This week Forta has released an emergency patch against an exploited 0day vulnerability in the Goanywhere MFT secure file transfer tool. The vulnerability is actively being exploited in the wild and therefore, all users should update to the new version to limit the risk of malicious activities. The 0day allows threat actors to gain remote access through code execution for the accounts whose administrative consoles are exposed online. This was a great risk for those running an admin portal exposed online and therefore should update to 7.1.2 as quickly as possible.
There has been a shift from Windows to Linux target ransomware lately. This shift can come with some flaws. Since their Linux malware is still in its early stages it’s been recognized as having missing proper obfuscation and evasiveness mechanisms among others. Cl0p ransomware gang have a flaw in their encryption scheme allowed victims to be able to recover their files for free for months. The weak encryption scheme includes Cl0p using a hardcoded RC4 “master key” to generate the encrypting keys but they use the same key to encrypt and store it locally on the file. The key is also not validated thus the keys can be freely retrieved and the encryption reversed. The way the Linux ransomware is suggested that it will not be as a widespread threat as the previous version and that is until the flaws are fixed.
Cisco released a patch for the high severity vulnerability in the Cisco10x application hosting environment which was vulnerable to command injection attacks. The vulnerability was created because of the incomplete sanitization of parameters passed during the activation process. The main issue with this type of vulnerability is that it is a low complexity attack which means more threat actors of lower skills level can use the vulnerability. The condition to exploit this vulnerability is that threat actors need to have authenticated administrative access to the vulnerable systems. Gaining access to admin privilege is not always difficult if the default login have not been changed, or by the usual methodology including social engineering attack, phishing or brute force/dictionary attack. It is important to install the new patch to limit the risk of being exploited on your infrastructure.
