25-Oct-23: In Security News Today

1Password Becomes Latest Victim of Okta Customer Service Breach

Password manager 1Password has become the second publicized victim of Okta’s recent customer support breach. Okta, a cloud-based identity and access management (IAM) service, disclosed that a threat actor had used stolen credentials to access its customer support case management system and then leveraged its access to penetrate some of its customers. Companies should be aware of the sensitivity in sharing data with customer service agents and proactively protect their most sensitive accounts to prepare for a worst-case scenario.

Urgent Attention Needed for Critical Flaws in VMware Products

VMware has issued an urgent advisory for critical vulnerabilities in its vCenter Server and VMware Cloud Foundation products. The vulnerabilities, identified as CVE-2023-34048 and CVE-2023-34056, allow for remote code execution and partial disclosure of information respectively. VMware has released patches for these vulnerabilities, including for older, end-of-life products. Additionally, VMware has warned of an authentication bypass flaw in VMware Aria Operations for Logs, urging users to apply available patches due to the risk of remote code execution.

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor Winter Vivern, aligned with Belarus and Russia, has been observed exploiting a zero-day flaw in Roundcube webmail software to harvest email messages. The vulnerability, CVE-2023-5631, is a stored cross-site scripting flaw that allows remote attackers to load arbitrary JavaScript code. Winter Vivern initiates attacks with a phishing message that includes a Base64-encoded payload, leading to the exfiltration of email messages to a command-and-control server.

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

A security flaw has been discovered in the libcue library used in GNOME Linux systems, which could lead to remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2023-43641, is caused by memory corruption in libcue and affects versions 2.2.1 and earlier. By tricking a user into downloading a malicious .cue file, an attacker can exploit the flaw to execute arbitrary code on the victim’s machine.

Microsoft Announces Early Access Program for Security Copilot AI Assistant

Microsoft has launched an early access program for its Security Copilot AI assistant, which aims to help security teams counter threats more efficiently. The AI assistant, similar to ChatGPT, provides instant incident summaries, rapid guided responses, simplified natural language queries, and real-time malware analysis. It also integrates with Microsoft’s 365 Defender Extended Detection and Response (XDR) platform and offers access to Microsoft Defender Threat Intelligence data at no cost.

Samsung Galaxy S23 Hacked Twice on First Day of Pwn2Own Toronto

During the first day of the Pwn2Own 2023 competition in Toronto, security researchers successfully hacked the Samsung Galaxy S23 smartphone twice. The vulnerabilities were exploited by Pentest Limited and the STAR Labs SG team, earning them cash prizes and Master of Pwn points. The competition also saw successful exploits on other devices such as Xiaomi smartphones, printers, smart speakers, NAS devices, and surveillance cameras.

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

The FBI and CISA have issued a joint cybersecurity advisory warning of increasing AvosLocker ransomware attacks targeting critical infrastructure sectors in the US. AvosLocker affiliates compromise networks using legitimate software and open-source remote system administration tools, and then use data extortion tactics with threats of leaking stolen data. The advisory recommends implementing necessary mitigations, such as application controls, limiting remote desktop services, restricting PowerShell use, and maintaining offline backups, to reduce the likelihood and impact of AvosLocker ransomware and other ransomware incidents.

Malvertising Campaign Targets Brazil’s PIX Payment System with GoPIX Malware

A malvertising campaign has been targeting Brazil’s PIX instant payment system with a new malware called GoPIX. The campaign uses malicious ads that appear in search results for ‘WhatsApp web’ to redirect users to a malware landing page. The GoPIX malware functions as a clipboard stealer, hijacking PIX payment requests and replacing them with attacker-controlled strings.

PoC Exploits Released for Citrix and VMware Vulnerabilities

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw. The vulnerability, tracked as CVE-2023-34051, allows for authentication bypass and remote code execution. Additionally, Citrix has released an advisory for a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway, which has been actively exploited in the wild.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.