Please see Security Advisories for the week ending October 30, 2020
- Oracle WebLogic Server Under Active Exploitation
- New Malware, ZEBROCY Backdoor, spotted in the wild
- Microsoft Releases Security Update for Edge Browser
- New Kimsuky KGH Spyware Suite Discovered
________________________________
Oracle WebLogic Server Under Active Exploitation
Situation
A vulnerability (CVE-2020-14882, CVE-2020-14750) has been found in Oracle WebLogic Server.
Affected versions:
- 14.1.1.0.0
- 12.2.1.4.0
- 12.2.1.3.0
- 12.1.3.0.0
- 10.3.6.0.0
Problem
This vulnerability allows unauthenticated, remote attackers to execute commands on servers. Attackers can exploit by crafting a malicious HTTP request that can lead to complete control over the host.
Implication
This exploit can be done remotely and requires no user interaction and privileges. In addition, there are examples and POCs available online, which make this attack even easier for others to replicate.
Need
Oracle has released a patch in their October Security Patch. Please patch as soon as possible.
For a more detailed overview:
https://www.oracle.com/security-alerts/cpuoct2020.html
________________________________
New Malware, ZEBROCY Backdoor, spotted in the wild
Situation
A new form of malware has been spotted on the internet offering new threats to Windows environments.
Problem
This new malware, a variant of the ZEBROCY backdoor, which operates like a remote access trojan will allow a degree of remote control of the system infected.
Implication
The impact can vary based on detection isolation and protection, however if a workstation becomes infected it could allow remote attackers to launch malicious code remotely and further infect your environment.
Need
It is recommended to update anti-virus, anti-spam, and phishing as well as DNS filtering and system monitoring to best protect yourself from malicious actors and files.
For a more detailed overview:
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b
________________________________
Microsoft Releases Security Update for Edge Browser
Situation
Microsoft has released a security update to address some vulnerabilities found in the Microsoft Edge (Chromium-based) web browser.
Problem
The most severe of these vulnerabilities is CVE-2020-15999 a heap buffer overflow bug that resides in the FreeType font rendering library. The vulnerability CVE-2020-15999 has been seen being exploited in the wild. Two use after free vulnerabilities were also found CVE-2020-16001found in media and CVE-2020-16002 found in PDFium.
Implication
If an attacker is able to successfully exploit some of these vulnerabilities it could allow them to take control of an affected system.
Need
Microsoft strongly recommends updating Microsoft Edge to version 86.0.622.51 or higher to protect against this vulnerability. For additional information please check out the link below.
For a more detailed overview:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
________________________________
New Kimsuky KGH Spyware Suite Discovered
Situation
Cybereason Nocturnus Team has discovered a previously undocumented modular spyware suite dubbed KGH_SPY used by the North Korean APT group Kimsuky. In addition, Cybereason Nocturnus uncovered another new malware strain dubbed CSPY Downloader.
Problem
The new spyware KGH_SPY is a modular suite of tools that provides the threat actors with reconnaissance, keylogging, information stealing and backdoor capabilities. And the new stealthy malware CSPY Downloader is a tool designed to evade analysis and download additional payloads. These malware are generally transmitted by phishing emails containing malicious documents attachments.
Implication
If the Kimsuky group is able to successfully instill these malware it could allow them to steal sensitive information as well as instill additional malware.
Need
It recommend to make sure that all software on a system is update, and has some form of anti-malware software on it. It is also important not open any email attachment that come from sender one dose not recognize. For additional information please visit the link below.
Cybereason Nocturnus writeup:
