Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More
Blogs

This Week in Cybersecurity: July 31st-August 4th

As we wrap up the end of the week, let’s dive in and see what new ground breaking stories made headlines. Censys’ weekly blog serves as your helpful guide to the top stories in cybersecurity – the following are five articles that were in the press this week.

1. New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods – July 31st

The new malware P2PInfect peer-to-peer (P2) has a high level vulnerability, CVE-2022-0543. The flaw was rated a score of 10 and tries to activate the malware on compromised hosts of cryptocurrency. After implementing, the malware upgraded the firewall features. The threat actor behind this is still unknown; however, the use of this technique allows easier access to other platforms. The easy communication method connects servers closer to one another.  

(Source: TheHackerNews

 

2. Abyss Locker Ransomware Looks to Drown VMware’s ESXi Servers – July 31st

Abyss is a double extortion ransomware group found in March that is targeting industrial control systems on the VMware ESXI software. As of today, the group has successfully pulled 14 attacks on various organizations. The Linux ELF encryptor variant has just appeared in the ESXi machine. Ransomware groups such as Akira, Cl0p, HelloKitty, and others have now focused on locking Linux ESXi machines.

(Source: DarkReading

 

3. CISA Issues New Warning on Actively Exploited Ivanti MobileIron Bugs – August 1 

The Advanced persistent threat (APT) group has been targeting MobileIron since April. The US Cybersecurity and Infrastructure Security Agency (CISA) reported the two vulnerabilities in Invanti’s Endpoint Manager Mobile (EPMM). CVE-2023-35078 is a zero-day vulnerability that’s considered a high-level attack due to the number of people it can affect. The flaw enables users to create admin accounts which leads attackers to sensitive information. As of today, over 2,300 MobileIron devices are exposed. All users are suggested to download the platform’s latest version. 

(Source: BleepingComputer

 

4. Nearly All Modern CPU’s Leak Data to New Collide+Power Side-Channel Attack – August 1 

Collide+Power is a software attack against computer circuit providers such as Intel. CVE-2023-20583 can target devices and encrypt passwords. There are two variants in this attack and one allows attackers to access sensitive data and hyperthreading and the other does not require constant sensitive data or hyperthreading. Today, attackers have a data leak rate at 4.82 bits per hour. Researchers believe that attackers could potentially reach up to 188 bites per hour. At this speed, they could alter the memory of the application. 

(Source: SecurityWeek

 

5. Iran’s APT34 Hits UAE With Supply Chain Attack – August 2nd 

The United Arab Emirates (UAE) is under attack by an Iran-based attack group, APT34. APT34 used a fake landing page to act as an IT job recruitment website with malicious documents attached. Opening the documents releases information-stealing malware on your device. Attackers obtain account credentials with the malware, which gives them the ability to access IT company clients’ networks, especially targeting government clients. The threat group is said to use command and control (C2) communication to successfully launch their attacks;  the group is known for performing similar successful supply chain attacks.    

(Source: DarkReading)

And that’s our wrap-up of this week’s top reported cyber stories. From attackers’ advancements, newly discovered vulnerabilities, and more, you can stay up to date with the industry’s latest stories each week. Check back next week for our breakdown of five new trending articles. 

Attack Surface Management Solutions
Learn more