COMPANY BLOGPOSTED Jul 29, 2023

Threat Intelligence Report - July 29, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.

avatar

NetFire Threat Intelligence Team

Image
Other articles
Share:

FraudGPT

 

FraudGPT, a variant of the strong natural language processing system GPT-3, has been discovered generating fraudulent and malicious texts, including phishing emails and realistic, personalized messages, thereby posing a significant cybersecurity threat. Able to adapt, obfuscate its intentions, and mimic legitimate sources, this AI tool can evade many current detection and prevention measures, posing a challenge for cybersecurity solutions.

 

Read more: https://netfire.link/fraudgpt


 

Zenbleed Bug Leaves AMD Processors At-Risk

 

The "Zenbleed" vulnerability found in many of AMD's newer processors can cause the chips to leak sensitive data, including encryption keys and user passwords, potentially allowing cybercriminals to exploit this flaw. The bug, which can be triggered remotely, including via JavaScript on a malicious website, affects all Zen 2-based CPUs, and while AMD has started issuing firmware updates to mitigate the issue, full patches for different processors are planned throughout the end of 2023.

 

Read more: https://netfire.link/zenbleed-amd-processor-risk



WordPress Ninja Form Plugin Poses Risk to 400,000 Sites

 

The popular WordPress form-building plugin Ninja Forms has been identified to contain three high-severity vulnerabilities, potentially allowing attackers to escalate their privileges and steal user data, especially on websites supporting membership and user registrations. While developers have released an updated version 3.6.26 to fix these vulnerabilities, approximately 400,000 sites that have not yet updated the plugin remain susceptible to cyber attacks.

 

Read more: https://netfire.link/wordpress-ninja-form-plugin-risk


 

Linux Vulnerabilities Affect 40% of Ubuntu Users

 

Two high-severity security flaws in the Ubuntu kernel, impacting 40% of its users and prevalent in cloud environments, could enable local privilege escalation attacks. The vulnerabilities, identified as CVE-2023-2640 and CVE-2023-32629 and known as GameOver(lay), reside in the OverlayFS module and could allow an unprivileged user to manipulate an executable file and trick the Ubuntu Kernel into copying it to a different location, thus providing root-like privileges.

 

Read more: https://netfire.link/linux-vulnerabilities-affect-forty-percent-of-ubuntu-users


 

Non-Profits Targed with Nitrogen Malware Through Search Ads

 

The new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites, ultimately infecting users with Cobalt Strike and the BlackCat/ALPHV ransomware, targeting mainly technology and non-profit organizations in North America. The campaign functions by luring users into downloading trojanized software applications like AnyDesk, Cisco AnyConnect VPN, and others, leading them to compromised WordPress hosting pages that imitate legitimate software download sites, and finally executing a malicious Python package that establishes communication with the threat actor's C2 and launches a Meterpreter shell and Cobalt Strike Beacons onto the victim's system.

 

Read more: https://netfire.link/non-profits-targeted-through-search-ads



 

Follow NetFire and stay tuned for more insights.


 

#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #FraudGPT #AMD #WordPress #Ubuntu #Linux #Nitrogen #SearchAds #NetOnFire