Security News

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.

Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution on affected versions. "Apache ActiveMQ is vulnerable to remote code execution," Apache said in its advisory.

The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution flaw to breach networks and encrypt devices. Yesterday, Rapid7 reported that they had seen at least two distinct cases of threat actors exploiting CVE-2023-46604 in customer environments to deploy HelloKitty ransomware binaries and extort the targeted organizations.

The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across the city.

Researchers from Mandiant report that four ongoing campaigns target vulnerable Citrix NetScaler ADC and Gateway appliances, with attacks underway since late August 2023. The Citrix Bleed CVE-2023-4966 vulnerability was disclosed on October 10 as a critical severity flaw impacting Citrix NetScaler ADC and NetScaler Gateway, allowing access to sensitive information on the devices.

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. Thanks to the project's support for a diverse set of secure authentication and authorization mechanisms, it is widely used in enterprise environments where systems communicate without direct connectivity.

F5 is warning BIG-IP admins that devices are being breached by "Skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution. F5 has observed threat actors using the two flaws in combination, so even applying the mitigation for CVE-2023-46747 could be enough to stop most attacks.

Xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months. XLL files offer attackers greater capabilities compared to alternatives like Visual Basic for Applications macros, which are now blocked by default courtesy of Microsoft's 2022 intervention, a move that was seen at the time as long overdue.

Indian politicians and media figures have reported that Apple has warned them their accounts may be under attack by state-sponsored actors. Mahua's post therefore accuses India's government of being the state actor Apple believe has attacked her iPhone.

Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year, according to Corvus Insurance. In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global ransomware attacks, which has continued through the third quarter.