Web / Internet Threats















        vBulletin addresses three new high-severity vulnerabilities. vBulletin has recently published a new security
        patch update that addresses three high-severity flaws in vBulletin 5.5.4 and prior versions. The vulnerabilities
        could be exploited by remote attackers to take complete control over targeted web servers and steal sensitive
        user information.

                Source:  https://securityaffairs.co/wordpress/92303/hacking/vbulletin-high-severity-
                vulnerabilities.html




        NSA warns VPN vulnerabilities exploited by nation-state hackers. The NSA issued a cybersecurity advisory
        Monday urging users to patch and mitigate three previously disclosed VPN vulnerabilities that "multiple
        nation-state advanced persistent threat (APT) actors have weaponized." In the advisory, the NSA did not
        specify which nations or APT groups are exploiting the flaws, or for what purpose.

                Source:  https://searchsecurity.techtarget.com/news/252472019/NSA-warns-VPN-vulnerabilities-
                exploited-by-nation-state-hackers



        Morocco: Human Rights Defenders Targeted with NSO Group’s Spyware. Amnesty International has
        discovered that since at least October 2017, HRDs from Morocco have been targeted with the infamous
        “Pegasus“ spyware produced by the Israeli company ‘NSO Group’. This report uncovers how this spyware was
        used to unlawfully target two prominent HRDs from Morocco, who have a history of facing reprisals from the
        state for speaking out openly about human rights in the country. Amnesty International can reveal that the
        two targets are Maati Monjib, an academic and activist working on issues of freedom of expression, and
        Abdessadak El Bouchattaoui, a human rights lawyer involved in the legal defense of protestors in a social
        justice movement in Hirak El-Rif that took place across 2016 and 2017.

                Source:    https://www.amnesty.org/en/latest/research/2019/10/Morocco-Human-Rights-Defenders-
                Targeted-with-NSO-Groups-Spyware/



        New Campaign Targets Drupalgeddon2 Flaw to Install Malware. Hackers continue to target the Drupal
        vulnerability named Drupalgeddon2 to install malware onto unpatched systems, Akamai’s security researchers
        have discovered. Tracked as CVE-2018-7600, the security flaw impacts Drupal versions 6, 7 and 8. The bug was
        addressed in March 2018, with the first attacks targeting it spotted only several weeks later, attempting to
        deploy malicious programs such as crypto-miners and backdoors.
                Source: https://www.securityweek.com/new-campaign-targets-drupalgeddon2-flaw-install-malware












                                                    www.accumepartners.com
                                                                                                                    13