Weekly Cyber Reports

This Week in Cyber 08th September 2023

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Written on

7th September, 2023


Critical Apache SuperSet Vulnerabilities Open Door to Remote Code Execution

Apache SuperSet, a widely-used data exploration and visualization tool, has uncovered and promptly addressed two severe vulnerabilities, namely CVE-2023-39265 and CVE-2023-37941. These security flaws present a significant risk by allowing malicious actors to execute remote code on vulnerable systems.

CVE-2023-39265 introduces a potential avenue for attackers to bypass URI restrictions. By exploiting this vulnerability, they can execute unauthorized data manipulation commands within the SQLite database employed for the metastore. This opens the door to potentially damaging data manipulation and malicious activities.

Equally concerning is CVE-2023-37941, which revolves around Python's pickle package. This package stores critical configuration data within SuperSet. In a worrisome scenario, an attacker with write access to the metadata database can insert a malicious pickle payload, triggering its deserialization and paving the way for remote code execution. Users of Apache SuperSet are strongly urged to adopt version 2.1.1.


Okta Issues Warning on Social Engineering Attacks Targeting Super Administrator Privileges

Okta, an identity services provider, has raised an alarm regarding a surge in social engineering attacks with the aim of obtaining elevated administrator permissions. The company reported that several Okta customers in the United States have recently fallen victim to a consistent pattern of these social engineering attacks. These attacks specifically targeted IT service desk personnel, attempting to persuade them to reset all multi-factor authentication (MFA) factors for highly privileged users. As a result, threat actors were able to exploit Okta Super Administrator accounts to impersonate users within the compromised organizations.

These threat actors utilized a commercial phishing kit called 0ktapus, offering pre-designed templates to create convincing counterfeit authentication portals. With this toolkit, they were successful in harvesting both credentials and multi-factor authentication (MFA) codes. Additionally, the kit included a built-in command-and-control (C2) channel via Telegram. While the tactics employed suggest a potential link to the Muddled Libra group, Okta refrained from disclosing the identity of the threat actor. To counteract such attacks, Okta advises organizations to enforce phishing-resistant authentication, strengthen their identity verification processes within the help desk, activate notifications for new devices and suspicious activities, and thoroughly evaluate and restrict the usage of Super Administrator roles.


Facebook Malvertising; A Cybersecurity Threat

A returning threat, it originates from deceptive Facebook ads posing as offerings related to Large Language Models (LLMs). These ads ensnare users in a complex web, involving Facebook, Google Sites, and ultimately directing them to a counterfeit project management page hosted on Trello.

Upon reviewing previous instances of similar attacks, a consistent pattern emerges - cybercriminals consistently exploit Trello as a cloak for their malevolent activities. They camouflage their files as innocuous items, such as job-related documents or replicas of popular software. Once activated, their malicious software stealthily harvests sensitive data, including stored passwords from web browsers, and transmits it to concealed servers and a covert Telegram chat.


Navigating Windows Server 2012 End of Support

As the end of support (EOS) for Microsoft Windows Server 2012 and Windows Server 2012 R2 approaches on October 10, 2023, organizations face critical decisions. Beyond this date, these operating systems will not receive essential updates, leaving systems vulnerable and risking non-compliance.

If upgrading Windows Server is not possible then Extended Security Updates (ESUs) could be considered as an alternative. ESUs are free when migrating to Microsoft Azure or available for purchase for on-premises use. While ESUs provide a safety net for legacy systems, these should be considered a last resort. Microsoft recommends upgrading to the latest Windows Server version for advanced security and innovation.

Azure migration is an attractive choice, offering up to three years of free ESUs, secure application transfers, and cost savings through Azure Hybrid Benefit. On-premises options include upgrading to a newer version of Windows Server or purchasing ESUs. Azure Arc simplifies on-premises ESU deployment and extends Azure's security to your infrastructure.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus