ZeroFox Daily Intelligence Brief - June 16, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - June 16, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- ZeroFox Intelligence Flash Report: Clop Ransomware Discloses New Victims Across a Wide Range of Sectors
- ZeroFox Intelligence Assesses KillNet’s Claims of Imminent Attack on Western Financial Infrastructure
- MOVEit Transfer Customers Warned of Third Flaw as New PoC Information Surfaces
- Vulnerabilities: CVE-2022-47015, CVE-2023-24038, and CVE-2023-1161
- Exploits: CVE-2015-7857, CVE-2013-0333, and CVE-2008-4397
- Breaches: BreachForums/XSS: HackGive Data Breach and Credit Card Data Breach: 2023-6-14
ZeroFox Intelligence Flash Report: Clop Ransomware Discloses New Victims Across a Wide Range of Sectors
The Clop ransomware collective has disclosed new victims that were targeted via a MOVEit Transfer zero-day exploit (CVE-2023-34362). The group claims to have exfiltrated data from a wide range of industries in North America and Europe, including prominent companies such as Shell, British Airways, Boots, and even several U.S. federal agencies and major universities. Security experts have stated that although Clop was the first to exploit the vulnerability, other groups may now have access to the code needed to organize attacks.
ZeroFox Intelligence Assesses KillNet’s Claims of Imminent Attack on Western Financial Infrastructure
Pro-Russian hacktivist collective KillNet has claimed to have allied with members of the REvil ransomware operation and Anonymous Sudan to attack and disrupt the “Western financial system.” The purported targets include the SWIFT wire transfer system, European and American banks, and the U.S. Federal Reserve. ZeroFox Intelligence assesses that the attack, if legitimate, is unlikely to result in mass or prolonged outages to Western banking infrastructure.
MOVEit Transfer Customers Warned of Third Flaw as New PoC Information Surfaces
Progress Software has urged MOVEit Transfer customers to restrict HTTP access after discovering a new SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. MOVEit Cloud has suspended HTTPs traffic, and customers are advised to disable HTTP and HTTPs traffic and modify firewall rules to protect their environments. Although these actions make web UI login unavailable, file transfers through SFTP and FTP/s will still work.
VULNERABILITIES
- CVE-2022-47015 - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service.
- CVE-2023-24038 - The HTML-StripScripts module through 1.06 for Perl allows _ hss _ attval _ style _ ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
- CVE-2023-1161 - ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file.
EXPLOITS
- CVE-2015-7857 - Joomla Content History SQL Injection Remote Code Execution
- CVE-2013-0333 - Ruby on Rails JSON Processor YAML Deserialization Code Execution
- CVE-2008-4397 - Computer Associates ARCserve REPORTREMOTEEXECUTECML Buffer Overflow
BREACHES
- BreachForums/XSS: HackGive Data Breach : (36,755 Records) - Email address and password
- Credit Card Data Breach: 2023-6-14 : (892cdd | 3458) - Credit card
Tags: DIB, tlp:green