Did you know that Fletch sifts through thousands of threat articles each day for you?
Did you also know that it uses natural language processing (NLP) to surface the threats most talked about across the cybersecurity community with the greatest impact every day?
Top 5 trending threats from last week:
- US links MuddyWater hacking group to Iranian intelligence agency
- OceanLotus hackers turn to web archive files to deploy backdoors
- Microsoft: New critical Windows HTTP vulnerability is wormable
- CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
- Cisco Patches Critical Vulnerability in Contact Center Products
Are you a cybersecurity consultant or service provider looking to scale your services or offer new expertise?
Armies-of-one, security teams of dozens, and the most cutting-edge security consultants are using Fletch to help them focus on what matters. Check out our Partner Program.
Here is more information on the top trending cyber threats in the news last week.
US links MuddyWater hacking group to Iranian intelligence agency
"These actors, known as MuddyWater in industry, are part of groups conducting Iranian intelligence activities, and have been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM said today. ... US Cyber Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWater hacking group to Iran's Ministry of Intelligence and Security (MOIS).
Malware: PowGoop, MuddyWater, Mori
OceanLotus hackers turn to web archive files to deploy backdoors
When opening the web archive file with Microsoft Word, the infected document prompts the victim to "Enable Content", which opens the way to executing malicious VBA macro code. ... The OceanLotus group of state-sponsored hackers are now using the web archive file format (.MHT and .MHTML) to deploy backdoors to compromised systems.
Malware: OceanLotus, Amphitryon
Microsoft: New critical Windows HTTP vulnerability is wormable
Successful exploitation requires threat actors to send maliciously crafted packets to targeted Windows servers, which use the vulnerable HTTP Protocol Stack for processing packets. ... Disabling the HTTP Trailer Support feature will protect systems running the two versions, but this mitigation does not apply to other impacted Windows releases.
CVEs: CVE-2022-21907, CVE-2021-31166
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
SentinelLabs has discovered a high severity flaw in the KCodes NetUSB kernel module used by a large number of network device vendors and affecting millions of end user router devices. ... Attackers could remotely exploit this vulnerability to execute code in the kernel.
CVEs: CVE-2021-45608
Cisco Patches Critical Vulnerability in Contact Center Products
Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator. ... The security flaw was addressed with the release of Unified CCMP/ Unified CCDM versions 11.6.1 ES17, 12.0.1 ES5, and 12.5.1 ES5.
CVEs: CVE-2022-20658
