itsecuritynewsbox.com
Open in
urlscan Pro
144.202.1.189
Public Scan
URL:
https://itsecuritynewsbox.com/index.php/feed/
Submission Tags: @ecarlesi possiblethreat phishing booking Search All
Submission: On December 04 via api from IT — Scanned from IT
Submission Tags: @ecarlesi possiblethreat phishing booking Search All
Submission: On December 04 via api from IT — Scanned from IT
Form analysis 0 forms found in the DOM
Text Content
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>ITSecurityNewsBox</title> <atom:link href="https://itsecuritynewsbox.com/index.php/feed/" rel="self" type="application/rss+xml" /> <link>https://itsecuritynewsbox.com</link> <description>ITSecurityNewsBox is the most relevant and extensive online community dedicated to technology news and updates</description> <lastBuildDate>Mon, 04 Dec 2023 16:47:24 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod> hourly </sy:updatePeriod> <sy:updateFrequency> 1 </sy:updateFrequency> <generator>https://wordpress.org/?v=5.4.12</generator> <item> <title>Google Workspace Marketplace: 4 Tips for Choosing the Best Apps</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/google-workspace-marketplace-4-tips-for-choosing-the-best-apps/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/google-workspace-marketplace-4-tips-for-choosing-the-best-apps/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 16:47:24 +0000</pubDate> <category><![CDATA[Security of TechRepublic]]></category> <guid isPermaLink="false">https://www.techrepublic.com/?p=4199676</guid> <description><![CDATA[An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace.]]></description> <content:encoded><![CDATA[<p>An Independent Security Verification badge is one indication that an app should go to the top of your list when evaluating options in the Google Workspace Marketplace. </p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/google-workspace-marketplace-4-tips-for-choosing-the-best-apps/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/malvertising-attacks-rely-on-danabot-trojan-to-spread-cactus-ransomware/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/malvertising-attacks-rely-on-danabot-trojan-to-spread-cactus-ransomware/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 14:59:41 +0000</pubDate> <category><![CDATA[Internet Security]]></category> <guid isPermaLink="false">https://securityaffairs.com/?p=155184</guid> <description><![CDATA[Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware. Microsoft uncovered ongoing malvertising attacks using the DanaBot Trojan (Storm-1044) to deploy the CACTUS ransomware. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198). Storm-0216 has historically used Qakbot malware for initial access, but has switched to other […]]]></description> <content:encoded><![CDATA[<h2 class="wp-block-heading">Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware.</h2> <p>Microsoft uncovered ongoing malvertising attacks using the <a href="https://securityaffairs.com/90020/malware/danabot-banking-trojan-hit-germany.html">DanaBot</a> Trojan (Storm-1044) to deploy the <a href="https://securityaffairs.com/145960/malware/new-cactus-ransomware.html">CACTUS ransomware</a>. Microsoft the campaign to the ransomware operator Storm-0216 (Twisted Spider, UNC2198).</p> <p>Storm-0216 has historically used <a href="https://securityaffairs.com/152087/cyber-crime/qakbot-threat-actors-still-operational.html">Qakbot </a>malware for initial access, but has switched to other malware for initial access after the takedown of the <a href="https://securityaffairs.com/150068/cyber-crime/fbi-dismantled-qakbot-botnet.html">Qakbot infrastructure</a>.</p> <p>The current Danabot campaign was first spotted in November, Microsoft researchers noticed that the threat actors employed a private version of the popular info-stealing malware instead of the malware-as-a-service offering.</p> <p><em>“Danabot collects user credentials and other info that it sends to command and control, followed by lateral movement via RDP sign-in attempts, eventually leading to a handoff to Storm-0216.” reads a post on X published by Microsoft Threat Intelligence team.</em></p> <figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter"> <div class="wp-block-embed__wrapper"> <blockquote class="twitter-tweet" data-width="500" data-dnt="true"> <p lang="en" dir="ltr">Danabot collects user credentials and other info that it sends to command and control, followed by lateral movement via RDP sign-in attempts, eventually leading to a handoff to Storm-0216.</p> <p>— Microsoft Threat Intelligence (@MsftSecIntel) <a href="https://twitter.com/MsftSecIntel/status/1730383718068404508?ref_src=twsrc%5Etfw">December 1, 2023</a></p></blockquote> </div> </figure> <p><a href="https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0">DanaBot</a> is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. The malware implements a modular structure that allows operators to support new functionalities by adding new plug-ins.</p> <p>The <a href="https://securityaffairs.co/wordpress/79032/malware/danabot-payload-italy.html">DanaBot banking Trojan</a> initially targeted Australia and Poland users, then it has expanded in other countries, including <a href="https://securityaffairs.co/wordpress/79032/malware/danabot-payload-italy.html">Italy</a>, Germany, Austria, and as of September 2018, Ukraine. In December, experts at Cybaze ZLab <a href="https://securityaffairs.co/wordpress/79032/malware/danabot-payload-italy.html">detected</a> a series of attacks against Italian users and dissected one of the samples used in the attacks.</p> <p>The malicious code continues to evolve, experts observed several campaigns targeting users in Australia, North America, and Europe.</p> <p>In the latest wave of attacks observed in November, the malicious code was spotted transmitting stolen credentials to an actor-controlled server. Then operators performed lateral movement via RDP sign-in attempts and ultimately attempted to deploy the CACTUS ransomware.</p> <p>Follow me on Twitter: <a href="https://twitter.com/securityaffairs"><strong>@securityaffairs</strong></a> and <a href="https://www.facebook.com/sec.affairs"><strong>Facebook</strong></a> and <a href="https://infosec.exchange/@securityaffairs"><strong>Mastodon</strong></a></p> <p id="geom_inter_1697621456576_8_7"><a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559"><strong>Pierluigi Paganini</strong></a></p> <p id="geom_inter_1697621456576_43_8"><strong>(</strong><a href="http://securityaffairs.co/wordpress/"><strong>SecurityAffairs</strong></a><strong> –</strong> <strong>hacking,<em> </em>CACTUS ransomware)</strong></p></p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/malvertising-attacks-rely-on-danabot-trojan-to-spread-cactus-ransomware/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>RDRS: ICANN’s new service for easier access to nonpublic domain data</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/rdrs-icanns-new-service-for-easier-access-to-nonpublic-domain-data/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/rdrs-icanns-new-service-for-easier-access-to-nonpublic-domain-data/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 14:36:12 +0000</pubDate> <category><![CDATA[Help Net Security]]></category> <guid isPermaLink="false">https://www.helpnetsecurity.com/?p=284817</guid> <description><![CDATA[The Internet Corporation for Assigned Names and Numbers (ICANN) has launched the Registration Data Request Service (RDRS). The RDRS is a new service that introduces a more consistent and standardized format to handle requests for access to nonpublic registration data related to generic top-level domains (gTLDs). Due to personal data protection laws, many ICANN-accredited registrars […]]]></description> <content:encoded><![CDATA[<p>The Internet Corporation for Assigned Names and Numbers (ICANN) has launched the Registration Data Request Service (RDRS). The RDRS is a new service that introduces a more consistent and standardized format to handle requests for access to nonpublic registration data related to generic top-level domains (gTLDs). Due to personal data protection laws, many ICANN-accredited registrars must redact personal data from public records previously available in “WHOIS” databases. With no one way to request or access … <a href="https://www.helpnetsecurity.com/2023/12/04/icann-rdrs-registration-data-request-service/" rel="nofollow">More <span class="meta-nav">→</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/12/04/icann-rdrs-registration-data-request-service/">RDRS: ICANN’s new service for easier access to nonpublic domain data</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/rdrs-icanns-new-service-for-easier-access-to-nonpublic-domain-data/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>ArmorCode raises $40 million to help companies ship secure software</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/armorcode-raises-40-million-to-help-companies-ship-secure-software/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/armorcode-raises-40-million-to-help-companies-ship-secure-software/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 14:36:11 +0000</pubDate> <category><![CDATA[Help Net Security]]></category> <guid isPermaLink="false">https://www.helpnetsecurity.com/?p=284816</guid> <description><![CDATA[ArmorCode announced it closed a pre-emptive $40 million Series B round to advance its mission of helping companies ship secure software fast and at scale. Premier venture firm HighlandX led the round, joined by NGP Capital, along with participation from existing investors Ballistic Ventures, Sierra Ventures and Cervin Ventures. As part of HighlandX’s investment, Managing […]]]></description> <content:encoded><![CDATA[<p>ArmorCode announced it closed a pre-emptive $40 million Series B round to advance its mission of helping companies ship secure software fast and at scale. Premier venture firm HighlandX led the round, joined by NGP Capital, along with participation from existing investors Ballistic Ventures, Sierra Ventures and Cervin Ventures. As part of HighlandX’s investment, Managing Partner Corey Mulloy will join ArmorCode’s board. This marks a total of $65 million raised to propel organizations toward fully … <a href="https://www.helpnetsecurity.com/2023/12/04/armorcode-funding-40-million/" rel="nofollow">More <span class="meta-nav">→</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/12/04/armorcode-funding-40-million/">ArmorCode raises $40 million to help companies ship secure software</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/armorcode-raises-40-million-to-help-companies-ship-secure-software/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/cyberav3ngers-hit-unitronics-plcs-at-multiple-us-based-water-facilities/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/cyberav3ngers-hit-unitronics-plcs-at-multiple-us-based-water-facilities/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 13:46:16 +0000</pubDate> <category><![CDATA[Help Net Security]]></category> <guid isPermaLink="false">https://www.helpnetsecurity.com/?p=284752</guid> <description><![CDATA[Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly […]]]></description> <content:encoded><![CDATA[<p>Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs. The agency has advised them to change the default password and port used by the PLC, … <a href="https://www.helpnetsecurity.com/2023/12/04/cyberav3ngers-unitronics-plcs/" rel="nofollow">More <span class="meta-nav">→</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/12/04/cyberav3ngers-unitronics-plcs/">CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/cyberav3ngers-hit-unitronics-plcs-at-multiple-us-based-water-facilities/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>LockBit on a Roll – ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/lockbit-on-a-roll-icbc-ransomware-attack-strikes-at-the-heart-of-the-global-financial-order/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/lockbit-on-a-roll-icbc-ransomware-attack-strikes-at-the-heart-of-the-global-financial-order/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 10:56:36 +0000</pubDate> <category><![CDATA[Internet Security]]></category> <guid isPermaLink="false">https://securityaffairs.com/?p=155178</guid> <description><![CDATA[The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system […]]]></description> <content:encoded><![CDATA[<h2 class="wp-block-heading">The LockBit ransomware attack on the <a href="https://securityaffairs.com/153986/hacking/icbc-ransomware-attack.html">Industrial & Commercial Bank of China</a> demonstrates the weakness of global financial system to cyberattacks.</h2> <p>The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of <a href="https://securityaffairs.com/153986/hacking/icbc-ransomware-attack.html">Industrial & Commercial Bank of China</a> Ltd. on November 8 has laid bare the vulnerability of the global financial system to cyberattacks. LockBit ransomware group claimed responsibility for the attack against ICBC, the largest lender in the world by assets, with $5.7 trillion under management. This ominous cyber-event sent shockwaves through the $26 trillion U.S. Treasury market.</p> <p>According to <a href="https://www.resecurity.com/blog/article/icbc-ransomware-attack-strikes-at-the-heart-of-the-global-financial-order-lockbit-on-a-roll">the report</a> released by Resecurity, a Los Angeles-based company protecting Fortune 500 and governments worldwide, the attack against ICBC may be a precursor for significant malicious cyber activity against global financial system. The experts called it ‘prepositioning’ to analyze the response from financial organizations globally and the reaction of the market.</p> <p>LockBit specifically targeted ICBC Financial Services (ICBC FS), a wholly owned U.S. subsidiary of the state-owned lender, which plays a critical role in the world of international finance. “ICBC FS primarily engages in providing global clearing, execution and financing services to institutional clients,” according to credit-ranking agency Fitch Ratings. The Financial Times reported that this ICBC unit is an “intermediary for governments, hedge funds, and proprietary traders wanting to buy and sell U.S. debt.”</p> <p>According to the Treasury, the LockBit attack exploited a known vulnerability in the Citrix NetScaler product suite. The ransomware disruption temporarily prevented bank employees from accessing their corporate email accounts and connecting to the Depository Trust and Clearing Corporation to resolve large batches of U.S. Treasury trades. Bundled in this trade backlog were systemically vital repurchase agreement (repo) transactions.</p> <p>Follow me on Twitter: <a href="https://twitter.com/securityaffairs"><strong>@securityaffairs</strong></a> and <a href="https://www.facebook.com/sec.affairs"><strong>Facebook</strong></a> and <a href="https://infosec.exchange/@securityaffairs"><strong>Mastodon</strong></a></p> <p id="geom_inter_1697621456576_8_7"><a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559"><strong>Pierluigi Paganini</strong></a></p> <p id="geom_inter_1697621456576_43_8"><strong>(</strong><a href="http://securityaffairs.co/wordpress/"><strong>SecurityAffairs</strong></a><strong> –</strong> <strong>hacking,<em> </em>Industrial & Commercial Bank of China)</strong></p></p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/lockbit-on-a-roll-icbc-ransomware-attack-strikes-at-the-heart-of-the-global-financial-order/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Booking.com customers targeted in hotel booking scam</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/booking-com-customers-targeted-in-hotel-booking-scam/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/booking-com-customers-targeted-in-hotel-booking-scam/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 10:26:00 +0000</pubDate> <category><![CDATA[Help Net Security]]></category> <guid isPermaLink="false">https://www.helpnetsecurity.com/?p=284685</guid> <description><![CDATA[Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays,” Secureworks researchers warn. […]]]></description> <content:encoded><![CDATA[<p>Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays,” Secureworks researchers warn. “The threat actors directed the victims to malicious URLs for inputting the information, and then used the details to withdraw … <a href="https://www.helpnetsecurity.com/2023/12/04/booking-com-hotel-booking-scam/" rel="nofollow">More <span class="meta-nav">→</span></a></p> <p>The post <a rel="nofollow" href="https://www.helpnetsecurity.com/2023/12/04/booking-com-hotel-booking-scam/">Booking.com customers targeted in hotel booking scam</a> appeared first on <a rel="nofollow" href="https://www.helpnetsecurity.com">Help Net Security</a>.</p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/booking-com-customers-targeted-in-hotel-booking-scam/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>IT Professionals in ASEAN Confronting Rising Cyber Security Risks</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/it-professionals-in-asean-confronting-rising-cyber-security-risks/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/it-professionals-in-asean-confronting-rising-cyber-security-risks/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 10:06:01 +0000</pubDate> <category><![CDATA[Security of TechRepublic]]></category> <guid isPermaLink="false">https://www.techrepublic.com/?p=4198903</guid> <description><![CDATA[The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.]]></description> <content:encoded><![CDATA[<p>The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced. </p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/it-professionals-in-asean-confronting-rising-cyber-security-risks/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/zyxel-fixed-tens-of-flaws-in-firewalls-access-points-and-nas-devices/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/zyxel-fixed-tens-of-flaws-in-firewalls-access-points-and-nas-devices/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 06:56:07 +0000</pubDate> <category><![CDATA[Internet Security]]></category> <guid isPermaLink="false">https://securityaffairs.com/?p=155163</guid> <description><![CDATA[Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can exploit the vulnerabilities to steal cookies, access configuration files, carry out command injection and denial-of-service […]]]></description> <content:encoded><![CDATA[<h2 class="wp-block-heading">Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass.</h2> <p>Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as <a href="https://www.cve.org/CVERecord?id=CVE-2023-35136" target="_blank" rel="noreferrer noopener">CVE-2023-35136</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-35139" target="_blank" rel="noreferrer noopener">CVE-2023-35139</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-37925" target="_blank" rel="noreferrer noopener">CVE-2023-37925</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-37926" target="_blank" rel="noreferrer noopener">CVE-2023-37926</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-4397" target="_blank" rel="noreferrer noopener">CVE-2023-4397</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-4398" target="_blank" rel="noreferrer noopener">CVE-2023-4398</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-5650" target="_blank" rel="noreferrer noopener">CVE-2023-5650</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-5797" target="_blank" rel="noreferrer noopener">CVE-2023-5797</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2023-5960" target="_blank" rel="noreferrer noopener">CVE-2023-5960</a>.</p> <p>Threat actors can exploit the vulnerabilities to steal cookies, access configuration files, carry out command injection and denial-of-service attacks.</p> <p>Below is the <a href="https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps">list of vulnerabilities fixed by the company</a>:</p> <ul> <li>CVE-2023-35136 – An improper input validation vulnerability in the “Quagga” package of some firewall versions could allow an authenticated local attacker to access configuration files on an affected device.</li> <li>CVE-2023-35139 – A cross-site scripting (XSS) vulnerability in the CGI program of some firewall versions could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs.</li> <li>CVE-2023-37925 – An improper privilege management vulnerability in the debug CLI command of some firewall and AP versions could allow an authenticated local attacker to access system files on an affected device.</li> <li>CVE-2023-37926 – A buffer overflow vulnerability in some firewall versions could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.</li> <li>CVE-2023-4397 – A buffer overflow vulnerability in some firewall versions could allow an authenticated local attacker with administrator privileges to cause DoS conditions by executing the CLI command with crafted strings on an affected device.</li> <li>CVE-2023-4398 – An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of some firewall versions could allow a remote unauthenticated attacker to cause DoS conditions on an affected device by sending a crafted IKE packet.</li> <li>CVE-2023-5650 – An improper privilege management vulnerability in the ZySH of some firewall versions could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device.</li> <li>CVE-2023-5797 – An improper privilege management vulnerability in the debug CLI command of some firewall and AP versions could allow an authenticated local attacker to access the administrator’s logs on an affected device.</li> <li>CVE-2023-5960 – An improper privilege management vulnerability in the hotspot feature of some firewall versions could allow an authenticated local attacker to access the system files on an affected device.</li> </ul> <p>Zyxel also <a href="https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products">addressed authentication bypass </a>and command injection vulnerabilities in NAS (network attached storage) NAS226 and NAS542. </p> <p>Below is the list of the NAS flaws fixed by the vendor:</p> <ul> <li>CVE-2023-35137 – An improper authentication vulnerability in the authentication module in Zyxel NAS devices could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.</li> <li>CVE-2023-35138 – A command injection vulnerability in the “show_zysync_server_contents” function in Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.</li> <li>CVE-2023-37927 – The improper neutralization of special elements in the CGI program in Zyxel NAS devices could allow an authenticated attacker to execute some OS commands by sending a crafted URL to a vulnerable device.</li> <li>CVE-2023-37928 – A post-authentication command injection vulnerability in the WSGI server in Zyxel NAS devices could allow an authenticated attacker to execute some OS commands by sending a crafted URL to a vulnerable device.</li> <li>CVE-2023-4473 – A command injection vulnerability in the web server in Zyxel NAS devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted URL to a vulnerable device.</li> <li>CVE-2023-4474 – The improper neutralization of special elements in the WSGI server in Zyxel NAS devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted URL to a vulnerable device.</li> </ul> <p>Follow me on Twitter: <a href="https://twitter.com/securityaffairs"><strong>@securityaffairs</strong></a> and <a href="https://www.facebook.com/sec.affairs"><strong>Facebook</strong></a> and <a href="https://infosec.exchange/@securityaffairs"><strong>Mastodon</strong></a></p> <p id="geom_inter_1697621456576_8_7"><a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559"><strong>Pierluigi Paganini</strong></a></p> <p id="geom_inter_1697621456576_43_8"><strong>(</strong><a href="http://securityaffairs.co/wordpress/"><strong>SecurityAffairs</strong></a><strong> –</strong> <strong>hacking,<em> </em>NAS)</strong></p></p> ]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/zyxel-fixed-tens-of-flaws-in-firewalls-access-points-and-nas-devices/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Rhysida ransomware gang hits hospital holding royal family’s data</title> <link>https://itsecuritynewsbox.com/index.php/2023/12/04/rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data/</link> <comments>https://itsecuritynewsbox.com/index.php/2023/12/04/rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data/#respond</comments> <dc:creator><![CDATA[itsecuritynewsbox]]></dc:creator> <pubDate>Mon, 04 Dec 2023 06:44:00 +0000</pubDate> <category><![CDATA[IT Security]]></category> <guid isPermaLink="false">https://itsecuritynewsbox.com/index.php/2023/12/04/rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data/</guid> <description><![CDATA[]]></description> <content:encoded><![CDATA[]]></content:encoded> <wfw:commentRss>https://itsecuritynewsbox.com/index.php/2023/12/04/rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> </channel> </rss>