CyberSecurity Updates

10 Oct

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Attacks, Insights, Malware

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see: Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack Google: How it works: The novel…

Read More
10 Oct

Citrix Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967  Citrix Hypervisor Multiple Security Updates

Read More
09 Oct

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Information, Insights

The fake USPS phishing page. Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. KrebsOnSecurity recently heard from a reader who received an SMS purporting to have been sent by the USPS,…

Read More
09 Oct

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites

Information, News

A recently patched vulnerability affecting a plugin associated with the Newspaper and Newsmag themes has been exploited to hack thousands of WordPress websites as part of a long-running campaign named Balada Injector, GoDaddy-owned web security firm Sucuri warned on Friday. The exploited vulnerability, tracked as CVE-2023-3169, was discovered by a Vietnamese researcher in the TagDiv Composer front-end page builder plugin of the Newspaper and Newsmag premium themes, which have been sold nearly 140,000 times. The…

Read More
07 Oct

Fake friends and followers on social media – and how to spot them

Information

Social Media One of the biggest threats to watch out for on social media is fraud perpetrated by people who aren’t who they claim to be. Here’s how to recognize them. Phil Muncaster 06 Oct 2023  •  , 5 min. read Some 4.5 billion people worldwide, or almost 55 percent of the global population, have at least one account with one of the big players. And global internet users spend around two-and-a-half hours each day…

Read More
07 Oct

DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe

Information

Video The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine 06 Oct 2023 This week, ESET researchers released their findings about a cyberespionage campaign that took aim at a Guyanese governmental entity. Named Operation Jacana by ESET, the campaign deployed a previously undocumented backdoor, DinodasRAT, that can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing…

Read More
07 Oct

Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions

Information, News

Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. Minister of Economic Affairs Wang Mei-hua said Friday that the investigation will determine if the companies have violated regulations prohibiting sales of sensitive technologies and equipment to China. The Ministry of Economic Affairs summoned the semiconductor and factory services suppliers for questioning after a report by Bloomberg said they were working with Huawei as it builds a network…

Read More
06 Oct

Operation Jacana: Foundling hobbits in Guyana

Information

In February 2023, ESET researchers detected a spearphishing campaign targeting a governmental entity in Guyana. While we haven’t been able to link the campaign, which we named Operation Jacana, to any specific APT group, we believe with medium confidence that a China-aligned threat group is behind this incident. In the attack, the operators used a previously undocumented C++ backdoor that can exfiltrate files, manipulate Windows registry keys, execute CMD commands, and more. We named the…

Read More
06 Oct

MGM Resorts Says Ransomware Hack Cost $110 Million

Data Breaches, Information, News

Hospitality and entertainment giant MGM Resorts said costs from last month’s debilitating ransomware infection has exceeded $110 million, including $10 million in one-time consulting clean-up fees. In an SEC 8-K filing, MGM Resorts said the data-extortion attack caused operational disruptions, especially in its Las Vegas properties, and an estimated financial toll that includes about $100 million in lost revenue. MGM Resorts, which manages prominent hotels like Mandalay Bay (site of the Black Hat security conference),…

Read More
06 Oct

Android Devices With Backdoored Firmware Found in US Schools

Information, News

Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before…

Read More