Our selection of key intelligence reports this week reiterates the value of personally identifiable information for threat actors and serves as a reminder for companies to adopt strong security procedures to mitigate this threat. The General Motor’s credential stuffing compromise is an example of how threat actors can obtain unauthorised entry to user accounts and the sensitive data stored there. On this occasion, perpetrators were able to access information which included address and contact information relating to the account holder and their families. This information could also be used to inform phishing campaigns and other social engineering efforts in the future. Elsewhere, we have reported on further espionage attempts against the Russian government and ransomware groups continuing to target the aviation sector due to its susceptibility to downtime.

Key Vulnerabilities

  1. CVE-2018-8421
    A remote code vulnerability occurs when Microsoft .NET Framework processes untrusted input, aka \”.NET Framework Remote Code Execution Vulnerability.\ (CVSS: 9.8| OVSS: 27). This vulnerability affects a number of versions, and we assess that it has a 98% chance of being exploited in the future.
  2. CVE-2022-30525
    An operating system (OS) injection vulnerability (CVSS: 9.8| OVSS: 47) was detected in several versions of Zyxel USG FLEX 100(W) firmware’s common gateway interface programme, allowing a malicious user to modify specific files and execute some OS commands on a vulnerable device. Dark web chatter has suggested that threat actors have attempted to exploit this vulnerability to compromise Zyxel’s firewall and VPN devices.
  3. CVE-2021-43217
    A remote code execution vulnerability was detected in Windows Encrypting File System (CVSS:9.8| OVSS:39). Microsoft advised Windows users to install the Windows update released on 08 March 2022 to mitigate the impact of the vulnerability.

Key Intelligence Reports

  1. General Motors suffers credential stuffing compromise; discloses customer information. Read full report >>
  2. Indian airline SpiceJet experiences severe disruption following ransomware incident. Read full report >>
  3. Nation-state group conducts four separate phishing campaigns against Russian government entities. Read full report >>

If you come across any issues or need assistance, please do not hesitate to reach out to Secrutiny.

What is OVS?

The Orpheus Vulnerability Severity Score (OVSS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.

The Orpheus Vulnerability Severity Score