Daily Cyber Security News

2FA Thursday

Library of Congress says hackers got access to its emails with lawmakers' offices

The Library of Congress said hackers broke into its communications systems and were able to read its email correspondence with congressional ......

Hacker shows how criminals are stealing your SNAP benefits, and how to protect yourself

'Razzlekhan' Heather Morgan gets 18 months in Bitfinex hack - Axios

Idaho man sentenced for hacking Georgia city, extorting Florida orthodontist

CISA and FBI: Chinese Hackers Compromised US Telecom Networks - Hackread

Big Cyber

What CISOs need to know to build an OT cybersecurity program - TechTarget

Tasked with ensuring OT cybersecurity, many CISOs find themselves in unfamiliar territory. To mount an effective OT security program and get their ......

Cybersecurity advisory highlights top vulnerabilities of 2023 - SecurityBrief New Zealand

The CISO paradox: With great responsibility comes little or no power | CSO Online

Five Eyes nations reveal the top 15 most exploited flaws - The Register

Survey Shows Gaps in Storage Cybersecurity Knowledge and Practice - Yahoo Finance

Hard Tech

Check Point - Wrong Check Point (CVE-2024-24919)

Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze....

Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094

The WebP 0day: CVE-2023-4863

Critical Vulnerability: SysAid CVE-2023-47246

Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)

Stay Informed

Cisco disclosed two critical vulnerabilities (CVE-2023-20198 and CVE-2023-20273) affecting Cisco IOS XE software that could allow attackers to gain full control of affected devices.
The vulnerabilities affect devices with the HTTP server feature exposed to the internet. Cisco urged customers to disable HTTP on externally facing devices.
Cisco first detected suspicious activity exploiting CVE-2023-20198 on September 28. Attackers were creating local admin accounts on routers.
On October 12, Cisco observed more attacks creating local accounts and deploying an implant script to maintain access. The implant allows running arbitrary commands.
Over 40,000 internet-facing Cisco IOS devices were found to be compromised by the vulnerabilities as of October 19.
The attacks are believed to be carried out by the same actor. The threat actor tried to cover their tracks by clearing logs and removing created accounts.
Cisco scored CVE-2023-20198 a CVSS 10.0 (critical severity) and CVE-2023-20273 a CVSS 7.2 (high severity).
Patches for both vulnerabilities are estimated to be released on October 22 per Cisco's latest update.
Cisco and CISA have provided mitigation advice for customers including disabling HTTP, updating devices, and reporting compromised systems.