Cyber Bits · · 2 min read

Cyber Bits: May 7, 2024

This week we have Citrix addressing a high severity flaw in Netscaler, a huge (and unsurprising) increase in supply chain breaches, the potential risk of LLMs and reports of APT28 leveraging a critical flaw in Outlook.

Cyber Bits: May 7, 2024

We know, we know - we missed a day. But with the Emancipation Day holiday in Cayman, we figured we could hold of an extra day. This week, we have Citrix addressing a high severity flaw in Netscaler, a huge (and unsurprising) increase in supply chain breaches, the potential risk of LLMs, and reports of APT28 leveraging a critical flaw in Outlook.

Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

Link: Darkreading, Bishop Fox

Citrix addressed a vulnerability in its NetScaler ADC and Gateway that was similar but less severe than the previously disclosed "CitrixBleed". Discovered by Bishop Fox, this flaw could let attackers occasionally extract sensitive data from memory, such as HTTP request bodies. Unlike CitrixBleed, which was widely exploited, this newly identified issue was less likely to yield valuable information. Citrix resolved the bug in NetScaler version 13.1-51.15 before it was publicly disclosed and did not assign a CVE identifier to it.

Supply Chain Breaches Up 68% Year Over Year, According to DBIR

Link: Darkreading, Darkreading, Verizon

Breaches involving third parties rose by 68% last year, according to Verizon's Data Breach Investigations Report. The increase, partly due to enhanced definitions of supply chain breaches, includes third-party software vulnerabilities often exploited in ransomware attacks. The report highlights the shift in treating such vulnerabilities as both a vendor management and vulnerability management issue, suggesting that organizations refine their vendor selection processes to mitigate future risks. This holistic approach is seen as crucial in addressing the broader implications of supply chain security.

LLMs & Malicious Code Injections: 'We Have to Assume It's Coming'

Link: Darkreading

At a CISO roundtable during the RSA Conference, the rising threat of prompt injection attacks on large language models (LLMs) was discussed as a significant emerging risk for organizations. Karthik Swarnam from ArmorCode highlighted the inevitability of such attacks, emphasizing the need for companies to understand and prepare for prompt engineering. He also noted that many companies are covertly using AI despite official policies, suggesting that firms should officially embrace AI with clear boundaries to enhance areas like customer service and incident response.

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Link: TheHackerNews

Czechia and Germany reported being targets of a prolonged cyber espionage campaign by the Russia-linked APT28, affecting political and infrastructure entities through a Microsoft Outlook flaw, CVE-2023-23397. This vulnerability enabled attackers to escalate privileges and conduct relay attacks. The campaign, which also implicated other European sectors, underscores a pattern of Russian cyber operations aimed at undermining democratic processes. This incident has drawn criticism from international bodies like the EU, NATO, and the governments of the UK and US, highlighting the geopolitical implications of such cyber activities.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.