News – October 2023


  • Government-backed actors exploiting WinRAR vulnerability

    October 18, 2023

    In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still ...

  • Updated MATA attacks industrial companies in Eastern Europe

    October 18, 2023

    In early September 2022, Kaspersky researchers discovered several new malware samples belonging to the MATA cluster. As they were collecting and analyzing the relevant telemetry data, they realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. The actors ...

  • Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

    October 17, 2023

    Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that ...

  • Remediation for Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)

    October 17, 2023

    On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023. Successful exploitation could result in the ability to hijack existing authenticated sessions, therefore bypassing multifactor authentication ...

  • DarkGate Opens Organizations for Attack via Skype, Teams

    October 17, 2023

    From July to September, Trend Micro observed the DarkGate campaign (detected by Trend Micro as TrojanSpy.AutoIt.DARKGATE.AA) abusing instant messaging platforms to deliver a VBA loader script to victims. This script downloaded and executed a second-stage payload consisting of a AutoIT scripting containing the DarkGate malware code. It’s unclear how the originating accounts of the instant messaging ...

  • Analyzing cyber activity surrounding the conflict in the Middle East

    October 17, 2023

    In light of the ongoing escalation in the Middle East, Group-IB’s Threat Intelligence unit has been monitoring the activity of different threat actors involved in the conflict in cyber space. As they noted in the Hi-Tech Crime Trends 2022/2023 report, any rise in political tensions or the outbreak of hostilities is almost always accompanied by ...

  • Hackers trying to corrupt AI, raising level of ransomware threat

    October 17, 2023

    Cyber criminals are actively trying to corrupt generative artificial intelligence (AI), which may then put the ability to create ransomware in the hands of individuals. The looming threat is what keeps Mr Willis Lim, the director of the National Cyber Threat Analysis Centre at the Cyber Security Agency of Singapore (CSA), up at night. Generative ...

  • Over 70pc of Irish businesses suffered cyber attack in the past 12 months – report

    October 17, 2023

    Over 70pc of Irish businesses have suffered a cyber attack over the past year, a new report from insurer Hiscox has revealed. Around 71pc of the 200 Irish businesses surveyed experienced a cyber attack in the past 12 months, up 22pc from the same period last year. Ireland also had the highest median average number ...

  • Kaspersky uncovers APT campaign targeting APAC government entities

    October 17, 2023

    Kaspersky researchers have discovered a persistent campaign compromising a specific type of secure USB drive used to provide encryption for safe data storage. Dubbed “TetrisPhantom,” this espionage effort targets government entities in the Asia-Pacific region (APAC), and shows no discernible overlap with any known threat actor. These and other findings are detailed in Kaspersky’s new ...

  • Urgent global response needed for “insidious” cybercrime – Interpol

    October 16, 2023

    SINGAPORE – New types of cybercrime are emerging all the time. Manipulative and well-organized cybercriminals are exploiting digital technologies to tailor their attacks and target weaknesses in online systems, networks and infrastructures. The complex and borderless nature of cybercrime is compounded by the involvement of transnational organized crime groups, underlining the need to mount an ...