1. Home
  2. Cybersecurity Events

Take action on the latest cybersecurity events

Cybersecurity advisories and events as they happen, with a clear action you can take.

Hackers target Roundcube webmail application vulnerability, compromise EU govt servers
published: Oct. 25, 2023
The Winter Vivern hacking group has actively targeted European government entities and think tanks by exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube Webmail, allowing them to inject malicious JavaScript code and steal emails.
Take action: An example of relatively low severity score vulnerability that's actively exploited. The fact that a vulnerability is not remotely exploitable doesn't mean that hackers won't find a way to exploit it - this time by packaging the exploit in an e-mail message and persuading a person close to the system run the exploit for them.
VMware reports public exploit of vRealize RCE vulnerability
published: Oct. 24, 2023
VMware has warned customers of an authentication bypass vulnerability in vRealize Log Insight (now VMware Aria Operations for Logs) with published exploit code enabling remote code execution. Albeit requiring specific conditions this vulnerability also serves as a bypass for a chain of critical flaws patched in January, allowing attackers to inject malicious files into unpatched VMware appliances.
Take action: If your VMware Aria application is exposed to the internet, lock it down so it's accessible only from trusted networks. Then, patch ASAP. Don't assume that having Aria locked down is enough - hackers will abuse it as a second stage attack after compromising something smaller and simpler, like a single computer via phishing.
Not surprisingly, WinRAR vulnerability is actively exploited
published: Oct. 18, 2023
Google's Threat Analysis Group warns of an actively exploited vulnerability (CVE-2023-3883) in WinRAR, affecting versions prior to 6.23, allowing attackers to execute arbitrary code when attempting to view a benign file within a ZIP archive. State-sponsored and financially motivated hackers are targeting the vulnerability because too many users haven't updated their WinRAR.
Take action: If you haven't updated your WinRAR to the latest version, do it now. Maybe you are still lucky and the hackers haven't targeted you yet.
JetBrains TeamCity vulnerability exploited by state sponsored hackers
published: Oct. 18, 2023
North Korean state-sponsored hacker groups, Diamond Sleet and Onyx Sleet, are actively exploiting a critical remote code execution vulnerability (CVE-2023-42793) in JetBrains TeamCity CI/CD server tool. The attack is potentially leading to source code theft and exposure of service secrets, with the attack putting at risk major organizations that use this tool.
Take action: Time for an urgent action. Lock down your TeamCity server from the internet if possible. And patch. NOW. Or get hacked and waste a bunch of time and stress to report incidents, change all secrets and review code in a hacked CI/CD.
Citrix Netscaler CVE-2023-4966 actively exploited
published: Oct. 18, 2023
The CVE-2023-4966 vulnerability in Citrix NetScaler ADC and NetScaler Gateway, exploited by hackers since August, allows them to bypass multifactor authentication through session hijacking, potentially compromising sensitive information.
Take action: As we have said the first time when the vulnerability was reported: You can't ignore this patch because by it's nature Netscaler is exposed to the internet (and hackers). And yet there were people who ignored this advisory and are being hacked. Patch. NOW.
Atlassian Confluence vulnerability exploited in active hacks by nation state groups
published: Oct. 11, 2023
Microsoft identified a nation-state actor, possibly linked to China's Ministry of State Security, exploiting a zero-day vulnerability in Atlassian's Confluence products, prompting urgent patches and inspection recommendations.
Take action: If you haven't been sufficiently motivated to patch your Confluence Server/Datacenter, we hope this particular report gives you the extra needed push. Implement mitigation reconfiguration or block the server from internet access immediately. Then start patching and checking for surprise admins already created.
Active credential harvesting attack on unpatched Citrix NetScaler
published: Oct. 9, 2023
IBM security teams have reported an ongoing credential harvesting campaign targeting vulnerable Citrix NetScaler gateways via CVE-2023-3519, exploited since June 2023, resulting in backdooring thousands of instances. The new malicious campaign is injecting scripts to steal user credentials.
Take action: It's no longer enough to patch your Citrix NetScaler. Now you should consider all your certificates and passwords compromised and start changing them.
Hackers try to inject password stealing code in GitHub by posing as Dependabot automated updates
published: Sept. 29, 2023
Cybercriminals conducted a fraudulent campaign by compromising GitHub accounts, posing as Dependabot automated updater tool to infiltrate projects and steal passwords from developers, primarily targeting users in Indonesia. Tje attack was used to exfiltrate GitHub secrets and manipulate JavaScript files for password theft.
Take action: All developers hate Dependabot alerts, since it's usually a lot of work to properly update packages. After this report some developers will argue that they are ignoring Dependabot alerts "because security" 🤷
Spyware injected into vulnerable iOS and Android Devices through Man-In-The-Middle Attacks
published: Sept. 25, 2023
Google detected an exploit chain targeting Android devices in Egypt, employing iOS and Android vulnerabilities to enable remote code execution, utilizing MitM attacks, and distributing the exploit through malicious links in SMS and WhatsApp messages.
Take action: Always patch your phones and your browsers to the latest versions. Because spyware used both by criminals and governments are using every chance they get to attack your phone/browser.
Healthcare industry targeted by exploiting ManageEngine vulnerabilities
published: Sept. 20, 2023
The U.S. Department of Health and Human Services warns of a significant cyber attack risk on healthcare and public health sectors by the North Korean Lazarus Group, exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine IT tools, allowing deployment of malware and emphasizing urgent software updates.
Take action: If you have delayed patching your Zoho ManageEngine products, it's high time to panic. And start patching. And check if you have already been hacked, because it's quite probable that you have.