Thursday, September 21, 2023
HomeNetworkTigers NewsCybersecurity news weekly roundup July 31, 2023

Cybersecurity news weekly roundup July 31, 2023

SAN MATEO, CA, July 31, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

New SEC rule imposes 4-day deadline for private companies to report cyberattacks

The SEC has voted to impose a new deadline for private enterprises to publicly report a cyberattack should they be hacked. “The rules will require companies to determine whether a cyber attack it has suffered will have a material impact on its operations, and then disclose the event within four days of that determination.” The rules, according to SEC Chair Gary Gensler, “will enhance and help standardize disclosures to investors with regard to these public company cybersecurity practices.” The SEC says the new rules will make disclosures “more consistent” and “comparable.” The 4-day deadline is set to become effective 30 days after the new rules are published in the Federal Register. Read more.

Metabase BI software found to have major security flaw

Business intelligence and data visualization software Metabase has been found to have an “extremely severe” security flaw that could allow an attacker to execute remote code. The bug affects “open-source editions before and Metabase Enterprise versions before” The exploit has yet to be observed in the wild, but data reported by Shadowserver Foundation reveals that 5,488 of the total 6,936 Metabase instances are at risk. Users are urged to update to the most recent version immediately. Read more.

Organizations impacted by MOVEit data breach reach 455

Clop’s attack on MOVEit continues to make waves, as the list of organizations impacted by the breach has reached 455. Newly reported victims include healthcare risk adjustment firm Cognisight, Pacific Premier Bank, Northwestern Mutual, Transactions Applications Group, Sutter Senior Care, the Brighthouse and TransAmerica life insurance companies, and the U.S. colleges of Collin, Foothill and Lake Forest. According to security firm Emsisoft, at least 23 million individuals have had their personal data stolen up to this point and held for ransom. Read more.

Nearly 40% of Ubuntu users are vulnerable to newly introduced exploits

Ubuntu, one of the most commonly used Linux distributions, has two new vulnerabilities allowing unprivileged local users to “gain elevated privileges on a massive number of devices.” The flaws are “unique to Ubuntu kernels since they stemmed from Ubuntu’s changes to the OverlayFS module,” warned the Wiz researchers who discovered the bugs. Only Ubuntu is affected by these flaws. Other Linux distributions, even Ubuntu forks, “not using custom modifications of the OverlayFS module should be safe.” Read more.

New Decoy Dog is a new breed of malware with unique capabilities

Decoy Dog is a newly discovered piece of malware that displays a significant upgrade over the Pupy RAT it is based on. It possesses previously unknown capabilities, including transferring victims to another controller. This allows for communication with compromised machines for extended periods, with some victims having been in contact with Decoy Dog servers for over a year. The malware uses the domain name system (DNS) for command-and-control purposes, and its controllers have adapted their tactics to maintain access to existing victims. The origin of Decoy Dog is uncertain, but it is suspected to be operated by nation-state hackers. Read more.

Realst malware targets macOS users to steal crypto

Apple users are again in the crosshairs, as a new malware called “Realst” has been discovered targeting macOS. The malware’s latest variants are compatible with macOS 14 Sonoma, which the company is still developing. The campaign targets victims by posing as “fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolution, Pearl, Olymp of Reptiles, and SaintLegend.” Promoted on social media, the threat actors share game “access codes” via direct message, but only after screening victims to ensure they aren’t security researchers or others who may be privy to their scam. Sixteen variants of Realst have thus far been discovered. Read more.

Flaw in AMD Zen 2 processors can be used to pilfer data and passwords

AMD’s Zen 2 processors have been found to have a security vulnerability that threat actors can exploit to steal encryption keys and passwords. Codenamed “Zenbleed,” AMD explains that “under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly.” The company’s advisory says this “may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.” This exploit has not been witnessed in the wild at the time of this writing. Read more.

Trio of Atlassian RCE bugs allow for complete takeover

Three bugs can be exploited to allow threat actors to take over Atlassian instances, the company is warning. They say the “successful exploitation of any of the flaws” affecting Atlassian Confluence Data Center & Server and Bamboo “could offer a wide-open door into users’ cloud infrastructure, software supply chain, and more.” CISA is encouraging all users of Atlassian’s products to install updates immediately to protect their systems and data from exposure, theft, and takeover. Read more.

More than 15,000 Citrix servers exposed to zero-day exploit

Findings from the Shadowserver Foundation have revealed that more than 15,000 Citrix servers are vulnerable to a zero-day exploit that impacts NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The CVE-2023-3519 bug is a “code injection that could result in unauthenticated remote code execution” and has a CVSS score of 9.8. CISA has reported that threat actors exploit the bug to “drop web shells on vulnerable systems.” The attacks have not been attributed to a specific threat actor. Read more.

CISA tells government agencies to patch Adobe ColdFusion servers

CISA has given US government agencies three weeks to patch a pair of bugs in Adobe ColdFusion servers, one of which is a zero-day flaw. Adobe issued a patch that addressed the two flaws earlier in the month, but researchers at Rapid7 found that the security update was “incomplete,” as one of the two flaws could still be exploited via a minor tweak to the already discovered bug. While CISA’s warning is directed at government agencies, private organizations are strongly encouraged to update immediately. Read more.

More cybersecurity news

Derek Walborn
Derek Walborn
Derek Walborn is a freelance research-based technical writer. He has worked as a content QA analyst for AT&T and Pernod Ricard.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

Cybersecurity news weekly roundup July 31, 2023