Security News

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances by exploiting a now-patched zero-day bug. [...]

CISA warned today of the significant breach risks linked to insecure direct object reference vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security Centre and U.S. National Security Agency. IDOR vulnerabilities are flaws in web apps that enable attackers to access and manipulate sensitive data by directly referencing internal objects or resources.

Ivanti has also confirmed that the bug is actively exploited in attacks and warned customers that it's critical to "Immediately take action" to ensure their systems are fully protected. U.S. Federal Civilian Executive Branch Agencies have a three-week deadline, until August 15th, to secure their devices against attacks targeting the CVE-2023-35078 flaw, which was added to CISA's list of Known Exploited Vulnerabilities on Tuesday.

The U.S. Cybersecurity and Infrastructure Security Agency has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two critical security flaws exploited in attacks, one of them as a zero-day. According to the binding operational directive issued by CISA in November 2021, Federal Civilian Executive Branch Agencies are required to patch their systems against all bugs added to the Known Exploited Vulnerabilities catalog.

Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

The exploitation of the Citrix NetScaler ADC zero-day vulnerability was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization's non-production environment NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim's active directory and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement," the agency shared in an advisory published on Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical infrastructure organization's non-production environment NetScaler ADC appliance," the agency said.

Microsoft announced on Wednesday it would provide all customers free access to cloud security logs - a service usually reserved for premium clients - within weeks of a reveal that government officials' cloud-based emails were targets of an alleged China-based hack. Microsoft wrote on its blog it was expanding the service's access beginning in September 2023 to "Increase the secure-by-default baseline" of its cloud platforms "In response to the increasing frequency and evolution of nation-state cyber threats."

U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. "The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and other analytical capabilities are required to meet certain levels of network slicing service level requirements over time," the U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency said.

CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks.Under the binding operational directive issued in November 2021, U.S. Federal Civilian Executive Branch Agencies are now required to secure Windows devices on their networks against attacks exploiting CVE-2023-36884.