VMware and Citrix issue advisories on high-severity security vulnerabilities
VMware, a leading provider of virtualisation services, has issued an updated warning to its customer base concerning a high-risk security vulnerability identified in its Aria Operations for Logs. The flaw, designated as CVE-2023-34051 and carrying a CVSS score of 8.1, enables an attacker to bypass authentication and potentially execute remote code on the affected system. In their October 19 advisory, VMware detailed that an unauthorized person could upload files to the appliance's operating system, which could then result in remote code execution.
According to researchers this vulnerability serves as a patch bypass for a series of critical flaws that VMware had already addressed earlier in the year. An official patch doesn't always fully resolve a vulnerability highlighting the necessity for multiple layers of defence.
Simultaneously, Citrix has also released an advisory urging customers to fix CVE-2023-4966, a separate critical vulnerability affecting its NetScaler ADC and Gateway products, which is already being exploited. The issue, with a CVSS score of 9.4, has been linked to incidents of session hijacking and targeted attacks. Google-owned Mandiant has corroborated these findings. Given that a PoC exploit, named Citrix Bleed, is available, the likelihood of further exploitation is high.
University of Michigan confirms August data breach, exposed diverse personal and institutional information
The University of Michigan has confirmed that it fell victim to a data breach in late August, affecting a broad range of stakeholders including students, applicants, alumni, donors, and even medical patients and research participants. Unauthorised server access occurred between August 23rd and 27th, exposing a range of sensitive information. The university reacted by isolating its entire campus network from the internet to limit further damage.
Post-incident analysis by a specialised review team revealed that along with personal identification data such as names, the breach also compromised medical and financial records. Specific details exposed included Social Security numbers, driver’s license or other government-issued IDs, financial accounts or payment card numbers, and health-related information.
Those affiliated with the University's Health Service and School of Dentistry were also impacted, as their demographic, financial, and medical details—including medical record numbers, diagnosis, treatment, medication history, and information related to participation in research studies—were potentially compromised. The university has reached out to all individuals whose data was exposed, informing them about the extent of the breach and the nature of the data that was accessed. This incident underscores the far-reaching impacts of educational institutions falling prey to cybersecurity attacks. It's worth noting that universities and schools are often prime targets for hackers due to the rich trove of diverse personal and institutional data they hold.
BT Reveals Soaring Rates of Cyber Threats
UK Telecommunications leader British Telecom (BT) released new data that highlights the escalating scale of cyber threats.
The company's experts identified over 46 million potential cyber attacks worldwide every day, breaking down to more than 530 signals every second. Hackers are leveraging automation and machine learning technologies to relentlessly scan internet-connected devices for vulnerabilities.
According to BT the sectors most at risk are IT, defence, banking, and insurance. Retail, hospitality, and education are not far behind. Charities are another area of concern, having faced approximately 785,000 cyber attacks over the last 12 months. Adding to the gravity of the situation is a recent BT survey, which disclosed that 61% of businesses find it increasingly difficult to stay abreast of cyber security measures. The data underscores the urgent need for improved cyber security vigilance across all sectors.
Recent study highlights concerns over AI-driven email attacks and the role of AI in cyber security defence
A recent study by Abnormal Security delved into the effects of artificial intelligence (AI) on email security, revealing widespread concern among security experts. A staggering 98% of security leaders expressed worry about cyber security risks emanating from AI tools like ChatGPT, Google Bard, and WormGPT.
More than 80% of those surveyed indicated that their organisations have either already been targeted by AI-generated email attacks or strongly suspect such activities. Despite these concerns, a majority still rely on existing measures for email security. Specifically, 53% continue to use secure email gateways, while nearly half (46%) admit to lacking confidence in traditional methods to counter AI-driven attacks.
Interestingly, a significant 92% of respondents see the potential of using AI as a defence against AI-generated email threats. Moreover, over 94% believe that AI will significantly influence their cyber security strategies in the coming two years.
Arrests Made in 2020 Capcom Cyberattack: Ragnar Locker Group Dismantled After International Investigation
In November 2020, Capcom disclosed that it had been the victim of a significant security breach, with ransomware infecting its systems and leading to the theft of confidential data. Nearly three years on, the perpetrators, belonging to the ransomware group Ragnar Locker, have been arrested. An international investigation across 11 countries has successfully dismantled the group. Arrests occurred between 16th and 20th October this year, with the key individual apprehended in Paris. Additional arrests and computer seizures were made in Spain, Latvia, and Czechia.
The 2020 attack on Capcom resulted in the leak of sensitive employee data and even spoilers for games such as the Resident Evil 4 Remake, which was in development at the time. Capcom has yet to issue further comment on either the original breach or the recent arrests. Nonetheless, the takedown of such groups serves as a reminder that organisations must remain vigilant. Social engineering, phishing scams, and ransomware remain common tactics used by cybercriminals to infiltrate and steal data.
