CyberSecurity Updates

29 Oct

Roundcube Webmail servers under attack – Week in security with Tony Anscombe

Information

Video The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser 27 Oct 2023 This week, ESET research described how the Winter Vivern APT group has been exploiting a zero-day XSS vulnerability in Roundcube Webmail servers to target European governmental entities and a think tank. ESET researchers uncovered the attacks on October 11th while monitoring Winter Vivern’s cyberespionage operations, which typically…

Read More
28 Oct

ESET APT Activity Report Q2–Q3 2023

Information

ESET APT Activity Report Q2–Q3 2023 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from April 2023 until the end of September 2023. In the monitored timespan, we observed a notable strategy of APT groups utilizing the exploitation of known vulnerabilities to exfiltrate data from governmental entities or related organizations. Russia-aligned Sednit and Sandworm, North Korea-aligned Konni, and geographically unattributed Winter Vivern and Sturgeon…

Read More
27 Oct

In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
27 Oct

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

Information, Malware, News

A highly sophisticated piece of malware posing as a cryptocurrency miner has stayed under the radar for five years, infecting more than one million devices, cybersecurity firm Kaspersky warns. Dubbed StripedFly, the threat contains code sequences previously observed in the malware used by the threat actor known as the Equation Group, which has been linked to the US National Security Agency. Designed as a modular framework, StripedFly can target both Windows and Linux and comes…

Read More
27 Oct

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

Information, News

Security and application delivery solutions provider F5 on Thursday warned customers of a critical-severity vulnerability in its BIG-IP product. Tracked as CVE-2023-46747 (CVSS score of 9.8) and impacting the Traffic Management User Interface of the solution, the vulnerability allows an unauthenticated attacker to execute arbitrary code remotely. “This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. There…

Read More
27 Oct

CISA Announces Launch of Logging Made Easy

Attacks, Insights, Malware

Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience. Log management makes systems more secure. Until now, it has been a heavy lift for many targeted organizations, especially those with limited resources. CISA’s LME is…

Read More
27 Oct

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases

Attacks, Insights, Malware

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release…

Read More
27 Oct

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

Information

ESET Research ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible Matthieu Faou 25 Oct 2023  •  , 5 min. read ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS vulnerability in the Roundcube Webmail server on October 11th, 2023. This is a different vulnerability than…

Read More
26 Oct

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Information, News

Open source data integration platform Mirth Connect is affected by a remote code execution vulnerability that can be exploited without authentication, cybersecurity firm Horizon3.ai warns. Developed by NextGen HealthCare, Mirth Connect is a cross-platform interface engine that healthcare organizations rely on for information management. Tracked as CVE-2023-43208, the newly disclosed issue is a bypass for a critical-severity RCE flaw (CVE-2023-37679, CVSS score of 9.8) that was disclosed in August 2023 and which was addressed with…

Read More
26 Oct

VMware Releases Security Advisory for vCenter Server

Attacks, Insights, Malware

VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or take control of an affected system. CISA encourages users and administrators to review the VMware vCenter Server Out-of-Bounds Write Vulnerability VMSA-2023-0023 advisory and apply the necessary updates.  

Read More