Threat Intelligence Bulletin – Exchange Servers Targeted, Panchan Botnet, and Linux Rootkits

DoS vulnerability in envoy proxy allows for attackers to crash the proxy server

• https://www.darkreading.com/cloud/dos-vulnerability-envoy-proxy-crashes

---

Syslogk Linux rootkit using magic packets to trigger dormant backdoors

• https://www.bleepingcomputer.com/news/security/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor/

---

BlackCat affiliated threat actors attacking unpatched vulnerabilities in Microsoft Exchange servers to deploy ransomware

• https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware/

---

Hertzbleed side-channel attack allows attackers to steal cryptographic keys for Intel, AMD CPU’s due to dynamic voltage and frequency scaling (DVFS)

• https://www.bleepingcomputer.com/news/security/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus/

---

Threat actor targeting Telerik UI vulnerabilities to compromise servers, install Cobalt strike, and mine cryptocurrency

• https://www.bleepingcomputer.com/news/security/hackers-exploit-three-year-old-telerik-flaws-to-deploy-cobalt-strike/

---

Bug found in Cisco Email Security Appliance, Cisco Secure Email and Web Manager appliances that can let attackers bypass authentication

• https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/

---

Critical vulnerability in Citrix Application Delivery Management allows for attackers to reset admin passwords

• https://www.bleepingcomputer.com/news/security/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords/

---

Peer-to-peer botnet Panchan targeting Linux servers in the education sector to mine cryptocurrency

• https://www.bleepingcomputer.com/news/security/new-peer-to-peer-botnet-infects-linux-servers-with-cryptominers/
• https://thehackernews.com/2022/06/panchan-new-golang-based-peer-to-peer.html