Daily Threat Intelligence – June 15 – 2023

dac1 C3 Copy 4 1

Researchers have identified two critical cross-site scripting (XSS) vulnerabilities within Microsoft Azure services that pose a significant security risk and require immediate attention and remediation. In other news, experts have identified the utilization of the most recent version of the batch obfuscation engine called BatCloak in an attack campaign by SeroXen malware actors. Also, four critical- and high-severity bugs were fixed for Chrome 114. Good thing, there were no official records of any of these vulnerabilities being exploited in attacks.

Meanwhile, security experts have discovered a new Golang stealer called Skuld. It has allegedly compromised several systems on a global level. Skuld employs multiple methods to extract information from Discord, web browsers, and other valuable data.

Top Breaches Reported in the Last 24 Hours

Shell vs Cl0p
Shell officially confirmed falling victim to a breach by the Cl0p ransomware group, who exploited the recent MOVEit Transfer zero-day vulnerability. The British oil and gas multinational was listed on the group’s extortion site. Experts say it is the second time that Shell was hit by the Cl0p group targeting a file transfer service. Shell emphasized that there is currently no evidence indicating any impact on the company’s core IT systems.

Top Malware Reported in the Last 24 Hours

Is WannaCry 3.0 for real?
A phishing operation was discovered impersonating the WannaCry ransomware (posing as WannaCry 3.0) and targeting Russian-speaking gamers. The phishing page mimics the official Enlisted game website to spread infection. The ransomware is, in fact, a customized edition of an open-source locker called Crypter. This variant was specifically developed for Windows systems and was written in Python.

SeroXen adapts for better obfuscation
The SeroXen malware strain has been upgraded with a sophisticated and fully undetectable (FUD) distribution method using highly obfuscated files. The infection chain begins by luring users from the gaming community and other enthusiast groups into executing a batch file. Trend Micro reported that the technique enables the malware to infect victims with hVNC-capable (Hidden Virtual Network Computing) malware.

Signal 0-day exploit or malware, or both
Recently, a group of criminals intensified their efforts to pass a malicious GitHub repository—falsely claiming to contain a Signal zero-day exploit—as legitimate. They created multiple GitHub accounts and Twitter profiles, posing as members of a fictitious company called High Sierra Cyber Security. Their only purpose is to drop malware implants to compromise systems.

New Golang malware in town
The Trellix Advanced Research Center has reported a new Go-based malware dubbed Skuld. This newly identified malware strain specializes in stealing sensitive information from its victims. To achieve this goal, it specifically targets data stored within applications such as Discord and web browsers, and other system folders on Windows machines. Certain samples of the malware even incorporate a module designed to pilfer cryptocurrency assets.

Chinese group introduces ChamelDoH
An analysis by Stairwell found ChamelGang, allegedly a Chinese threat group, infecting Linux devices with a previously unidentified implant called ChamelDoH. The implant enables the group to establish DNS-over-HTTPS communications with their servers. Positive Technologies documented this specific threat actor for the first time in September 2021. The association between ChamelGang and the newly discovered Linux malware has been established through a previously identified domain.

ChromeLoader via Shampoo
A malicious ChromeLoader extension is being distributed under a malicious campaign known as Shampoo. This extension serves as the core component of the malware, enabling its malicious activities. The primary objective of the campaign is to install an extension within Google Chrome to gather sensitive personal information such as search queries, as well as redirect users to malicious sites.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Azure services blurts data
Security experts uncovered XSS flaws in Microsoft Azure services that could have resulted in unauthorized access to sensitive data or unauthorized actions within Azure environments. The bugs actually abuse a weakness in the postMessage iframe mechanism, potentially exposing Azure users to security breaches. The vulnerabilities were detected in Azure Bastion and Azure Container Registry – widely utilized services within the Azure ecosystem.

Chrome 114 update
Google announced the release of Chrome 114 update, patching a total of five security flaws. Four of these were classified as critical or high severity. The most significant among the addressed vulnerabilities was CVE-2023-3214, described as a critical use-after-free vulnerability in Autofill payments. Exploiting use-after-free vulnerabilities can potentially result in a sandbox escape, allowing an attacker can gain elevated privileges.

Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

 To keep up to date follow us on the below channels.