Vulnerabilities & Threats that Matter 24-30 October 2022

For a detailed threat digest, download the pdf file here

Summary

The last week of October 2022 witnessed the discovery of 375 vulnerabilities out of which eight gained the attention of security researchers worldwide. Among these eight, one vulnerability is awaiting re-analysis on the NVD. Hive Pro Threat Research Team advises organizations to patch this vulnerability as soon as possible.

A critical issue in OpenSSL that could be remotely exploited to compromise server private keys or run code is yet to acquire a security update this week. This week also witnessed the most recent LV ransomware infiltration involved the intrusion of a Jordan- based entity’s corporate environment by exploiting ProxyShell weaknesses to extort data.

Further, we also observed five Threat Actor groups being highly active in the last week. First was the Daixin Team, an unknown threat actor, popular for financial gain. The second was the SideWinder, an Indian threat actor group, popular for Information theft and espionage leveraged campaigns against government and business sectors throughout Asia. The third was the Lazarus Group, a North Korean threat actor popular for a financial crime that exploited known vulnerabilities within Dream Security’s MagicLine4NX. The threat actors Hafnium and OilRig coordinated a massive effort to exploit Fortinet vulnerabilities. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.