Featured Story
Critical RCE Vulnerability Actively Exploited in Barracuda Email Security Gateway Appliances
On May 19th, Barracuda disclosed a Remote Code Execution vulnerability (CVE-2023-2868) affecting its Email Security Gateway appliances. Exploits have been detected since October 2022, with evidence of malware deployment and data exfiltration. Barracuda has shared IOCs and mitigation steps on their website.
If you operate a Barracuda ESG appliance, threat hunting is essential. Search for the IOCs released by Barracuda and assess potential compromise. If you need assistance, our SOC team is available to help.
Other Stories
MOVEit Transfer Tool Vulnerability Actively Exploited
A SQL injection vulnerability in MOVEit Transfer allows unauthenticated attackers to access and modify database content. Exploits are being observed in the wild. The vendor recommends disabling HTTP/HTTPS traffic and applying patches immediately.
Follow Progress’ advisory:
- Disable external access to MOVEit Transfer
- Patch affected systems
- Hunt for IOCs listed by the vendor
Our SOC can assist with threat hunting and remediation.
Kekw Malware Continues to Evolve
The Kekw malware, distributed via PyPi and GitHub, continues to develop. Originally a large script, it now uses modular encryption to hide payloads. It performs host enumeration and data theft upon execution.
To reduce risk:
- Avoid downloading unverified tools from GitHub or PyPi
- Enable EDR to detect host enumeration activity
- Restrict GitHub access where unnecessary
- Use 2FA to secure accounts
Zero-Click iMessage Exploit Targets iOS Devices in ‘Operation Triangulation’
Kaspersky discovered a zero-click exploit used via iMessage to infect iOS devices. The malware gains root access and full control of the system. No patch is yet available. Indicators of compromise have been published to help organizations detect compromise.
We recommend IOC hunting on Apple devices using MDM tools or forensic collection. Devices showing signs of compromise should be isolated and investigated. Contact our SOC for support.
Proximus Warns of Fraudulent Phone Calls Imitating Police and Banks
Proximus reports a surge in phone scams where callers impersonate police, banks, or authorities. The goal is to trick victims into sharing sensitive data. These scams use spoofed caller IDs and voice manipulation tactics.
Never provide personal or financial details over the phone. Raise awareness internally and report suspicious calls. For further protection strategies or awareness training, contact our SOC team.
