22 November 2022 WEEKLY NEWSLETTER

BOCRA website



Join us on Slack

Follow us on Facebook

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

                                                     LATEST CYBER HACKS 


Multiple Groups Tear Down E-Commerce Websites with TrojanOrder Attacks

According to Sansec researchers, there is a massive surge in the TrojanOrders attacks ahead of the holiday season and approximately 38% of Magento 2 and Adobe Commerce websites are being targeted by the attacks.


Misconfigured Server Exposed PHI of 600,000 Inmates

A server misconfiguration at a firm that provides medical claims processing for correctional facilities exposed sensitive information of nearly 600,000 inmates who received medical care during the last decade while incarcerated.


Iranian APT Actors Compromised US Federal Network, Deployed Crypto Miner, Credential Harvester

In February 2022, the threat actors exploited Log4Shell for initial access to the organization’s unpatched VMware Horizon server. As part of their initial exploitation, CISA observed a connection to a known malicious IP address lasting 17.6 seconds.



Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution

Tracked as CVE-2022-42898 and impacting multiple Samba releases, the security defect exists in the Service for User to Proxy (S4U2proxy) handler, which provides “a service that obtains a service ticket to another service on behalf of a user.”


PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft.



Researchers Sound Alarm on Dangerous BatLoader Malware Dropper Spread via Compromised Sites

A dangerous new malware loader with features for determining whether it's on a business system or a personal computer has begun rapidly infecting systems worldwide over the past few months.


New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

RapperBot, which was first documented by the security firm Fortinet in August 2022, is known to exclusively brute-force SSH servers configured to accept password authentication.



WASP Infostealer Builds its Nest in PyPI Packages

The attackers are using polymorphism to vary the payload, steganography to hide code inside packages, reboot persistence, and building a fake GitHub reputation via starjacking technique


                               GENERAL NEWS


Security teams are responding to the ransomware threat, but remain on high alert

The on-going danger and threat of a ransomware attack looms large among security pros as the threat landscape increases daily. And many believe the worst is yet to come, according to a survey by CRA Business Intelligence.


Top passwords used in RDP brute-force attacks

While attacks on RDP ports grew during the COVID-19 pandemic as a result of the rise of remote work, the port has continued to be a popular attack method for criminals despite many workers returning to the office.