Here are the top 5 trending cyber threats in the news last week:
- FIN7 Tools Resurface in the Field – Splinter or Copycat?
- Massive Zero Day Hole Found in Palo Alto Security Appliances
- CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
- Citrix Patches Critical Vulnerability in ADC, Gateway
- Void Balaur and the Rise of the Cybermercenary Industry
Fact: 17 days ago Fletch also surfaced the Microsoft vulnerability that has now impacted millions. Were you impacted?
> > > All Windows versions impacted by new LPE zero-day vulnerability
This is why we built the Fletch Trending Threats app... to surface threats before they become a major issue for you.
Watch Conor Sherman, VP of Security and Technology at ezCater, the largest national marketplace for business catering, on how using the Fletch Trending Threats app has increased confidence in their organization’s security posture.
Join the dozens of other organizations using Fletch’s Trending Threats app today. Here is a link to skip our waitlist.
PRODUCT ANNOUNCEMENT:
The Fletch Insider Risk app is now live.
We’ve built this app to simply answer the question:
Is anyone’s behavior at my company a security risk?
In minutes, connect your Google Workspace or MS 365, enhance it with Okta if you have it, and Fletch’s natural language engine will go to work for you.
Watch this video to learn more.
This app starts at zero cost. Being a newsletter subscriber you can skip the waitlist and get started with the new Fletch Insider app using this link.
In the meantime, if you have any questions, simply email us at info@fletch.ai.
Below learn more about the top trending cyber threats in the news last week.
FIN7 Tools Resurface in the Field – Splinter or Copycat?
This JS is capable of gathering information to the compromised host by executing several WMI query commands. ... In both JSSloader samples, we've seen that it is capable of communicating to its C2 server to request for commands and exfiltrate collected data from the compromised machine.
Malware: JSSloader
Massive Zero Day Hole Found in Palo Alto Security Appliances
Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet. ... Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
CVEs: CVE-2021-3064
CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines
On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys. ... GoCD customers should update to version 21.3.0 on an emergency basis, given the potential for exploitation to undermine the integrity of their software development pipelines.
CVEs: CVE-2021-43287
Citrix Patches Critical Vulnerability in ADC, Gateway
Considered low severity, the bug affects ADC and Gateway, as well as SD-WAN WANOP edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO, Citrix explains in an advisory . ... Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS).
CVEs: CVE-2021-22955, CVE-2021-22956
Void Balaur and the Rise of the Cybermercenary Industry
It’s easy to see why the services of a cybermercenary like Void Balaur is in demand — these types of information can be very useful for a group or an individual who wants to launch an attack on specific targets. ... While the threat actor has been known to offer its services to a more general audience — as seen in its online advertisements in the underground — research from groups such as eQualit.ie and Amnesty International show that Void Balaur is likely also involved in attacks against higher profile victims, ranging from human rights activists and journalists to politicians and even presidential candidates.
Malware: Z.Stealer, DroidWatcher