InfoSec News 20231103
Top News
-
New Microsoft Exchange zero-days allow RCE, data theft attacks
"Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations."
TLP1 : Green
-
Atlassian warns of exploit for Confluence data wiping bug, get patching
"Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances."
TLP1 : Green
-
BlackCat ransomware claims breach of healthcare giant Henry Schein
"The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
CanesSpy Spyware Discovered in Modified WhatsApp Versions
"Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy."
TLP1 : Green
-
New macOS 'KandyKorn' malware targets cryptocurrency engineers
"A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform."
TLP1 : Green
-
Russian FSB arrested Russian hackers who supported Ukrainian cyber operations
"The FSB arrested two Russian hackers who are accused of having helped Ukrainian entities carry out cyberattacks on critical infrastructure targets."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Ace Hardware says 1,202 devices were hit during cyberattack
"Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
"The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Amid a New Middle East Conflict, it’s Time to Reassess Supply Chain Risk
"Russia’s invasion of Ukraine suggested that geopolitics continues to be a major driver of cyber risk."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Threat Brief: Citrix Bleed CVE-2023-4966
"On Oct. 10, 2023, Citrix published a patch for their Netscaler ADC and Netscaler Gateway products. One particular vulnerability that this patch is meant to mitigate has come to be known as Citrix Bleed (CVE-2023-4966)."
TLP1 : Green
-
JS-Tap: Weaponizing JavaScript for Red Teams
"Application penetration testers often create custom weaponized JavaScript payloads to demonstrate potential impact to clients. Documents are stolen, privileges escalated, or account transfers initiated, depending on the client's “crown jewels”."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.