Innovation knows no boundaries. In a clever move, cybercriminals distributed fake Proof of Concept (PoC) exploits via GitHub to target ?cybersecurity researchers. The PoC, which impersonates a legitimate exploit for another Linux kernel vulnerability, actually deploys a Linux password-stealing malware. In other news, security researchers have uncovered a multi-year campaign compromising routers worldwide using a Linux-based RAT known as AVrecon. This sophisticated operation targets small-office/home-office (SOHO) routers.

Now, this is an actual bug for Zimbra suite users. The company has warned about a critical zero-day vulnerability in its email software that adversaries are currently exploiting in real-world attacks.

Top Breaches Reported in the Last 24 Hours

North Carolina town halts

Following a ransomware attack, residents residing in the town of Cornelius, North Carolina, experienced disruptions or unavailability of services. Authorities did not disclose details about the ransomware group responsible for the attack, Neither, did they reveal anything about the payment of a ransom. The town is home to approximately 32,000 residents.

Refugee database attacked

The Norwegian Refugee Council (NRC) fell victim to a cyberattack that compromised its online database storing the personal information of project participants. The database was quickly cut off from internet access. The organization refrained from providing specific information regarding the attack method or the identity of the threat actor involved.

Shared data with Meta

Tax preparation firms H&R Block, TaxAct, and TaxSlayer have been accused of sharing “extraordinarily sensitive” information of tens of millions of taxpayers to the Facebook parent company Meta. Through this, financial information about taxpayers’ sources of income, tax deduction amounts, and tax exemption data was made accessible to Meta. The firms exposed the data for about two years.

Top Malware Reported in the Last 24 Hours

Fake PoC drops stealer malware

A fake Proof of Concept (PoC), alleged to be an exploit targeting a high-severity use-after-free vulnerability in the Linux kernel, has been found infecting the security research community with data-stealing malware. The PoC, which claims to be an exploit for CVE-2023-35829, is in fact a copy of an old, legitimate Linux kernel vulnerability exploit earmarked CVE-2022-34918.

Linux malware targeting SOHO routers

A stealthy Linux malware, dubbed AVrecon, was found targeting more than 70,000 Linux-based SOHO routers at least since May 2021. It reportedly hijacked these devices to form a botnet that could steal bandwidth and provide a hidden residential proxy service. A total of 15 second-stage control servers were discovered by security researchers. It has marked its presence in more than 20 countries.

Top Vulnerabilities Reported in the Last 24 Hours

Manual fixing for Zimbra flaw

A security vulnerability has been discovered in Zimbra Collaboration Suite version 8.8.15, which can potentially compromise the confidentiality and integrity of customer data. The patch is, however, expected to be delivered to users in the July patch release.

Until then, Zimbra is urging customers to apply a manual fix, such as taking a backup, editing a particular file, and others.

Cisco patches critical bug

Cisco has issued patches to address a high-severity vulnerability in its SD-WAN vManage software. The flaw, tracked as CVE-2023-20214, could allow an unauthorized remote attacker to obtain read and write permissions to the configuration of an affected instance. Experts could not find any incident where the flaw was abused.

WordPress plugin flaw exposed passwords

Developers addressed a security bug in the WordPress plugin All-In-One Security that enables website admins to view passwords stored in a database in plaintext format. The plugin is installed on more than 1 million websites. At least three weeks ago, the password logging bug was brought to light by a WordPress forum user.