Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 4, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 4, 2022
Django is among the top Python web frameworks today and is used by some top brands in the U.S. The team behind it has recently addressed a high-severity flaw that could allow an unauthorized third party to attack Django web apps. Making the headlines is a fresh alert by the CISA to patch a Windows Local Security Authority (LSA) spoofing vulnerability, which it had to removed from its exploited vulnerabilities list in May.
Besides, insider risk is an ongoing challenge that cannot be overlooked. HackerOne was intimated of a situation by an unnamed customer about suspicious vulnerability disclosure. During the investigation, an employee was found guilty of an attempt to receive monetary payouts by stealing vulnerability reports.
Insider threat compromises vulnerability reports
At HackerOne, an employee was found leaking vulnerability disclosure reports, submitted to the platform by its partners. The leak was intended to claim the bug bounty rewards from the partners for personal gains. Taking cognizance of the situation, HackerOne has fired the employee and ensured to try to minimize the probability of such instances.
Worm burrows Windows networks
Microsoft has unveiled the Raspberry Robin worm that is being spread via infected USB devices and requires users to click on a malicious .LNK file. The worm utilizes a Windows command prompt to launch a msiexec process and run its malicious file embedded within the device. Additionally, it brings the ability to bypass Windows User Account Control (UAC) while using the utilities available on the OS.
Windows LSA bug patch notice
The CISA has added back a Windows LSA Spoofing vulnerability, tracked as CVE-2022-26925, to its Known Exploited Vulnerabilities Catalog and urged federal agencies to patch their devices by July 22. It was put on hold in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May update.
Critical bug fixed in Django
Django has addressed a potential SQL Injection flaw, tracked as CVE-2022-34265, affecting Django's main branch and versions 4.1 (currently in beta), 4.0, and 3.2. The open-source Python-based web framework is at the core of tens of thousands of websites. Users need to update their Django versions to 4.0.6 and 3.2.14.
Social media accounts hijacked
Scammers took over the Twitter and YouTube accounts of The British Army to promote NFT and cryptocurrency scams. The YouTube account’s name was changed and they also posted YouTube videos with a photo of Elon Musk. The British Army's Twitter account was also altered to promote NFTs. The group behind the scam is yet to be determined.