Threat Landscape Briefing – November 2023

In this month’s briefing we explore:

• ServiceNow vulnerability exposes sensitive data (timestamp – 01:05)
  • ServiceNow issued a fix for a misconfigured widget that exposes data after a researcher published a method unauthenticated attackers can use to steal an organization’s sensitive files.
  • See Info-Tech’s Build a Zero Trust Roadmap.
• HTTP/2 Rapid Reset attacks mark the largest recorded DDoS attack in internet history (timestamp – 04:13)
  • Large cloud service providers such as Google, AWS, and CloudFlare observed a series of distributed denial of service attacks facilitated by the exploitation of a weakness in the implementation of HTTP/2.
  • See Info-Tech’s Define Your Cloud Vision.
• The Art of Concealment, what to know about the new Magecart campaign (timestamp – 07:23)
  • The Akamai Security Intelligence Group has detected a new Magecart web skimming campaign that is targeting a large number of websites, including large organizations in the food and retail industries.
  • See Info-Tech’s Embed Security Into the DevOps Pipeline.
• Hackers exploit zero-day on Cisco devices (timestamp – 11:11)
  • Cisco issued an advisory warning on October 16 that hackers were actively exploiting a critical vulnerability in IOS XE, the software that operates its networking devices.
  • See Info-Tech’s Implement Risk-Based Vulnerability Management.
• ToddyCat using spear phishing to deliver disposable malware in Asia (timestamp – 14:33)
  • A malware campaign known as “Stayin’ Alive” is continuing to target Asian telecom and governmental organizations and is believed to be perpetrated by ToddyCat, a group linked to China.
  • See Info-Tech’s Develop a Security Awareness and Training Program That Empowers End Users.
• WordPress sites targeted with backdoor malware disguised as a plugin (timestamp – 15:56)
  • A new malware has been targeting WordPress websites by masquerading as a legitimate caching plugin.
  • See Info-Tech’s Develop and Implement a Security Incident Management Program.

If you have a question or would like to receive these monthly briefings via email, submit a request here.