This Week’s Top 5 News August 2023 | 03

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Tracked as CVE-2023-24489, the vulnerability allows unauthenticated attackers to compromise vulnerable instances remotely by exploiting an improper access control bug. This flaw stems from ShareFile’s handling of cryptographic operations, enabling adversaries to upload arbitrary files and execute remote code. The vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller. GreyNoise observed a spike in exploitation attempts targeting the flaw, highlighting the urgency for applying vendor-provided fixes. Additionally, CVE-2023-3519, a critical vulnerability affecting Citrix’s NetScaler product, has been actively exploited to deploy PHP web shells on compromised appliances and gain persistent access. For more about this story click here

 

2. What’s the State of Credential theft in 2023?

Credential theft continues to be a significant concern for IT teams, as highlighted in the 2023 Verizon Data Breach Investigations Report (DBIR). The report revealed that 83% of breaches involved external actors, with almost half of those breaches involving stolen credentials. Threat actors employ various tactics, including social engineering and fake login pages, to trick users into divulging their credentials. Additionally, online black markets selling stolen credentials have become increasingly prevalent, providing non-technical attackers with easy access to valuable data. Protecting against stolen credentials is crucial, and tools like Specops Password Policy with Breached Password Protection can help organizations detect compromised passwords and strengthen their security measures. For more about this story click here

 

3. Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Ivanti Avalanche, a widely used enterprise mobile device management solution, has been found to have multiple critical security flaws. These vulnerabilities, identified as CVE-2023-32560, pose a significant risk to organizations. The flaws are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. According to cybersecurity firm Tenable, these issues result from processing specific data types and can be exploited remotely by unauthenticated attackers. Successful exploitation could lead to code execution or system crashes.
Ivanti has released Avalanche version 6.4.1, which addresses these vulnerabilities along with six others, ensuring enhanced protection against authentication bypass and remote code execution.
It is crucial for users to promptly update their software to mitigate potential threats. For more about this story click here

 

4. Nearly 2,000 Citrix NetScaler via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have fallen victim to a large-scale attack where threat actors exploited a critical security vulnerability. NCC Group reported that the attackers leveraged CVE-2023-3519, injecting web shells into vulnerable NetScalers to gain persistent access and execute arbitrary commands even after patches and reboots. This vulnerability affects NetScaler ADC and Gateway servers, allowing unauthenticated remote code execution. Although Citrix patched the flaw last month, NCC Group’s analysis reveals that 1,828 NetScaler servers remain compromised. As a proactive measure, Mandiant has released an open-source tool to help organizations scan their Citrix appliances for signs of post-exploitation activity related to CVE-2023-3519, emphasizing the importance of comprehensive security measures.
For more about this story click here

 

5. Over 12,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

Hudson Rock, a cybersecurity firm, has uncovered alarming data indicating that approximately 120,000 computers infected with stealer malware have credentials associated with cybercrime forums, including those belonging to malicious actors. These findings highlight the opportunistic nature of hackers worldwide, infecting computers through fake software promotions or directing victims to download infected software via YouTube tutorials. The compromised machines provide abundant information, enabling the identification of real-world identities of hackers based on indicators such as credentials, addresses, phone numbers, and IP addresses. The prevalence of information stealers has fueled the malware-as-a-service ecosystem, making them a lucrative initial attack vector for threat actors. Notably, Nulled.to , Cracked.io , and Hackforums.net are among the cybercrime forums with the highest number of infected users. This discovery not only sheds light on the harm caused by info stealer infections but also highlights their potential for attribution against cybercriminals by law enforcement. For more about this story click here

 

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!