CyberSecurity Updates

21 Jul

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

Information, News

Researchers at cloud security startup Wiz have an urgent warning for organizations running Microsoft’s M365 platform: That stolen Microsoft Azure AD enterprise signing key gave Chinese hackers access to data beyond Exchange Online and Outlook.com. “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive,” Wiz…

Read More
21 Jul

In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
21 Jul

Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm

Information, News

A Russian prosecutor on Friday requested an 18-year prison sentence for Ilya Sachkov, founder of one of the country’s topcybersecurity firms, on treason charges. Sachkov, 37, co-founded the Group-IB cybersecurity firm in 2003. It specializes in the detection and prevention of cyberattacks and works with Interpol and several other global institutions. “State prosecutors requested that Sachkov be sentenced to 18 years in prison,” his lawyer Sergei Afanasyev was quoted as saying by Russian news agencies.…

Read More
21 Jul

Atlassian Releases Security Updates

Attacks, Insights, Malware

Atlassian has released its Security Bulletin for July 2023 to address vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Atlassian’s July 2023 Security Bulletin and apply the necessary updates.

Read More
20 Jul

S3 Ep144: When threat hunting goes down a rabbit hole

Information, Uncategorized

by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that…

Read More
20 Jul

CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization’s NetScaler ADC appliance. The webshell enabled the actors to…

Read More
20 Jul

Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities

Information, News

Adobe has released a second round of patches for some recently disclosed ColdFusion vulnerabilities, including flaws that appear to have been exploited in attacks. On July 11, Adobe announced patches for CVE-2023-29298, an improper access control issue that can lead to a security feature bypass. On July 14, the company informed customers about fixes for CVE-2023-38203, a deserialization issue that could lead to arbitrary code execution.   A few days later, cybersecurity firm Rapid7 reported seeing…

Read More
19 Jul

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

Information

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud As European football teams prepare to kick-off their summer soccer tours in the USA it provides a huge opportunity for local fans to see some of the top teams and players in the world on their home turfs. For many English Premier League teams this is an established annual occurrence and is…

Read More
19 Jul

Child identity theft: how do I keep my kids’ personal data safe?

Information

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? Total identity fraud losses in the US were estimated at a whopping $43bn last year. While many of us are getting savvier about how we protect our personal information online, can we say the same about our children’s data? Child identity theft is more common than you might think. Almost a…

Read More
19 Jul

Microsoft hit by Storm season – a tale of two semi-zero days

Information

by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The bad news, even though only 25 organisations were apparently…

Read More