ZeroFox Daily Intelligence Brief - July 25, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - July 25, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- Critical Zero-Days in Atera Installers Expose Users to Attacks
- Ivanti Releases Security Updates for Endpoint Manager Mobile Vulnerability
- Zenbleed Attack Leaks Sensitive Data from AMD Zen2 Processors
- Data broker / initial-access broker / BlackPass: 4 Compromised E-commerce Accounts Linked to U.S. Military Emails and 2easy: Compromised Live Nation and TicketMaster accounts
- Vulnerabilities: CVE-2023-25074 and CVE-2023-28321
- Exploits: CVE-2018-15152 and CVE-2016-7255
- Breaches: Telegram: Audi Cloud Breach and Credit Card Data Breach
Critical Zero-Days in Atera Installers Expose Users to Attacks
Zero-day vulnerabilities were discovered in Windows Installers for Atera remote monitoring and management software, posing a risk for privilege escalation attacks. These flaws, identified as CVE-2023-26077 and CVE-2023-26078, were resolved in Atera versions 1.8.3.7 and 1.8.4.9. The vulnerabilities allowed operations from an NT AUTHORITY\ SYSTEM context, which could lead to local privilege escalation and could execute arbitrary code.
Ivanti Releases Security Updates for Endpoint Manager Mobile Vulnerability
A vulnerability in Ivanti Endpoint Manager Mobile (EPMM) enables unauthenticated access to certain API paths, potentially exposing personally identifiable information (PII) of users, including names, phone numbers, and device details. Attackers can also perform configuration changes and create administrative accounts for further manipulation. Ivanti acknowledges active exploitation and recommends affected users on versions 11.10, 11.9, and 11.8 to apply patches and review their support resources.
Zenbleed Attack Leaks Sensitive Data from AMD Zen2 Processors
A proof of concept exploit has been released for AMD Zen2 CPUs that could enable data theft at a rate of 30KB/sec per CPU core from any system operation, including those that take place in virtual machines, isolated sandboxes, containers, etc. Tracked as CVE-2023-20593, the flaw is caused by mishandling the "vzeroupper" instruction during execution. While the risk to regular users is relatively low, AMD users should promptly apply the new microcode update or BIOS fix to stay protected.
THREAT ACTIVITY: INITIAL-ACCESS BROKERS, DATA BROKERS, AND HACKTIVISTS
- BlackPass:: 4 Compromised E-commerce Accounts Linked to U.S. Military Emails Observed
- 2easy:: Compromised Live Nation and TicketMaster accounts
VULNERABILITIES
- CVE-2023-25074 - Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
- CVE-2023-28321 - An improper certificate validation vulnerability exists in curl.
EXPLOITS
- CVE-2018-15152: OpenEMR 5.0.1.3 - Authentication Bypass
- CVE-2016-7255: Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
BREACHES
- Telegram: Audi Cloud Breach (12,593 Records) Email address and password
- Credit Card Data Breach: (1a266e| 2398)| Credit Card Data Breach
Tags: DIB, tlp:green