Security News > 2023 > October

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens. Threat actors abuse Discord in three ways: leveraging its content delivery network to distribute malware, modifying the Discord client to steal passwords, and abusing Discord webhooks to steal data from the victim's system.

In an email interview with TechRepublic, Jake Williams, faculty member at IANS Research and former NSA offensive hacker, said, "The publication highlights the challenges with comparing the features provided by vendors. CISA seems to be putting vendors on notice that they want vendors to be clear about what standards they do and don't support in their products, especially when a vendor only supports portions of a given standard." According to CISA and the NSA, the definitions and policies of the different variations of MFAs are unclear and confusing.

Information systems of state courts across Kansas are still offline after they've been disrupted in what the Kansas judicial branch described last Thursday as a "Security incident." Multiple systems crucial to daily court operations across the state have been impacted, including the Kansas Courts' eFiling system used by attorneys to submit case documents, the electronic payments system, and the case management systems employed by district and appellate courts for case processing.

A previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco IOS XE software, which is installed on various Cisco controllers, switches, edge, branch and virtual routers.

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams. Two WordPress security firms, Wordfence and WPScan, have marked CVE-2023-5360 as actively exploited since August 30, 2023, with the attack volume ramping up starting on October 3, 2023.

The agency states that the Russian hackers "Interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches. Sandworm is a very active espionage threat group linked to Russia's GRU. The attackers have focused on Ukraine throughout 2023, using phishing lures, Android malware, and data-wipers.

An unspecified security incident is forcing many state courts across Kansas to rely on paper filings, and it may have continue to do so for weeks, a state judge has warned. The Kansas Supreme Court issued a brief notice that it was "Experiencing network issues" on Thursday, October 12, and a short time later the same day said it was turning off its eFiling system until Sunday, October 15, "To give the judicial branch time to examine a security incident."

Determining the eligibility of individuals to access or administer these components can be a challenge. Whether you need to establish full access permissions to folders for the purpose of backups or you're responsible for handling data that could adversely affect the organization if leaked, this checklist from TechRepublic Premium will help you determine the necessary steps involved.

The European Union's General Data Protection Regulation requires every organization that collects sensitive personal data from those residing in the EU to ask for clear and specific consent before collecting that data. Clicking the checkbox affirms your consent in granting us permission to use your personal data.

Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers. "Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface feature of Cisco IOS XE software when exposed to the internet or untrusted networks," the company revealed today.