Fortinet and Linux Kernel Exploit Shares, iCloud Checker Tool, and Citrix Access Sales
This week, as always, we bring you these startling narratives not to alarm but to inform and prompt action. So join us as we shine a light on the murky corners of the cyber realm, the dark web.
We detected several technical exposes, spotlighting two high-risk vulnerabilities – a critical RCE bug haunting Fortinet devices and the newly emerged ‘StackRot’ defect in the Linux kernel. Also, discovered a post where a threat actor claims to be selling a checker tool for iCloud.
Find out if your data has been exposed.
Database of Nickelodeon is Leaked
The SOCRadar Dark Web Team has discovered a data leak related to Nickelodeon. Allegedly, the leaked data contains around 500GB of files, including unseen content from popular shows like Sponge Bob and Danny Phantom. Nickelodeon has confirmed the leak, but some of the content may be from past years.
A New Article is Shared About Critical RCE Bug on Fortinet Devices
On July 6, a SOCRadar researcher detected a new article discussing a vulnerability in Fortinet’s FortiGate firewalls. The vulnerability, CVE-2023-27997, allows remote code execution and poses a significant risk. Despite an update by Fortinet to address the issue, 300,000 FortiGate firewalls remain vulnerable.
The fact that the threat actor posted the article discussing the vulnerability in Fortinet’s FortiGate firewalls on a dark web forum raises significant concerns. This could lead to increased awareness among malicious actors, widespread dissemination of exploit details, increased exploit attempts, and potentially severe consequences for vulnerable systems. Organizations must prioritize patching and strengthening their defenses to minimize the risk of successful attacks.
A New Article is Shared About StackRot Vulnerability in Linux Kernel
SOCRadar Dark Web Team has detected a threat actor’s post on a dark web forum regarding a vulnerability. The serious kernel configuration vulnerability, tracked as CVE-2023-3269 and named StackRot, affects Linux versions 6.1 to 6.4. It allows for kernel compromise and privilege escalation with minimal effort. The vulnerability’s impact on the kernel’s memory management subsystem, specifically in the maple tree structure, was disclosed by researcher Ruihan Li. The patch for the vulnerability became available on July 1, and full technical details and a PoC are expected to be revealed by the end of July.
Unauthorized Citrix Access Sale is Detected for a German Internet Service Provider Company
On July 5, a SOCRadar dark web analyst detected a claim made by a threat actor regarding an unauthorized Citrix access sale related to a German Internet Service Provider (ISP) company. The threat actor specifically mentions that the access involves Citrix access and file transfer access. The geographical location specified is Germany, and the industry affected is Internet Service Providers, Website Hosting & Internet-related Services.
A New Checker Tool for iCloud is on Sale
A SOCRadar dark web analyst has detected a post where a threat actor claims to be selling a checker tool for iCloud. The software is described as a brute-checker capable of obtaining seed phrases, private keys and uploading photos based on keywords. The sale is one-time and requires a guarantor, with a starting price of $10,000 and a flash sale option at $15,000.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.