Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 13 - 19 January
Citrix 0-day vulnerabilities actively exploited
Citrix has issued a security advisory warning about the exploitation of two 0-day vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products.
The security flaws registered as CVE-2023-6548, CVSSv3 of 5.5 and CVE-2023-6549, CVSSv3 of 8.2 according to the company, affect the NetScaler administration interface and their exploitation could lead to remote code execution and denial of service attacks, respectively.
It should be noted that code execution requires attackers to log into low-privileged accounts with access to NSIP, CLIP or SNIP of the management interface. Also, the devices must be configured as a gateway or AAA virtual server to be vulnerable to DoS attacks.
Shadowserver reports that around 1,500 assets are exposed on the network.
New actively exploited 0-day in Chrome fixed
Google has released security updates to fix the first 0-day vulnerability in Chrome that has been exploited since the beginning of the year.
The company has fixed the flaw for Windows, Mac and Linux users. The vulnerability, known as CVE-2024-0519, is due to an out-of-bounds memory access weakness in Chrome's V8 JavaScript engine, which could allow attackers to access sensitive data or cause crashes.
In addition to this vulnerability, Google has also patched other flaws, such as CVE-2024-0517 and CVE-2024-0518, which allowed arbitrary code execution on compromised devices. Although Google is aware of the exploits used in attacks, it has not provided further details on these incidents.
Infostealers evade XProtect protection in macOS
SentinelOne's team of researchers have published a report in which they analyze three examples of infostealers that have the ability to evade the security solution built into macOS operating systems called XProtect.
- First, they highlight the KeySteal malware that is distributed as a Mach-O binary and aims to establish persistence and exfiltrate information from the macOS Keychain password management system.
- Secondly, they analyze Atomic Stealer, another infostealer that is written in Go, but which SentinelOne notes that they have already observed C++ variants that can evade detection, as it has replaced code obfuscation with AppleScript and includes anti-analysis capabilities in a virtual machine for analysis.
Lastly, they point to CherryPie malware, which stands out for being written in Go and having anti-analysis tools, as in the previous case.
Azorult malware resurfaces with new capabilities
Accordin to Cyble researchers, the Azorult malware, initially discovered in 2016, has re-emerged once again.
This malware features infostealer capabilities, being able to steal login credentials, search histories and cryptocurrency wallet details; as well as downloader capabilities, allowing it to download a loader from a remote server to subsequently execute the final malware.
It should be noted that both the final execution and loading of the loader avoid detection by executing in memory, leaving no traces on disk.
The researchers hypothesize that phishing attacks may have been used to distribute the shortcut files posing as PDFs, which actually contain the malware, as detected by VirusTotal, although the initial vector has not been confirmed.
Finally, it is noted that an obfuscated PowerShell script and commands to run a batch file using a task scheduler were detected in the shortcut files.
GitLab warns about critical zero-click vulnerability
GitLab has released security updates for the Community and Enterprise editions to address two critical vulnerabilities, one of which allows account hijacking without user interaction.
The zero-click vulnerability has been classified as CVE-2023-7028, has the highest severity score (10 out of 10) and is an authentication issue that allows password reset requests to be sent to arbitrary, unverified email addresses, allowing account takeover.
The second critical vulnerability is identified as CVE-2023-5356, has a severity score of 9.6 out of 10 and could be exploited by an attacker to abuse Slack/Mattermost integrations to execute slash commands as another user.
Some other reported vulnerabilities have been classified as CVE-2023-4812, CVE-2023-6955 and CVE-2023-2030.
