VMware, a leading provider of virtualisation services, has issued an updated warning to its customer base concerning a high-risk security vulnerability identified in its Aria Operations for Logs. The flaw, designated as CVE-2023-34051 and carrying a CVSS score of 8.1, enables an attacker to bypass authentication and potentially execute remote code on the affected system. In their October 19 advisory, VMware detailed that an unauthorized person could upload files to the appliance's operating system, which could then result in remote code execution.
According to researchers this vulnerability serves as a patch bypass for a series of critical flaws that VMware had already addressed earlier in the year. An official patch doesn't always fully resolve a vulnerability highlighting the necessity for multiple layers of defence.
Simultaneously, Citrix has also released an advisory urging customers to fix CVE-2023-4966, a separate critical vulnerability affecting its NetScaler ADC and Gateway products, which is already being exploited. The issue, with a CVSS score of 9.4, has been linked to incidents of session hijacking and targeted attacks. Google-owned Mandiant has corroborated these findings. Given that a PoC exploit, named Citrix Bleed, is available, the likelihood of further exploitation is high.
The University of Michigan has confirmed that it fell victim to a data breach in late August, affecting a broad range of stakeholders including students, applicants, alumni, donors, and even medical patients and research participants. Unauthorised server access occurred between August 23rd and 27th, exposing a range of sensitive information. The university reacted by isolating its entire campus network from the internet to limit further damage.
Post-incident analysis by a specialised review team revealed that along with personal identification data such as names, the breach also compromised medical and financial records. Specific details exposed included Social Security numbers, driver’s license or other government-issued IDs, financial accounts or payment card numbers, and health-related information.
Those affiliated with the University's Health Service and School of Dentistry were also impacted, as their demographic, financial, and medical details—including medical record numbers, diagnosis, treatment, medication history, and information related to participation in research studies—were potentially compromised. The university has reached out to all individuals whose data was exposed, informing them about the extent of the breach and the nature of the data that was accessed. This incident underscores the far-reaching impacts of educational institutions falling prey to cybersecurity attacks. It's worth noting that universities and schools are often prime targets for hackers due to the rich trove of diverse personal and institutional data they hold.
UK Telecommunications leader British Telecom (BT) released new data that highlights the escalating scale of cyber threats.
The company's experts identified over 46 million potential cyber attacks worldwide every day, breaking down to more than 530 signals every second. Hackers are leveraging automation and machine learning technologies to relentlessly scan internet-connected devices for vulnerabilities.
According to BT the sectors most at risk are IT, defence, banking, and insurance. Retail, hospitality, and education are not far behind. Charities are another area of concern, having faced approximately 785,000 cyber attacks over the last 12 months. Adding to the gravity of the situation is a recent BT survey, which disclosed that 61% of businesses find it increasingly difficult to stay abreast of cyber security measures. The data underscores the urgent need for improved cyber security vigilance across all sectors.
A recent study by Abnormal Security delved into the effects of artificial intelligence (AI) on email security, revealing widespread concern among security experts. A staggering 98% of security leaders expressed worry about cyber security risks emanating from AI tools like ChatGPT, Google Bard, and WormGPT.
More than 80% of those surveyed indicated that their organisations have either already been targeted by AI-generated email attacks or strongly suspect such activities. Despite these concerns, a majority still rely on existing measures for email security. Specifically, 53% continue to use secure email gateways, while nearly half (46%) admit to lacking confidence in traditional methods to counter AI-driven attacks.
Interestingly, a significant 92% of respondents see the potential of using AI as a defence against AI-generated email threats. Moreover, over 94% believe that AI will significantly influence their cyber security strategies in the coming two years.
In November 2020, Capcom disclosed that it had been the victim of a significant security breach, with ransomware infecting its systems and leading to the theft of confidential data. Nearly three years on, the perpetrators, belonging to the ransomware group Ragnar Locker, have been arrested. An international investigation across 11 countries has successfully dismantled the group. Arrests occurred between 16th and 20th October this year, with the key individual apprehended in Paris. Additional arrests and computer seizures were made in Spain, Latvia, and Czechia.
The 2020 attack on Capcom resulted in the leak of sensitive employee data and even spoilers for games such as the Resident Evil 4 Remake, which was in development at the time. Capcom has yet to issue further comment on either the original breach or the recent arrests. Nonetheless, the takedown of such groups serves as a reminder that organisations must remain vigilant. Social engineering, phishing scams, and ransomware remain common tactics used by cybercriminals to infiltrate and steal data.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Integrity360's flagship conference Security First comes to Stockholm in 2023!
Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.