Welcome to The Threat Show powered by Fletch! This week Darien Kindlund breaks down the state of the threat landscape as we near the end of Q1, five major threats you need to know about, and answers some questions from you, our audience. Topics include if we Use ChatGPT in Fletch to help determine your tailormade threat list, when threats are typically reported on, and more.
Threat Landscape (00:32)
Darien Kindlund breaks down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (02:34)
A Microsoft Outlook zero-day vulnerability that only affects Windows users has been around for nearly a year but was only recently discovered. It’s being used by Russian threat actors to target Ukrainian government and military organizations. The threat group behind the attacks, APT28, has been known to go after targets outside of government and military organizations in the past.
Microsoft fixes Windows zero-day exploited in ransomware attacks (06:23)
Microsoft has another zero-day, with this threat going after Windows clients directly, no other software needed. Normally, if an attacker wanted to convince a user to open up an executable MSI file, as is the case with this threat, a pop-up would warn the user that it’s an untrusted file, but the attackers here are able to bypass this detection. A single double-click on a file can compromise users.
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day (08:06)
Adobe ColdFusion has revealed a zero-day vulnerability where an attacker can compromise a ColdFusion running any arbitrary code with no authentication needed.
CISA Warns of Plex Vulnerability Linked to LastPass Hack (10:02)
The LastPass breach saga has had new details emerge, with the vendor Plex having a known vulnerability where an attacker could get arbitrary code execution running and install a keylogger on a user’s personal computer.
SonicWall devices infected by malware that survives firmware upgrades (12:00)
A Chinese threat group known as UNC4540 is going after endpoint VPN devices, specifically SonicWall. One of three vulnerabilities could allow for these devices to be compromised, and once that happens attackers can load custom malware on the appliance and then use the appliance to gain further access to sensitive information going across the network. The attacker also added in a persistence layer, making it so that attempts at patching might fail because the malware can remain persistent on the appliance itself.
Q&A (15:06)
We answer some audience questions. If you have any questions you’d like to see us answer in future episodes, tweet or dm us @thethreatshow or leave a comment on YouTube!
