The new malware P2PInfect peer-to-peer (P2) has a high level vulnerability, CVE-2022-0543. The flaw was rated a score of 10 and tries to activate the malware on compromised hosts of cryptocurrency. After implementing, the malware upgraded the firewall features. The threat actor behind this is still unknown; however, the use of this technique allows easier access to other platforms. The easy communication method connects servers closer to one another.
Abyss is a double extortion ransomware group found in March that is targeting industrial control systems on the VMware ESXI software. As of today, the group has successfully pulled 14 attacks on various organizations. The Linux ELF encryptor variant has just appeared in the ESXi machine. Ransomware groups such as Akira, Cl0p, HelloKitty, and others have now focused on locking Linux ESXi machines.
The Advanced persistent threat (APT) group has been targeting MobileIron since April. The US Cybersecurity and Infrastructure Security Agency (CISA) reported the two vulnerabilities in Invanti’s Endpoint Manager Mobile (EPMM). CVE-2023-35078 is a zero-day vulnerability that’s considered a high-level attack due to the number of people it can affect. The flaw enables users to create admin accounts which leads attackers to sensitive information. As of today, over 2,300 MobileIron devices are exposed. All users are suggested to download the platform’s latest version.
Collide+Power is a software attack against computer circuit providers such as Intel. CVE-2023-20583 can target devices and encrypt passwords. There are two variants in this attack and one allows attackers to access sensitive data and hyperthreading and the other does not require constant sensitive data or hyperthreading. Today, attackers have a data leak rate at 4.82 bits per hour. Researchers believe that attackers could potentially reach up to 188 bites per hour. At this speed, they could alter the memory of the application.
The United Arab Emirates (UAE) is under attack by an Iran-based attack group, APT34. APT34 used a fake landing page to act as an IT job recruitment website with malicious documents attached. Opening the documents releases information-stealing malware on your device. Attackers obtain account credentials with the malware, which gives them the ability to access IT company clients’ networks, especially targeting government clients. The threat group is said to use command and control (C2) communication to successfully launch their attacks; the group is known for performing similar successful supply chain attacks.