Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 17, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 17, 2023
Nothing’s more scary than a PoC exploit available for an unpatched critical bug! The scenario held true for a high-severity vulnerability found in Adobe ColdFusion. This vulnerability had the potential to enable arbitrary code execution on targeted systems, thereby posing a significant security risk. Separately, Lemmy, which claims to be a Reddit alternative, suffered an intrusion owing to the exploitation of a cross-site scripting (XSS) bug, essentially a zero-day flaw. The attacker could access users’ personal accounts and data.
Moving on. Generative AI in the wrong hands is apparently democratizing the execution of sophisticated BEC attacks. Security researchers have spotted a new adversarial tool called WormGPT, and its potential is ominous.
Unsecured Docker Hub images
Researchers at RWTH Aachen University in Germany studied 337,171 images from Docker Hub and thousands of private registries blurting out private keys and API secrets, and even user data. Those were found exposing 52,107 valid private keys and 3,158 distinct API secrets in 28,621 Docker images. Around 95% of private keys and 90% of API secrets were found in single-user images, indicating inadvertent leakage.
New victims of MOVEit breach
Hillsborough County, Florida, is yet another victim of the fallout from the MOVEit Transfer breaches. It has informed over 70,000 individuals that their personal information might have been compromised due to the incident. Meanwhile, confidential data of both current and former students and employees of Colorado State University (CSU) slipped into the hands of the Cl0p ransomware group in a MOVEit Transfer data-theft attack.
Generative AI for cybercrime
A new malicious tool dubbed WormGPT is doing rounds in underground forums as a new generative AI cybercrime tool. Attackers could be preparing to execute sophisticated phishing attacks by crafting highly convincing fake emails, said security experts. The tool boasts a variety of impressive features, such as unlimited character support, chat memory retention, and the ability to format code, making it a powerful and versatile option for its users.
Adobe fixes critical issue
Adobe addressed a sensitive bug earmarked CVE-2023-38203 in ColdFusion.
The bug is described as “deserialization of untrusted data” and concerns ColdFusion versions 2023, 2021, and 2018. The company also confirmed being fully aware of a proof-of-concept exploit for the bug. A similar bug (CVE-2023-29300) was patched last week. Both of the bugs were reportedly exploited in the wild.
Lemmy bug impacts user accounts
Several instances of the Lemmy app were hacked after an adversary exploited an XSS flaw related to the rendering of custom emojis. The attacker abused the zero-day bug to deface pages on various well-known instances, including Lemmy[.]world. Several user accounts were also compromised during the incident through stolen authentication cookies, giving away all private messages and email addresses of users.