The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APTs, COVID-19, Data breach, Malware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
(published: April 4, 2020)
Two critical Firefox browser zero-day vulnerabilities have fixes available now and should be patched immediately. According to Mozilla, the vulnerabilities (CVE-2020-6819 and CVE-2020-6820) have been part of targeted attacks in the wild, however, Mozilla has not provided details on how they are being exploited. The vulnerabilities allow remote attackers to execute arbitrary code and trigger crashes on machines running Firefox versions older than 74.0.1 and Firefox Extended Support Release 68.6.1. According to the Center for Internet Security, the more restricted the privileges of the targeted user account, the fewer rights are impacted by the vulnerabilities, as user accounts with administrative rights could be used to install, view, change, and delete data from a victim’s system.Recommendation: It is critical that the latest security patches be applied as soon as possible to Firefox and all other web browsers used by your company. Vulnerabilities are discovered relatively frequently, and it is paramount to install the security patches because the vulnerabilities are often posted to open sources where any malicious actor could attempt to mimic the techniques that are described.MITRE ATT&CK: [MI ..
Support the originator by clicking the read the rest link below.
