This Week’s Top 5 News July 2023 | 03

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. A Few More Reasons Why RDP is Insecure

The Remote Desktop Protocol (RDP), launched in 1996, has been integral to remote access and administration of Windows systems, forming the basis for various VDI solutions. However, its widespread use presents security risks, such as Remote Code Execution (RCE) vulnerabilities, which can lead to unauthorized access, data breaches, and system compromise. The impact severity varies based on the specific vulnerability, attacker’s intent, targeted system’s importance, and security measures. Microsoft’s recent bulletins address these concerns, urging for system patching. One noted vulnerability (CVE-2023-24905) involves DLL hijacking, compromising the RDP client by loading a file from the current working directory instead of the Windows OS directory. For more about this story click here


2. U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

The U.S. government has placed commercial spyware vendors Cytrox and Intellexa on an economic blocklist, citing their role in weaponizing cyber exploits and threatening global privacy and security. The block extends to the companies’ corporate holdings across Hungary, North Macedonia, Greece, and Ireland, prohibiting U.S. transactions with these entities. This action targets their ability to access resources that could contribute to surveillance tools development, potentially misused in human rights abuses. Cytrox, known for the Predator spyware, and Intellexa, offering the Nebula platform, have nebulous connections within the Intellexa Alliance of surveillance vendors. The U.S. move follows similar actions against NSO Group and Candiru in 2021. For more about this story click here


3. Citrix: Critical zero-day vulnerabilities in Netscaler ADC and Gateway

Citrix has issued a warning about partially critical security vulnerabilities discovered in Netscaler ADC and Netscaler Gateway. Notably, one of these vulnerabilities is a zero-day gap that has already seen exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that these vulnerabilities could enable attackers to seize control of affected devices. Citrix has urged IT managers to promptly install the updated software versions to mitigate these risks. The vulnerabilities are present in several configurations, including VPN, ICA proxy, CVPN, RDP proxy, and AAA virtual server. The company also noted the end-of-life status of Netscaler DAC and Gateway 12.1, urging customers to upgrade to supported versions.
For more about this story (German language) click here


4. Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are exploiting a critical security flaw (CVE-2023-28121) in the WooCommerce Payments WordPress plugin, leading to a large-scale targeted campaign. This flaw allows attackers to impersonate users, including administrators, potentially enabling site takeover. The attacks peaked at 1.3 million against 157,000 sites on July 16, 2023. Versions 4.8.0 through 5.6.1 of WooCommerce Payments are vulnerable. The attackers are deploying the WP Console plugin to execute malicious code and install a file uploader for backdoor site access. Concurrently, Rapid7 reported active exploitation of Adobe ColdFusion flaws in multiple customer environments. Users are advised to update to the latest version of Adobe ColdFusion to secure against potential threats. For more about this story click here


5. WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

Generative AI technology, like WormGPT, is being exploited by cybercriminals to launch sophisticated phishing and business email compromise (BEC) attacks, according to SlashNext. This tool, advertised on underground forums, allows for the automation of highly convincing fake emails, personalized to increase the success rate of attacks. The software’s author describes it as a blackhat alternative to GPT models. With OpenAI ChatGPT and Google Bard taking steps against large language model abuse, WormGPT presents a significant threat. It enables even novice criminals to launch large-scale attacks without needing extensive technical knowledge, highlighting the potential dangers of generative AI in the wrong hands.
For more about this story click here


There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!