and food delivery services prompting subscription renewals. The group has been demanding ransom in the range of $250,000 to $2 million. It doesn’t operate as RaaS, however, operates as a private group without affiliates.
New ransomware gang in town
IceFire, a ransomware group highlighted by NCC Group, has joined the list of the top three most active threat groups for the last month. First observed in March, IceFire asks for a ransom to be paid in Monero. As per reports, IceFire ransomware instances have so far been deployed against English-speaking victims.
Top Vulnerabilities Reported in the Last 24 Hours
Cisco patches a dozen severe bugs
Cisco issued its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication that fixed 12 vulnerabilities, with 10 of them being rated high-severity. Six bugs, with a CVSS score of 8.6, could be exploited
in a way that may lead to DoS conditions. The bugs are due to improper management of resources, improper processing or insufficient input validation of certain packages, and logic errors.
Critical bugs in decentralized communication platform
Matrix, an open standard for real-time communication, warned its client of two critical vulnerabilities
affecting end-to-end encryption in the software development kit (SDK). By breaching the confidentiality of Matrix communications, an attacker could initiate man-in-the-middle attacks and gain access to message contents in a readable form. It is an implementation bug and not a protocol bug.
Zero-day exploited in Microsoft Exchange
Vietnamese cybersecurity company GTSC uncovered a zero-day in fully patched Microsoft Exchange servers. The flaws are being tracked (by Zero Day Initiative) as ZDI-CAN-18333 with a CVSS score of 8.8 and ZDI-CAN-18802 with a CVSS score of 6.3. The bug could be abused by attackers to achieve remote access to affected systems. At least one organization has been the victim of an attack campaign exploiting the zero-days.