Get Ahead of
Cyber Threats
Newsletter

Weekly Threat Pulse (2/15)

February 01, 2022

Wondering what this weekly list is all about? 

For starters, it's not marketing fluff.

In fact, it's meant to be an informative snapshot of the value a lot of your colleagues are already getting every day with Fletch.

Picture getting a list like this every day that tells you the threats that are going to be a big deal and if those threats impact you at all (Fletch automatically correlates your data with what's going on in the world so you don't have to spend days doing it). 

You'll finally get ahead of those annoying CFO asks.

Check out the top 5 threats from last week:

1. Apple Says WebKit Zero-Day Hitting iOS, macOS Devices

Criticality: CRITICAL

  • TL;DR: For the second time in as many months, Cupertino released iOS, iPadOS and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposes Apple devices to remote code execution attacks. Last year, Apple’s security response team addressed at least 17 documented in-the-wild zero-day attacks.
  • CVEs: CVE-2022-22620

2. Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution

Criticality: CRITICAL

  • TL;DR: On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin installed.
  • CVEs: CVE-2022-24663, CVE-2022-24664, CVE-2022-24665

3. FritzFrog Botnet Grows 10x, Hits Healthcare, Education, and Government Systems

Criticality: HIGH

  • TL;DR: The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. The new botnet variant also shows indications that its operators are preparing to add capabilities to target WordPress servers.
  • Malware: FritzFrog

4. Kimsuki hackers use commodity RATs with custom Gold Dragon malware

Criticality: HIGH

  • TL;DR: South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. In the latest campaign, spotted by analysts at ASEC (AhnLab), Kimsuky uses xRAT in targeted attacks against South Korean entities.
  • Malware: GoldDragon, Kimsuky (win.kimsuky), xRAT, Quasar

5. Mozilla fixes Firefox bug letting you get Windows admin privileges

Criticality: HIGH

  • TL;DR: Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service. Mozilla fixed the privilege escalation security flaw tracked as CVE-2022-22753 today, with the release of Firefox 97.
  • CVEs: CVE-2022-22753
cybersecurity
cyberthreats
infosec
malware
security
vulnerability management
Back to Top
© 2023 Fletch. All rights reserved.   
Terms
Privacy Policy
Security at Fletch
FOLLOW US