CTI Weekly Highlights - 09/11/23
Vulnerabilities and Exploitation Attempts
A Critical Security Flaw in Cisco Platforms Could Lead to Arbitrary Code Execution
CVE-2023-20238, a critical security flaw in the single sign-on (SSO) implementation of the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform, could allow an unauthenticated threat actor privileged access to view, edit, and even delete sensitive data of the compromised system.
Hackers Exploit MinIO Storage System to Breach Corporate Networks
Attackers observed exploiting two MinIO vulnerabilities, CVE-2023-28432 and CVE-2023-28434, to breach object storage systems and perform different malicious activities; access private information, execute arbitrary code, and potentially take over servers.
Okta Feature Abused for Cross-Tenant Impersonation
Okta has detected a pattern of attacks where threat actors employ social engineering tactics to gain access to highly privileged roles within the Okta tenant. Once inside, these attackers employ innovative methods for moving laterally and evading defense mechanisms.
Malware Developments
W3LL Phishing Kit Hijacks Thousands of Microsoft 365 Accounts, Bypasses MFA
A malicious actor, known as W3LL, has recently emerged as a major player in Business Email Compromise (BEC) attacks, wielding a sophisticated phishing kit that targets Microsoft 365 corporate accounts.
Recommended by LinkedIn
New Malvertising Campaign Targets macOS Users; Delivers Atomic Stealer
A recent malvertising campaign was spotted delivering both Windows and Mac-targeting malware, with the latter being a revamped Mac-based variant of Atomic Stealer.
Identified Trends
DarkGate Loader Malware Delivered via Microsoft Teams
A recent Microsoft Teams malware campaign was seen distributing the DarkGate Loader. During this attack, chat messages were dispatched via Microsoft Teams from two external Office 365 accounts that had been previously compromised. The messages were designed to deceive recipients into downloading and launching a malicious file hosted externally.
This incident highlights the concerning trend of threat actors leveraging legitimate platforms like Microsoft Teams for malicious activities.
Gain deeper CTI insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.