HK Cyber Alerts - DIGITPOL

HKCERT News

Fake WinRAR PoC Exploit Conceals VenomRAT Malware September 20, 2023
A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.
Claimants in Celsius crypto bankruptcy targeted in phishing attack September 19, 2023
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
Trend Micro fixes endpoint protection zero-day used in attacks September 19, 2023
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data September 19, 2023
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data.
Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all September 18, 2023
Unauthenticated and remote code execution possible without dropping a file on disk About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck...
Microsoft Azure Data Leak Exposes Dangers of File-Sharing Links September 18, 2023
Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations.
APT36 state hackers infect Android devices using YouTube app clones September 18, 2023
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' […]
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams September 17, 2023
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX.
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers September 17, 2023
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.
BlackCat ransomware hits Azure Storage with Sphynx encryptor September 17, 2023
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.

HKCERT

GitLab Security Restriction Bypass Vulnerability September 20, 2023
A vulnerability was identified in GitLab. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Impact Security Restriction Bypass System / Technologies affected GitLab Community Edition (CE) versions starting from 16.3 and prior to 16.3.4 GitLab Enterprise Edition (EE) versions starting from 13.12 and prior to 16.2.7 Solutions […]
Microsoft Edge Multiple Vulnerabilities September 18, 2023
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system. Note: For CVE-2023-4863, ... Impact Denial of Service Elevation of Privilege Remote Code Execution Security Restriction Bypass System / […]
SUSE Linux Kernel Multiple Vulnerabilities September 15, 2023
Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, security restriction bypass, denial of service condition, sensitive information disclosure, remote code execution and elevation of privilege on the targeted system. [Updated... Impact Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Security […]
Cisco Products Multiple Vulnerabilities September 15, 2023
Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and data manipulation on the targeted system. Impact Denial of Service Remote Code Execution Security Restriction Bypass Data Manipulation System / Technologies affected 8000 Series Routers ASR […]
Mozilla Products Remote Code Execution Vulnerability September 13, 2023
A vulnerability was identified in Mozilla Products, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. It is aware that... Impact Remote Code Execution System / Technologies affected Versions prior to: Firefox 117.0.1 […]
Microsoft Monthly Security Update (September 2023) September 13, 2023
Microsoft has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Browser Low Risk Windows High Risk Elevation of Privilege Denial of Service Information Disclosure Remote Code Execution Security Restriction Bypass CVE... Impact Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Spoofing Security Restriction Bypass […]
ChromeOS Multiple Vulnerabilities September 13, 2023
Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system. Impact Remote Code Execution Denial of Service Information Disclosure System / Technologies affected Version prior to 108.0.5359.242 (Platform version: 15183.105.0) Solutions Before installation […]
Adobe Monthly Security Update (September 2023) September 13, 2023
Adobe has released monthly security update for their products: Vulnerable Product Risk Level Impacts Notes Details (including CVE) Adobe Connect Medium Risk Cross-site Scripting Remote Code Execution APSB23-33 Adobe Acrobat and Reader Extremely... Impact Remote Code Execution Cross-Site Scripting System / Technologies affected Adobe Connect 12.3  and earlier versions Acrobat DC 23.003.20284 and […]
Google Chrome Remote Code Execution Vulnerability September 12, 2023
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system. Note: For CVE-2023-4863, ... Impact Denial of Service Elevation of Privilege Remote Code Execution Security Restriction Bypass System / […]
Notepad++ Multiple Vulnerabilities September 11, 2023
Multiple vulnerabilities were identified in Notepad++. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system. Impact Information Disclosure Remote Code Execution System / Technologies affected Notepad++ version prior to 8.5.7 Solutions Before installation of the software, please visit the vendor web-site […]

