Threat Intelligence Bulletin – Linux Kernel Vulnerabilities, Bypassing MFA, and Obscuring Credential Stuffing
DirtyCred (CVE-2022-2588) Linux kernel vulnerability abuses heap memory to swap unprivileged kernel credentials with privileged ones
Attackers utilizing PaloAlto PAN-OS URL filtering policy to carry out reflected and amplified DoS attacks
- https://www.bleepingcomputer.com/news/security/cisa-is-warning-of-high-severity-pan-os-ddos-flaw-used-in-attacks/
- https://cyware.com/news/palo-alto-firewalls-abused-for-amplified-ddos-attacks-c9aa953a
Threat actor expands to target Google Workspace users using AiTM attacks leveraging compromised accounts and password reset prompt emails
New tactics by threat actors to bypass MFA include abusing self-enrollment process in Azure AD and setting up second authenticator app for compromised accounts
Compromised WordPress sites used to display fake Cloudflare DDoS protection pages to deliver malware
Vulnerability in GitLab may allow for authenticated users to achieve RCE via GitHub API endpoint
BianLian ransomware variant being used to target education sector among others, accounting for 12.5% of victims in the wild
FBI warns threat actors are using residential proxies to hide their credential stuffing activities
Iranian Charming Kitten APT using new data-scraping tool to download, delete emails from compromised accounts
Phishing campaign using compromised Dynamics 365 Customer Voice account to spoof eFax notifications and steal MS 365 credentials
Persistent executable payload “Adsearch” installed via ISO files top July threat according to Red Canary, page includes other top threats as well