Security News

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. CVE-2023-3519 refers to a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could lead to unauthenticated remote code execution.

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. As reported today by Cyberint, many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability. The critical CVE-2023-3519 Citrix flaw was discovered in mid-July 2023 as a zero-day, with hackers actively exploiting it to execute code remotely without authentication on vulnerable devices.

The NSA discovered the intrusion in 2020-we don't know how-and alerted the Japanese. The hackers had deep, persistent access and appeared to be after anything they could get their hands on-plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter's sensitivity.

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems. In a public notice on its site, the Commission said that the intrusion was identified in October 2022, after suspicious activity was detected on its systems, but that it was clear that the attackers had first accessed those systems more than a year earlier, in August 2021.

Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution.

CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances by exploiting a now-patched zero-day bug. [...]

The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software. The Norwegian Security and Service Organization informed the National Security Authority when the cyberattack was discovered and engaged the police, who are currently investigating the incident.

Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised by the crew, and not TSMC itself. The crooks said TSMC has an August 6 deadline to cough up.

Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth. Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.