{"id":48,"date":"2022-06-15T21:17:37","date_gmt":"2022-06-15T21:17:37","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=48"},"modified":"2023-01-27T19:58:30","modified_gmt":"2023-01-27T19:58:30","slug":"security-bulletin-06-15-22","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=48","title":{"rendered":"Threat Intelligence Bulletin &#8211; Exchange Servers Targeted, Panchan Botnet, and Linux Rootkits"},"content":{"rendered":"\n<p>DoS vulnerability in envoy proxy allows for attackers to crash the proxy server<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/cloud\/dos-vulnerability-envoy-proxy-crashes\">https:\/\/www.darkreading.com\/cloud\/dos-vulnerability-envoy-proxy-crashes<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Syslogk Linux rootkit using magic packets to trigger dormant backdoors<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>BlackCat affiliated threat actors attacking unpatched vulnerabilities in Microsoft Exchange servers to deploy ransomware<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Hertzbleed side-channel attack allows attackers to steal cryptographic keys for Intel, AMD CPU\u2019s due to dynamic voltage and frequency scaling (DVFS)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-hertzbleed-side-channel-attack-affects-intel-amd-cpus\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Threat actor targeting Telerik UI vulnerabilities to compromise servers, install Cobalt strike, and mine cryptocurrency<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-three-year-old-telerik-flaws-to-deploy-cobalt-strike\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-exploit-three-year-old-telerik-flaws-to-deploy-cobalt-strike\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Bug found in Cisco Email Security Appliance, Cisco Secure Email and Web Manager appliances that can let attackers bypass authentication<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-secure-email-bug-can-let-attackers-bypass-authentication\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-secure-email-bug-can-let-attackers-bypass-authentication\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Critical vulnerability in Citrix Application Delivery Management allows for attackers to reset admin passwords<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Peer-to-peer botnet Panchan targeting Linux servers in the education sector to mine cryptocurrency<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-peer-to-peer-botnet-infects-linux-servers-with-cryptominers\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-peer-to-peer-botnet-infects-linux-servers-with-cryptominers\/<\/a><\/li><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/panchan-new-golang-based-peer-to-peer.html\">https:\/\/thehackernews.com\/2022\/06\/panchan-new-golang-based-peer-to-peer.html<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>DoS vulnerability in envoy proxy allows for attackers to crash the proxy server https:\/\/www.darkreading.com\/cloud\/dos-vulnerability-envoy-proxy-crashes Syslogk Linux rootkit using magic packets to trigger dormant backdoors https:\/\/www.bleepingcomputer.com\/news\/security\/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor\/ BlackCat affiliated threat actors attacking unpatched vulnerabilities in Microsoft Exchange servers to deploy ransomware https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware\/ Hertzbleed side-channel attack allows attackers to steal cryptographic keys for Intel, AMD CPU\u2019s due to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48"}],"version-history":[{"count":4,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":114,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions\/114"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}