Our selection of key intelligence reports this week reiterates the threat posed by malicious insider incidents, notably North Korean (NK) Information Technology (IT) freelancers seeking employment in the US as non-NK nationals. This has led to NK IT contractors abusing their privileged access to provide NK units with initial access to victim networks. The US Treasury Department released an advisory, including a series of red-flag indicators, to help businesses identify suspicious patterns of behaviour. Elsewhere, a former database administrator was sentenced to seven years in prison for deleting nine terabytes worth of data belonging to Chinese real-estate brokerage conglomerate Lianjia. These incidents demonstrate that organisations need to be vigilant to insider threats and can reduce this risk by having robust controls within their hiring processes and making their employees feel valued.
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software (CVS: 10| OVS: 27) could allow a user to bypass authentication controls and log in to the device through the management interface. The vulnerability derives from the improper implementation of the password validation algorithm and could be exploited by a threat actor using crafted credentials who may then be able to obtain administrator privileges.
A remote code execution vulnerability (CVS:10|OVS:27) was detected in CMSimple_XH 1.7.4. A malicious user can exploit this vulnerability by using e \”File\” parameter to upload a PHP payload to get a reverse shell from the vulnerable host that allows remote access to the target device. We assess that the likelihood of future exploitation is 99%.
A lower privileged user can exploit this vulnerability (CVS: 9.9| OVS:38) within the AMDPowerProfiler.sys driver to access model specific registers in kernel, which could lead to privilege escalation and ring-0 code execution.
Key Intelligence Reports
- North Korean malicious insiders pose as IT freelancers to aid North Korean state units. Read full report >>
- Phishing campaign impersonating the World Health Organisation delivers Nerbian RAT malware. Read full report >>
- Chinese malicious insider wipes employer’s databases’ gets sentenced to seven years in prison. Read full report >>
If you come across any issues or need assistance, please do not hesitate to reach out to Secrutiny.
What is OVS?
The Orpheus Vulnerability Score (OVS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.