Threat Intelligence Report - July 29, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.


NetFire Threat Intelligence Team

Other articles



FraudGPT, a variant of the strong natural language processing system GPT-3, has been discovered generating fraudulent and malicious texts, including phishing emails and realistic, personalized messages, thereby posing a significant cybersecurity threat. Able to adapt, obfuscate its intentions, and mimic legitimate sources, this AI tool can evade many current detection and prevention measures, posing a challenge for cybersecurity solutions.


Read more:


Zenbleed Bug Leaves AMD Processors At-Risk


The "Zenbleed" vulnerability found in many of AMD's newer processors can cause the chips to leak sensitive data, including encryption keys and user passwords, potentially allowing cybercriminals to exploit this flaw. The bug, which can be triggered remotely, including via JavaScript on a malicious website, affects all Zen 2-based CPUs, and while AMD has started issuing firmware updates to mitigate the issue, full patches for different processors are planned throughout the end of 2023.


Read more:

WordPress Ninja Form Plugin Poses Risk to 400,000 Sites


The popular WordPress form-building plugin Ninja Forms has been identified to contain three high-severity vulnerabilities, potentially allowing attackers to escalate their privileges and steal user data, especially on websites supporting membership and user registrations. While developers have released an updated version 3.6.26 to fix these vulnerabilities, approximately 400,000 sites that have not yet updated the plugin remain susceptible to cyber attacks.


Read more:


Linux Vulnerabilities Affect 40% of Ubuntu Users


Two high-severity security flaws in the Ubuntu kernel, impacting 40% of its users and prevalent in cloud environments, could enable local privilege escalation attacks. The vulnerabilities, identified as CVE-2023-2640 and CVE-2023-32629 and known as GameOver(lay), reside in the OverlayFS module and could allow an unprivileged user to manipulate an executable file and trick the Ubuntu Kernel into copying it to a different location, thus providing root-like privileges.


Read more:


Non-Profits Targed with Nitrogen Malware Through Search Ads


The new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites, ultimately infecting users with Cobalt Strike and the BlackCat/ALPHV ransomware, targeting mainly technology and non-profit organizations in North America. The campaign functions by luring users into downloading trojanized software applications like AnyDesk, Cisco AnyConnect VPN, and others, leading them to compromised WordPress hosting pages that imitate legitimate software download sites, and finally executing a malicious Python package that establishes communication with the threat actor's C2 and launches a Meterpreter shell and Cobalt Strike Beacons onto the victim's system.


Read more:


Follow NetFire and stay tuned for more insights.


#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #FraudGPT #AMD #WordPress #Ubuntu #Linux #Nitrogen #SearchAds #NetOnFire