Threat Intelligence Report - July 29, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
FraudGPT, a variant of the strong natural language processing system GPT-3, has been discovered generating fraudulent and malicious texts, including phishing emails and realistic, personalized messages, thereby posing a significant cybersecurity threat. Able to adapt, obfuscate its intentions, and mimic legitimate sources, this AI tool can evade many current detection and prevention measures, posing a challenge for cybersecurity solutions.
Read more: https://netfire.link/fraudgpt
Zenbleed Bug Leaves AMD Processors At-Risk
Read more: https://netfire.link/zenbleed-amd-processor-risk
WordPress Ninja Form Plugin Poses Risk to 400,000 Sites
The popular WordPress form-building plugin Ninja Forms has been identified to contain three high-severity vulnerabilities, potentially allowing attackers to escalate their privileges and steal user data, especially on websites supporting membership and user registrations. While developers have released an updated version 3.6.26 to fix these vulnerabilities, approximately 400,000 sites that have not yet updated the plugin remain susceptible to cyber attacks.
Read more: https://netfire.link/wordpress-ninja-form-plugin-risk
Linux Vulnerabilities Affect 40% of Ubuntu Users
Two high-severity security flaws in the Ubuntu kernel, impacting 40% of its users and prevalent in cloud environments, could enable local privilege escalation attacks. The vulnerabilities, identified as CVE-2023-2640 and CVE-2023-32629 and known as GameOver(lay), reside in the OverlayFS module and could allow an unprivileged user to manipulate an executable file and trick the Ubuntu Kernel into copying it to a different location, thus providing root-like privileges.
Read more: https://netfire.link/linux-vulnerabilities-affect-forty-percent-of-ubuntu-users
Non-Profits Targed with Nitrogen Malware Through Search Ads
The new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites, ultimately infecting users with Cobalt Strike and the BlackCat/ALPHV ransomware, targeting mainly technology and non-profit organizations in North America. The campaign functions by luring users into downloading trojanized software applications like AnyDesk, Cisco AnyConnect VPN, and others, leading them to compromised WordPress hosting pages that imitate legitimate software download sites, and finally executing a malicious Python package that establishes communication with the threat actor's C2 and launches a Meterpreter shell and Cobalt Strike Beacons onto the victim's system.
Read more: https://netfire.link/non-profits-targeted-through-search-ads
Follow NetFire and stay tuned for more insights.
#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #FraudGPT #AMD #WordPress #Ubuntu #Linux #Nitrogen #SearchAds #NetOnFire