BleepingComputer.com: Cybersecurity News.

"Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attack."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 22 July 2023, 1505 UTC.  Content supplied by "BleepingComputer.com."

Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attacks

  • Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution (RCE) bug exploited by unauthenticated attackers in the wild as a zero-day.

  • Microsoft
     

Stolen Azure AD key offered widespread access to Microsoft cloud services

  • The Microsoft private encryption key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers.

  • Avaddon
     

The Week in Ransomware - July 21st 2023 - Avaddon Back as NoEscape

  • This edition of the Week in Ransomware covers the last two weeks of news, as we could not cover it last week, and includes quite a bit of new information, including the return of the Avaddon ransomware gang.

  • Money Extortion
     

Clop gang to earn over $75 million from MOVEit extortion attacks

  • The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.

  • CISA
     

Netscaler ADC bug exploited to breach US critical infrastructure org

  • The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.

  • Amazon
     

Amazon agrees to $25 million fine for Alexa children privacy violations

  • The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children's privacy laws violations related to the company's Alexa voice assistant service.

  • VirusTotal
     

VirusTotal apologizes for data leak affecting 5,600 customers

  • VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.

  • GitHub
     

GitHub warns of Lazarus hackers targeting devs with malicious projects

  • GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.

  • Hacker data center
     

Critical AMI MegaRAC bugs can let hackers brick vulnerable servers

  • Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International. 

  • Google Chrome
     

Google Chrome gets Windows 11's new design - how to enable it

  • Google's browser, Chrome, in its 115th version, has unveiled a feature that allows users to use Windows Mica material, a design element that enhances user personalization. To access this function, users are required to go to the Chrome flags menu and activate it manually.

  • North Korea hacker
     

JumpCloud breach traced back to North Korean state hackers

  • US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike, and Mandiant.

  • Redis
     

New P2PInfect worm malware targets Linux and Windows Redis servers

  • Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems.

  • gold-dragon
     

APT41 hackers target Android users with WyrmSpy, DragonEgg spyware

  • The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. 

  • Hacker
     

Estée Lauder beauty giant breached by two ransomware gangs

  • Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks.

  • Bing Chat
     

Hands on with GPT-4-powered Bing AI Chat's virtual search

  • Bing Chat continues to enrich its user experience by rolling out a new feature - Visual Search in Chat. This function combines the power of OpenAI's GPT-4 model with image search abilities to offer a more interactive way of browsing the web.

VIEW MORE

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

BleepingComputer.com

SecurityWeek Briefing