In its latest monthly threat report, SecurityHQ has highlighted the top five key areas of concern based on November 2023 advisories. This includes the escalating cyber activities stemming from the Israel-Palestine conflict, critical vulnerabilities in Adobe products, Microsoft’s Patch Tuesday updates, the emergence of Rhysida Ransomware across multiple sectors, and the activities of TA042 targeting Middle Eastern government entities. Here are the detailed insights.
1. Escalation of cyber activities amid Israel-Palestine conflict
SecurityHQ’s Threat Intelligence team has observed an uptick in adversarial cyber activities following the recent Israel-Hamas conflict. Various threat actors globally have aligned themselves with either the Pro-Palestinian or Pro-Israeli factions. Noteworthy actions include distributed denial-of-service (DDoS) attacks, network denial of service, exploitation of public-facing applications, data manipulation, and supply chain compromises. Of particular concern is the deployment of a purported spyware mobile app, “Red Alert: Israel,” aimed at Israeli civilians.
Industries across the board, including Financial Services, Aerospace, Government, Healthcare, Technology, and more, are anticipated to experience widespread targeting based on their associations with geopolitical stances.
SecurityHQ suggests hardening IT environments against DDoS attacks, implementing rate limiting, utilizing filtering services, IP blocking, CAPTCHA or challenges, and anomaly-based detection.
2. Critical vulnerabilities in Adobe products
Adobe has issued security updates to address critical vulnerabilities affecting various products, including ColdFusion, RoboHelp Server, Acrobat DC, Photoshop, and more. These vulnerabilities pose risks such as arbitrary code execution, memory leaks, out-of-bounds read/write, memory corruption, improper access control, and security feature bypass.
Users are advised to update all affected products to their latest available patch versions.
3. Microsoft’s November 2023 Patch Tuesday targets 58 flaws, including 5 Zero-Days
Microsoft’s Patch Tuesday for November 2023 includes security updates for 58 flaws, with five actively exploited vulnerabilities. Risks involve remote code execution, elevation of privilege, security feature bypass, information disclosure, spoofing, and denial of service. Affected products span Windows, Microsoft Office, Exchange Server, Azure, and more.
It is, therefore, crucial to update all affected Microsoft products to the latest available patch version.
4. Rhysida ransomware targeting multiple sectors
Security researchers have identified Rhysida Ransomware targeting Education, Healthcare, Manufacturing, Information Technology, and Government sectors. Rhysida exploits the Zerologon vulnerability, employing various tactics for initial access, lateral movement, execution, and data exfiltration.
Updating and patching systems, segmenting networks, deploying Endpoint Detection and Response tools, and implementing multi-factor authentication are recommended to mitigate risks.
5. TA042 targeting Middle Eastern government entities
TA042, a threat actor, has been observed engaging in phishing campaigns to target Middle Eastern governments. Tactics include phishing emails, Dropbox links, file attachments, and the deployment of the IronWind malware. TA042 continues to adapt its attack methods to further its cyber espionage objectives.
Updating and patching systems, segmenting networks, deploying Endpoint Detection and Response tools, and implementing multi-factor authentication are crucial for minimizing vulnerabilities.
The detailed threat advisory provides essential insights and recommendations to bolster cybersecurity defenses against these evolving threats. Staying vigilant and prioritizing security measures are essential for businesses to safeguard against potential cyber risks.
Read next: New updates in Acronis Cyber Protect Cloud empower MSPs to serve clients better
