Weekly Cyber Reports

This Week in Cyber 24th February 2023

Latest news & views from our Cyber Analysts

Written by

Team Nucleus

Written on

24th February, 2023


GoDaddy Breached

Web hosting provider & domain registrar GoDaddy has announced that it has experienced a multi-year security breach that enabled a sophisticated and organized group to install malware and extract source code related to some of its services. The campaign was discovered in December 2022 when customers complained of sporadic redirection to malicious sites, which was traced to unauthorized third-party access to servers in the GoDaddy environment. The purpose of the intrusion was to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities. The 2022 incident was linked to two other security events, in March 2020 and November 2021. The 2020 breach compromised hosting login credentials of about 28,000 customers, while in 2021, a rogue actor used a compromised password to access a provisioning system for Managed WordPress, affecting close to 1.2 million active and inactive MWP customers.

Fortinet Issues Patches To Address 40 Vulnerabilities

Fortinet has released security updates to address 40 vulnerabilities across its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy. Two of the vulnerabilities are rated as critical, 15 are rated as high, 22 are rated as medium, and one is rated as low severity. The most severe vulnerability is in FortiNAC (CVE-2022-39952) which could allow arbitrary code execution due to an external control of file name or path vulnerability. Patches have been released in FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. The second flaw of note is a set of stack-based buffer overflow in FortiWeb's proxy daemon (CVE-2021-42756) that could enable arbitrary code execution via specifically crafted HTTP requests. Users are advised to apply the updates quickly to mitigate the risk.

3 New Vulnerabilities Found In Apple Devices

Apple has updated its security advisories to address three new vulnerabilities that impact iOS, iPadOS, and macOS. The first flaw (CVE-2023-23520) in the Crash Reporter component could allow a malicious actor to read arbitrary files as root, but Apple has addressed the issue with additional validation. The other two vulnerabilities (CVE-2023-23530 and CVE-2023-23531) reside in the Foundation framework and could allow an app to execute arbitrary code out of its sandbox or with certain elevated privileges. Apple has patched the vulnerabilities with improved memory handling in the latest versions of its operating systems, which were shipped on January 23, 2023. These vulnerabilities are medium to high-severity issues.

Samsung Introduces MessageGuard To Help Prevent against Zero-Click Attacks

Samsung has introduced a new security feature called Message Guard that helps protect users against malware and spyware through zero-click attacks. This preemptive security feature is available on Samsung Messages and Google Messages and is currently available only on the Samsung Galaxy S23 series, with plans to expand it to other Galaxy smartphones and tablets later in the year. Zero-click attacks are highly targeted and sophisticated attacks that exploit previously unknown flaws in software to execute malicious code without requiring any user interaction. Samsung's Message Guard works as a sandbox to quarantine images received via the app from the rest of the operating system and is designed to work against a range of image formats.

Cisco ClamAV Anti-Malware Scanner Vulnerable

A security flaw has been identified in Cisco's ClamAV scanning library, which is a commonly used anti-malware scanner. This poses a serious security risk for certain Cisco products including Cisco Secure Web Appliance and various versions of Cisco Secure Endpoint. The vulnerability, tracked as CVE-2023-20032, creates a critical risk as it could allow an attacker to execute arbitrary code or cause a denial-of-service condition. Cisco has released patches for affected products and recommends patching to prevent potential attacks. Although the vulnerability is not currently under active attack, it still poses a significant threat.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus