Top Middle East Cyber Threats – 24 January 2023 - Help AG: Next-Gen Cybersecurity Services in the Middle East

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats. 

In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead: 

Microsoft Releases Patches for 98 Vulnerabilities

Microsoft has fixed 98 vulnerabilities in the January 2023 update addressing CVEs in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server.

Of the 98 new patches released, 11 are rated ‘Critical’ and 87 are rated ‘Important’ in severity.

One of the new CVEs released in January is listed as publicly known (CVE-2023-21549) and one is listed as being exploited in the wild (CVE-2023-21674).

RECOMMENDATIONS

Ensure all systems are patched and updated.

Google Publishes Security Update to Address Multiple Vulnerabilities

Google has published a security update to address multiple vulnerabilities in Chrome browser that are fixed in Chrome’s latest version 109.0.5414.74 (Linux),109.0.5414.74/.75 (Windows) and 109.0.5414.87 (Mac).

Out of the 14 vulnerabilities fixed, 2 are classified as ‘High’, 8 as ‘Medium’ and 4 as ‘Low’ in severity.

RECOMMENDATIONS

Ensure all systems are patched and updated.

Hackers Actively Exploit Critical Control Web Panel RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers.

Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched on October 25, 2022.

Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. login/index.php in CWP 7 (Control Web Panel or CentOS Web Panel) before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

RECOMMENDATIONS

Ensure all systems are patched and updated.

Earth Bogle Campaign Targets the Middle East with Geopolitical Lures

A campaign targeting potential victims in the Middle East including the United Arab Emirates is active and is using geopolitical themes as a lure. The threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web servers distribute NjRAT.

NjRAT is a remote access trojan (RAT) malware first discovered in 2013, primarily used to gain unauthorized access and control over infected computers and employed in various cyberattacks to target individuals and organizations in the Middle East.

RECOMMENDATIONS