News – October 2023


  • How BPF-Enabled Malware Works

    October 19, 2023

    Berkeley Packet Filtering (BPF) is a kind of technology that allows programs to effectively execute code in the kernels of modern operating systems, such as Linux and Berkeley Software Distribution (BSD) variants. Soon, Windows will also add support for BPF. While many defenders might be unaware of its existence, cybercriminals have already started using BPF ...

  • Ransomware actor exploits unsupported ColdFusion servers – but comes away empty-handed

    October 19, 2023

    Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the network easily achievable. Sophos X-Ops has observed a wide variety of threats being delivered to ...

  • Another InfoStealer Enters the Field, ExelaStealer

    October 19, 2023

    In 2023, the InfoStealer market is a reasonably crowded affair. The likes of RedLine, Raccoon, and Vidar own a significant market share, with new entrants such as SaphireStealer appearing frequently. The latest entry, ExelaStealer has now taken the field. Very little backstory is available on ExelaStealer, with the earliest public mentions FortiGuard Labs could locate ...

  • Philippines to recruit ‘cyber warriors’ for online defence

    October 19, 2023

    The Philippine military is creating a cyber command to improve defences against almost daily cyber attacks and will relax recruitment rules to ensure it can attract online experts, the chief of the armed forces said on Thursday. Several government agencies, including the lower house of Congress, have recently reported cyber attacks and the chief of the ...

  • Top crypto firms named in $1bn fraud lawsuit

    October 19, 2023

    US prosecutors have accused three high-profile cryptocurrency firms of defrauding investors of more than $1bn. New York Attorney General Letitia James said Gemini, a crypto exchange, had lied to customers about the risks of an investment account it offered, which paid high interest rates on crypto. Genesis, a crypto lender, and its parent company Digital Currency ...

  • Hacker leaks millions more 23andMe user records on cybercrime forum

    October 18, 2023

    The same hacker who leaked a trove of user data stolen from the genetic testing company 23andMe two weeks ago has now leaked millions of new user records. On Tuesday, a hacker who goes by Golem published a new dataset of 23andMe user information containing records of four million users on the known cybercrime forum ...

  • Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

    October 18, 2023

    Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond ...

  • Government-backed actors exploiting WinRAR vulnerability

    October 18, 2023

    In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still ...

  • Updated MATA attacks industrial companies in Eastern Europe

    October 18, 2023

    In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. The actors ...

  • Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

    October 17, 2023

    Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that ...