This week’s host Kacey is joined by Charles and Alec to bring you the latest in threat intelligence. In this episode they cover: 

  • Visa issues a warning about new credit card skimmer “Baka”
  • Epic Manchego – Atypical malicious document delivery
  • What is Smaug and how does it operate?
  • Emotet – are there new developments and why did France send an advisory?

Listen below 👇👇

89 vulnerabilities found in content management systems

Users of popular content management systems (CMS) have become susceptible to several cyber threats, following the discovery of 89 vulnerabilities in several popular platforms, including WordPress, Doomla, Drupal, and OpenCard. The discovery followed research into the rising number of web defacements observed between July 2019 and May 2020. Arbitrary file upload vulnerabilities were the most common issue, and may permit attackers to upload shell scripts onto web servers, facilitate remote code execution, and deface websites. The number of potential victims exposed to the 89 vulnerabilities is likely to be high. CMS platforms are typically used for web content management and support a diverse variety of industries and purposes.

NetWalker ransomware disrupts Pakistani electricity provider

K-Electric, known as Pakistan’s largest private utility company, was affected in a “NetWalker” ransomware attack that resulted in disruption to online and billing services. The attack did not have any impact on K-Electric’s ability to provide power, but could have had serious implications, given that K-Electric is the sole provider of electricity in Karachi. The incident highlights the growing trend of ransomware actors targeting sectors involved in critical national infrastructure, which could have dangerous consequences.

Chinese threat actors targeting US entities through Exchange, Citrix, F5 flaws

Chinese state-associated threat actors have been observed exploiting multiple vulnerabilities to target government entities and the private sector within the US. The flaws affect Citrix, Microsoft Exchange, Pulse VPN, and F5 networks. After gaining initial access, the threat actors use a series of tools to enable persistence and move laterally. Many of the vulnerabilities were exploited earlier this year by Iranian threat actors, in a campaign now being tracked as Fox Kitten.

For more details, read the full Weekly Intelligence Summary here:

Weekly Intelligence Summary 18 September 2020