Researchers from Wiz have discovered two vulnerabilities, named “GameOverlay,” in Ubuntu Linux that allow attackers to execute code with root privileges on 40% of Ubuntu Linux cloud workloads. These flaws are present in the OverlayFS module and result from Ubuntu’s changes to the module in 2018, creating potential entry points for cyber attackers to exploit cloud environments and elevate privileges. To mitigate the risks, security teams are urged to apply the latest patches and restrict OverlayFS to root users only, while maintaining up-to-date software in container-based environments to reduce exposure and enforce strict permissions across the cloud environment.
Aqua researchers have detected a new campaign targeting Apache Tomcat servers, exposing over 800 attacks with 96% linked to the notorious Mirai botnet. The threat actors exploit misconfigured and poorly secured servers, using a web shell script called “neww” to gain access and deploy a malicious web shell class named ‘cmd.jsp’ to execute arbitrary commands on the server, downloading 12 binary files for specific system architectures. The campaign highlights the importance of securing environments and practicing credential hygiene to prevent brute-force attacks, as the cybercriminals leverage infected hosts to orchestrate distributed denial-of-service (DDoS) attacks and deploy cryptocurrency mining malware, showing the growing popularity of cryptojacking attacks.
Ilya Sachkov, co-founder and CEO of Group-IB, has been sentenced to 14 years in a maximum-security jail by a Moscow city court for “high treason.” He was accused of providing classified information to foreign intelligence, leading to reputational damage to Russia’s national interests. The exact details of the charges remain undisclosed, and Sachkov is expected to appeal the decision, as his trial was conducted in complete secrecy with no public scrutiny. Group-IB has expressed full confidence in Sachkov’s innocence and has completely exited Russia, continuing operations under the new brand F.A.C.C.T.
The US Cybersecurity and Infrastructure Security Agency (CISA) reported that attackers are actively exploiting a critical remote code execution vulnerability in NetScaler ADC and NetScaler Gateway devices. Over 50% of the internet-exposed Citrix ADC appliances remain unpatched, making them vulnerable to the attacks. The flaw, tracked as CVE-2023-3519, allows for unauthenticated remote code execution and has been exploited by threat actors since June, leading to the deployment of webshells on compromised appliances.
The U.S. Securities and Exchange Commission (SEC) has approved new rules requiring publicly traded companies to disclose cyber attacks that have a “material” impact on their finances within four days of identification. The new obligations mandate detailed disclosure of the incident’s nature, scope, and timing, along with its impact, to bring more transparency and consistency to cybersecurity disclosure practices. However, concerns have been raised about the tight time frame, which could lead to inaccurate disclosures or potential security risks.
Hackers are using pay-per-click ads on search engines like Google and Bing to target IT professionals with malicious advertisements for popular IT tools, leading to ransomware attacks. The campaign, dubbed “Nitrogen,” tricks users into downloading legitimate software alongside a trojanized Python package containing initial access malware. The attackers aim to exploit the proximity of IT professionals to sensitive systems, making them high-value targets for future ransomware attacks. Cybersecurity professionals are urged to be vigilant and obtain software directly from trusted sources to avoid falling victim to such schemes.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.