Security News > 2023 > August

About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns. Threat actors have been exploiting a NetScaler appliance vulnerability to get persistent access to the compromised systems.

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477.

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. The email issues began late last night, with users and admins reporting on Reddit, Twitter, and Microsoft forums that their Hotmail emails were failing due to SPF validation errors.

An international law enforcement operation led by Interpol has led to the arrest of 14 suspected cybercriminals in an operation codenamed 'Africa Cyber Surge II,' launched in April 2023. Interpol has been actively fighting cybercrime in recent months, disrupting multi-million operations and seizing widely-used crime platforms.

A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. "The four-month Africa Cyber Surge II operation was launched in April 2023 and focused on identifying cybercriminals and compromised infrastructure," the agency said.

Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network. This has increased the percentage of Zero Trust advocates from 24% to 55%. The security model known as Zero Trust is an overarching security strategy designed to continuously audit and verify access to resources, both internally and externally.

A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. "Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.

Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve.

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X. "This BlackCat version also has the RemCom hacktool embedded in the executable for remote code execution. The file also contains hardcoded compromised target credentials that actors use for lateral movement and further ransomware deployment."

There's an often-underutilized learning method that not only heightens security preparedness but also acts as a balm for the burnout crises: simulation training. Simulation training boosts confidence because unlike traditional training methods, the learner gains experience over time through true-to-life virtual cyber warfare training and sparring against simulated malicious adversaries that behave like human opponents.