Check out our latest bi-weekly threat intelligence report update! We've pulled together the most relevant cyber threats and updates that have made headlines over the last two weeks. In today's day and age, the digital realm is full of risks, with threat actors constantly seeking new vulnerabilities to exploit and sensitive information to compromise. Amongst the latest threats is a suspected cyberattack by China on the Ministry of Defence's armed forces payroll system, a DropBox security breach in its eSignature platform, Dropbox Sign, previously known as HelloSign, and another vulnerable WordPress plugin discovered.
Read more about the most recent threats in the below.
Latrodectus Malware Exploiting Microsoft and Cloudflare Themes
Cybercriminals have been using names like Microsoft Azure and Cloudflare in sophisticated phishing attacks that evade standard email filters. The malware Latrodectus, also known as Unidentified 111 or IceNova, poses a significant threat by stealthily executing harmful payloads and commands.
Security experts are investigating its ties to the IcedID malware loader and its advanced distribution tactics, highlighting its growing danger to corporate networks.
DropBox Data Theft from eSignature Service
Dropbox has disclosed a security breach in its eSignature platform, Dropbox Sign, previously known as HelloSign.
Hackers accessed sensitive data such as authentication tokens, MFA keys, hashed passwords, and customer information via an automated system configuration tool that allowed them elevated privileges.
Dropbox has reset user passwords, advised on rotating API keys, and recommended reconfiguring MFA settings, while reassuring that no customer documents were compromised and other Dropbox services remain unaffected.
China Suspected in UK Armed Forces Payroll Hack
The UK Government has been investigating a suspected cyberattack by China on the Ministry of Defence's armed forces payroll system. The breached system contains sensitive information, including names, bank details, and personal addresses of armed forces personnel.
While there is no evidence of data extraction, the government is cautious. The MoD has been investigating for 72 hours with no indication of data removal.
Affected service members will receive details about the breach and advice on fraud risks, with no immediate safety threats identified.
Google Reverts reCaptcha Update for Firefox Compatibility
Google recently reverted an update to its reCaptcha service due to a compatibility issue with Mozilla Firefox on Windows, which was causing captcha prompts to endlessly load.
The problem originated from a new dark mode detection feature in the reCaptcha script that malfunctioned before the page's DOM was fully loaded.
Google swiftly rolled back to a previous version of the script after a temporary workaround involving changing the browser’s user agent proved the issue was with Google's script and not Firefox, quickly resolving the situation for users.
WordPress LiteSpeed Cache Plugin Vulnerability
LiteSpeed Cache, a widely used WordPress caching plugin, has been found vulnerable (CVE-2023-40000, CVSS score: 8.3), allowing attackers to create unauthorised WordPress admin accounts.
This vulnerability, a stored cross-site scripting (XSS) issue, poses significant risks to users that depend heavily on WordPress for their operations, potentially leading to data breaches, website defacement, and malware distribution.
To help protect against these threats, users should regularly update their software, ensure cyber security measures like firewalls and intrusion detection systems are in place, and foster a security-aware culture among employees.
