Security News

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.

Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "Critical" systems disabled following a recent security breach.Leaseweb took down some of the impacted systems to mitigate security risks and says that its teams are now working to restore critical systems affected in this incident.

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address previously associated with the Lazarus hacking group. The malware Cisco Talos researchers dubbed QuiteRAT is a simple remote access trojan that's similar to Lazarus Group's MagicRAT malware, only smaller in size.

The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis published today. What's more, a closer examination of the adversary's recycled attack infrastructure in its cyber assaults on enterprises has led to the discovery of a new threat dubbed CollectionRAT. The fact that the Lazarus Group continues to rely on the same tradecraft despite those components being well-documented over the years underscores the threat actor's confidence in their operations, Talos pointed out.

A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners. A new study by cybersecurity firm Critical Insight noted that while the sheer number of breaches against health care facilities is actually down, there is a spike in the number of people who have been affected by attacks as well as an increase in supply chain and third-party targets.

Google announced today new cybersecurity defense controls that will allow security teams to thwart social engineering attacks like phishing targeting Workspace users and prevent account takeover attempts. Prominently among these new capabilities is the ability to add an additional layer of protection that requires sensitive Google Workspace actions to be signed off by two admins.

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry that it said is being actively exploited in the wild, marking an escalation of its security woes. "If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal," the company said.

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359, relates to a deserialization flaw present in Adobe ColdFusion 2018 and ColdFusion 2021 that could result in arbitrary code execution in the context of the current user without requiring any interaction.

The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. BlackBerry's Threat Research and Intelligence team, which spotted the latest campaign in early June 2023, reports that Cuba now leverages CVE-2023-27532 to steal credentials from configuration files.

CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. "A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller," Citrix explains.