Pulsar Cyber Trends May 2023

May has brought some interesting developments in the world of cyber security. The first topic shows a long running zero day affecting Barracuda Firewalls since late 2022. Also highlighted is a malicious Remote Access Trojan bundled in gaming mods, posing as legitimate software. Finally, Discord has disclosed their first data breach.

According to reports, a zero day has been affecting Barracuda Web Application Firewalls (WAF) and Barracuda WAF as a service since 2022, allowing the attackers to distribute malware and steal data. The zero day (CVE-2022-21034) allows malicious actors to gain unauthorized access to affected devices and deploy malicious payloads, while maintaining a backdoor. The malware allows for exfiltration of sensitive information and the execution of arbitrary commands. The campaign primarily targeted organizations in the fields of healthcare, government, and IT services. Barracuda has been made aware of this vulnerability and all users are strongly urged to patch affected systems, and rotate credentials linked to these systems.

The stealthy SeroXen Remote Access Trojan (RAT) malware is being increasingly employed to target gamers, AT&T reports. It is being advertised as a legitimate remote access tool for Windows 10 and 11 and its cheap price tag incentivizes users to give it a try. While marketed as legitimate, it is unclear whether the popularity gained through promotion is from the original developers or shady resellers. SeroXen is designed to gain unauthorized access to a victim’s computer, allowing attackers to monitor their every move and keystroke. This allows the attackers to steal sensitive information and even take control of the affected device. The malware is distributed through cheating software, which is enticing to gamers looking for an edge in their games. SeroXen remains hidden and undetectable once installed, making it difficult for any victim to know they’ve been exploited. As always, it is recommended to only download software from trusted sources, maintain patches, and always be on the lookout for suspicious computer activity and artifacts.

Discord has recently suffered a data breach after an attacker compromised a third-party support agent. This is the first data breach that Discord has experienced, and the impact is limited. The breach exposed the agent’s support ticket queue, which includes user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets. Discord immediately acted and deactivated the compromised account as well as checked the affected system for any malware or backdoors. While Discord says the risk associated with this breach is low, users are still recommended to keep an eye out for any suspicious messages or activity. Users have speculated that the support agent was hacked through an outdated version of Zendesk, which is the ticketing software Discord uses for their support cases. This breach further emphasizes the need to keep systems up to date with regular patching.