Security Vulnerabilities Newsletter: Top News Rundown (Weeks 18/22-2023)

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

“Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process (apached) to evade detection.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html?&web_view=true

Mirai Variant Targets Multiple IoT Devices

“On April 10, Unit 42 researchers observed a Mirai variant called IZ1H9, which used several vulnerabilities to spread itself. The threat actors use the following vulnerabilities to target exposed servers and networking devices running Linux:

• CVE-2023-27076: Tenda G103 command injection vulnerability
• CVE-2023-26801: LB-Link command injection vulnerability
• CVE-2023-26802: DCN DCBI-Netlog-LAB remote code execution vulnerability
• Zyxel remote code execution vulnerability“

More information about the incident:
https://unit42.paloaltonetworks.com/mirai-variant-iz1h9/?web_view=true

Ransomware threats are growing, and targeting Microsoft devices more and more

“New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, the alert says, but out of all the different hardware and software, Microsoft’s products are being targeted the most. In general, attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware, the researchers claim. For 59 vulnerabilities there is a complete MITRE ATT&CK kill chain, which includes two brand-new flaws. Eighteen flaws aren’t being flagged by antivirus programs, it was said in the report.”

More information about the incident:
https://sg.news.yahoo.com/ransomware-threats-growing-targeting-microsoft-134808582.html?&web_view=true&guccounter=1&guce_referrer=aHR0cHM6Ly9jeXdhcmUuY29tLw&guce_referrer_sig=AQAAAFg3oqEcEdQeAZBEKOKucTxapwmz62xVkCD_ZF1o24ScdKdWVw8sLIykyievtpqPTHWonHws7_yk6TULvNdtAkoBuZoqCcOYl60s5MRtNIEha1RDuf9j5KyFJXRDi0yIHG9LECvmHy662Gic2uEzWCA-Tu7b9mU-8BrP_psEPr32

Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

“Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition.” The affected product lines: 250 Series Smart Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, Business 250 Series Smart Switches, Business 350 Series Managed Switches, Small Business 200 Series Smart Switches, Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches.

Binaré’s platform will check your IoT device, e.g. switch, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html?&web_view=true

Serious Unpatched Vulnerability Uncovered in Popular Belkin Demo Smart Plugs

“The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and gained firmware access.”

Binaré’s platform will check your IoT device, e.g. smart plug, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html?&web_view=true

China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

“The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://thehackernews.com/2023/05/chinas-mustang-panda-hackers-exploit-tp.html?&web_view=true

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

“Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week.”

Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html?&web_view=true

Researchers Observe a Spike in Attacks Against TBK DVR Camera Devices

“An unpatched five-year-old authentication bypass flaw discovered in TBK DVR video recording devices is being exploited in the wild to steal sensitive footage from corporate networks. Fortinet’s FortiGard Labs is observing an uptick in hacking attempts against these devices as threat actors leverage a publicly available PoC exploit to target vulnerable servers.”

Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!

More information about the incident:
https://cyware.com/news/researchers-observe-a-spike-in-attacks-against-tbk-dvr-camera-devices-2530267c

Free icons courtesy of flaticon.com by authors: Freepik, Pixel perfect, Flat icons, Good Ware, Smashicons, LAFS, phatplus.