Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 6, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 6, 2023
A series of vulnerabilities impacting a wide range of software and products made the headlines in the last 24 hours. Google topped the list as it released this month’s security updates for 46 vulnerabilities impacting Android. Three of these flaws are likely exploited in the wild. Cisco also reported a high-severity flaw found in its Nexus 9000 series switches, that can enable unauthenticated attackers to intercept and modify traffic. Several versions of the Linux kernel impacted by a flaw, dubbed StackRot, were also upgraded to new versions, thus, preventing privilege escalation attacks.
In other news, over 130,000 vulnerable solar monitoring systems from different vendors were found to be exposed to the public internet, making them potential targets for cyberattacks.
Over 28,000 individuals impacted
In a public announcement, Pepsi Bottling Ventures revealed that the personal, financial, and health information of over 28,000 employees was impacted in a data breach that occurred between December 23, 2022, and January 19, 2023. The incident occurred after attackers gained unauthorized access to certain systems. The compromised data includes names, email addresses, ID numbers, Social Security numbers, medical history details, and health insurance information.
An unprotected database leaks 725.8 GB data
An unprotected database was found exposing around 725.8 GB of data, including over 8 million records of users and employees. The database belonged to India’s largest tech retailer. The records contained personal information such as dates of birth, marital status, family dependencies, tax invoices, and more.
A high-severity flaw in Nexus switches
A high-severity flaw discovered in Cisco’s Nexus 9000 series switches could allow unauthenticated attackers to intercept and modify traffic. Tracked as CVE-2023-20185, the flaw impacts the ACI multi-site CloudSec encryption feature of the switches. Cisco is yet to release a patch for the flaw. Meanwhile, users using vulnerable switches have been advised to disable the ACI multi-site CloudSec encryption feature.
Google fixes 46 flaws
Google fixed 46 vulnerabilities in the Android OS as part of this month’s security updates. Three of these patched flaws are likely actively exploited in the wild and are tracked as CVE-2023-26083, CVE-2023-29256, and CVE-2023-2136. The flaws primarily impact Android versions 11, 12, and 13, but depending on the scope of the vulnerabilities, they may impact older versions that are no longer supported.
Vulnerable PV systems exposed
Cyble’s threat analysts revealed that over 130,000 photovoltaic (PV) monitoring and diagnostic systems are exposed online, making them potential targets for cyberattacks. These products are from various vendors such as Solar-Log, Danfoss, Contec, SMA Solar Technology and Saj Electric. While PoC exploit codes for vulnerabilities impacting several of these solar products are available online, a few of these products are inadequately secured.
StackRot flaw spotted in Linux kernel
A newly identified flaw in the Linux kernel can allow an unauthenticated user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269), the flaw has a CVSS score of 7.8 and impacts versions 6.1 through 6.4. The flaw has been addressed in versions 6.1.37, 6.3.11, and 6.4.1 of Linux kernel.
Flaw in Microsoft Teams
An exploit tool called TeamsPhisher has been published on GitHub, enabling attackers to bypass restrictions and deliver malicious files to Microsoft Teams users. It is a Python-based tool that provides a fully automated attack. The tool first checks a Teams user and verifies that the user can receive external messages.