30.04.2024

Backdoor in XZ 5.6.0 and 5.6.1 Archivers (CVE-2024-3094)
Recently unearthed, a vulnerability lurking within XZ Utils, a compression program tailored for Linux, poses a substantial cybersecurity threat. This vulnerability could allow malevolent actors to infiltrate systems via sshd.

This CVE is found in versions 5.6.0 (released at the end of February 2024) and 5.6.1 (unveiled on March 9, 2024) of the xz library within XZ Utils. With a 10.0 CVSS rating, the vulnerability is a beacon of utmost criticality.

Users are strongly advised to update their XZ Utils to a secure iteration, such as XZ Utils 5.4.6 Stable.

Source: https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor

Android Banking Trojan Vultur Returns with Enhanced Remote Control Capabilities
The Android banking trojan, Vultur, has returned with new features and evasion techniques.
Among the notable additions to Vultur are its ability to remotely interact with infected devices, executing clicks, scrolls, and actions via Android accessibility services, along with capabilities to download, delete, install, and locate files.
The trojan's updates encompass encrypted communication and the ability to disguise its activity as legitimate applications.
Source: https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html

Critical Vulnerability in WordPress LayerSlider Plugin
A critical vulnerability has been discovered in the LayerSlider plugin for WordPress. This vulnerability poses a risk of confidential data theft from databases and has a CVSS v3 score of 9.8, marking it as critical.
We strongly recommend updating the plugin to version 7.10.1 or newer and avoiding plugins from unreliable sources.
Sources:● https://nvd.nist.gov/vuln/detail/CVE-2024-2879● https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
For more information on WordPress vulnerabilities:● https://jetpack.com/blog/wordpress-security-issues-and-vulnerabilities/

NoaBot: Mirai-Based Botnet Targeting SSH Servers for Cryptomining
In January 2024, cybersecurity experts at Akamai uncovered a new botnet, NoaBot, derived from the notorious Mirai. It infiltrates servers via SSH and deploys a modified miner.
NoaBot is compiled using uClibc, complicating detection by antivirus programs. Additionally, it employs code obfuscation and self-propagation components to conceal its activities.
Source: https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining

FortiGate Labs Unveils Sophisticated Phishing Campaign
Researchers at Fortinet have uncovered a complex, multi-layered cyberattack leveraging phishing emails. Disguised as invoices, these emails delivered a variety of malicious payloads: Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and various crypto-grabbing Trojans.
Experts identified that an SVG file downloads a ZIP archive onto the device, containing a batch script crafted using BatCloak. This script unpacks the ScrubCrypt file, which then installs Venom RAT. This malicious software enables criminals to seize control of compromised systems and execute commands from a C2 server.
Additionally, a grabber is delivered through a plugin system, collecting system information and extracting data from folders associated with wallets and applications such as Atomic Wallet, Electrum, Ethereum, Exodus, Jaxx Liberty, Zcash, Foxmail, and Telegram.
Source: https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins

Critical Vulnerability in Forminator Jeopardizes 300,000 WordPress Sites
Critical vulnerabilities have been discovered in the Forminator plugin for WordPress, posing risks of malware injection, SQL injections, and XSS attacks.
Particularly alarming is vulnerability CVE-2024-28890, boasting a base score of 9.8 in CVSS v3. This flaw grants cybercriminals access to server files, potentially leading to severe repercussions for site security and user confidentiality.
Currently, there are no reports of active exploitation of CVE-2024-28890. However, given the significant number of plugin downloads, there remains a risk that this vulnerability could be exploited later.
It is strongly advised that you update the plugin to version 1.29.3 and take additional security measures to safeguard your websites.
Source: https://jvn.jp/en/jp/JVN50132400/