Release Date: July 20 Alert Code: AA23-201A Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as…
Month: July 2023
Clop gang to earn over $75 million from MOVEit extortion attacks
Lawrence Abrams takes us through a recent Coveware report on Clop’s shifting strategies and how recent trends in exfiltration-only have impacted the amount of ransom victims are paying. Read his article on BleepingComputer. Related: Coveware: Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
How we tried to book a train ticket and ended up with a databreach with 245,000 records
To celebrate Franco-German friendship, German Transport Minister Wissing and his French counterpart Beaune came up with something special: 30,000 free Interrail tickets per country for travel in Germany and France for young adults between 18 and 27. Codename: “Passe France Allemagne” However, many things went wrong when the Interrail passes were distributed. In the following, we want…
WormGPT: Cybercriminals AI Tool Gained Over 5,000 Subscribers in Just a Week
Tushar Subhra Dutta reports: The revolutionary innovations by AI (Artificial Intelligence) include generative AI that has various creative potential, but along with that it also raises serious concerns with malicious tools like WormGPT. Since it’s a powerful generative AI-based tool, WormGPT enables attackers to create their own custom hacking tools that pose major cybersecurity challenges. Just after…
SEC to Consider Cyber Rules Next Week
Micaela McMurrough, Ashden Fein, David H. Engvall, Caleb Skeath, Kerry Burke, and Shayan Karbassi of Covington and Burling write: According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 meeting will include consideration of adopting rules to enhance disclosures regarding cybersecurity risk management, governance, and incidents by publicly traded companies….
Data breach exposes personal information of 4,000 Roblox developers
Jess Weatherbed reports: Sensitive information identifying thousands of Roblox creators has been exposed following a data breach impacting attendees at a conference for Roblox developers, which allegedly remained undisclosed by the company for at least two years. As reported by PC Gamer, the leak contains personal information from people who attended the Roblox Developer Conference between 2017-2020, including names, usernames, date of…