CISA warns organizations of exploited vulnerability affecting .NET, Visual Studio
CISA has added a zero-day flaw affecting Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities Catalog and its government “must patch” list. The vulnerability, tracked as CVE-2023-38180, was fixed by Microsoft in its August Patch Tuesday updates, which also address CVE-2023-36884, an Office vulnerability exploited by Russian threat actors. CVE-2023-38180 can be used for denial-of-service attacks, and Microsoft stated that it is aware of malicious exploitation. No details are available regarding any attacks that have already leveraged the vulnerability, but Microsoft’s advisory suggests that remote exploitation is possible without user interaction or privileges.
Dell Compellent hardcoded key exposes VMware vCenter admin creds
A hardcoded encryption key flaw in Dell’s Compellent Integration Tools for VMware enables the decryption of stored vCenter admin credentials and the ability to retrieve the cleartext password. This flaw is caused by a “static AES encryption key shared across all installs, that is used to encrypt the vCenter credentials stored in the program’s configuration file.” The software supports storage integration with VMware vCenter, which is used for managing ESXi virtual machines. But in order to integrate the client, “it must be configured with VMware vCenter credentials, which are stored in the Dell program’s encrypted configuration file.”
DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas
Attendees of the annual hacking conference in Las Vegas will have 50 minutes each at one of 156 laptops to try to steal information from AI chatbots, in the “largest-ever public exercise aimed at discovering the security weaknesses of large language models.” Participants in the event will be randomly assigned a model from one of the participating firms, which includes Microsoft, Meta, NVIDIA, and OpenAI, and will be provided with a list of challenges from which they can choose including “prompt hacking, security, information integrity, internal consistency, and societal harm.” Winners of the event are expected to be announced Sunday at the conclusion of the conference, but full results are not expected until February.
Potent trojans targeting MacOS users
Threat actors are becoming better at targeting Mac users through MacOS tailored malware, according to Bitdefender’s macOS Threat Landscape Report. While Apple’s ecosystem is less prone to attacks than operating systems like Microsoft’s Windows and Google’s ChromeOS, the researchers warned that “this false sense of protection often means malware tailored to infect Macs is better suited to its goals.” The report identified three key threats in 2022 – Trojans, Potentially Unwanted Applications (PUAs) and Adware – with Trojans making up over half (51.8%) of threat detections.
Thanks to this week’s episode sponsor, Conveyor
It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at www.conveyor.com.
IRS confirms takedown of bulletproof hosting provider Lolek
The takedown of this bulletproof hosting platform, conducted by authorities in the U.S. and Poland this week, was an effort to limit the anonymous access that cybercriminals have to critical tools. The operation also included the U.S. Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice, the agencies said. There also was “substantial assistance” by two Polish authorities. Lolek Hosted is is based in the United Kingdom and has operated since 2009 from a datacenter in Europe.
Attackers use EvilProxy phishing kit to take over executives’ Microsoft 365 accounts
Proofpoint, which released a report on the incidents on Wednesday, said the attacks “exhibited both the prevalence of pre-packaged phishing-as-a-service toolkits, as well as the increased bypassing of multi-factor authentication to gain access to accounts.” Proofpoint observed more than 100 organizations that had been targeted with EvilProxy, with 35% of the compromised accounts being MFA-enabled. They pointed out that more than “one-third of the accounts belonged to C-level executives, including CEOs and chief financial officers.”
APT31 linked to recent industrial attacks in eastern Europe
According to the latest findings from Kaspersky Threat Intelligence, the threat actor also known as Judgment Panda and Zirconium has been “linked to recent industrial attacks in eastern Europe. Their report highlights the threat actor’s “meticulous approach to crafting dedicated implants specifically designed for data collection and exfiltration from targeted networks and air-gapped systems,” and pointed out the misuse of cloud-based services like Dropbox and Yandex Disk to exfiltrate stolen data. The report highlights what sets APT31’s activities apart is “the calculated use of encrypted payloads, memory injections, and DLL hijacking to mask their actions.”
Tampa General Hospital sued over data breach
The class action lawsuit, launched by law firm Morgan & Morgan is on behalf of three victims affected by a data breach that occurred between May 12 and May 30, 2023. In this attack on the computer systems of Tampa General Hospital, PII and HIPAA data belonging to approximately 1.2 million patients was stolen. “The plaintiffs contend that Tampa General Hospital not only failed to secure their personal and medical data adequately but also exacerbated the situation by delaying the notification of victims until July 19—over two months after the initial breach.”