Cyber Bits · · 2 min read

Cyber Bits: May 7, 2024

This week we have Citrix addressing a high severity flaw in Netscaler, a huge (and unsurprising) increase in supply chain breaches, the potential risk of LLMs and reports of APT28 leveraging a critical flaw in Outlook.

Cyber Bits: May 7, 2024

We know, we know - we missed a day. But with the Emancipation Day holiday in Cayman, we figured we could hold of an extra day. This week, we have Citrix addressing a high severity flaw in Netscaler, a huge (and unsurprising) increase in supply chain breaches, the potential risk of LLMs, and reports of APT28 leveraging a critical flaw in Outlook.

Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

Link: Darkreading, Bishop Fox

Citrix addressed a vulnerability in its NetScaler ADC and Gateway that was similar but less severe than the previously disclosed "CitrixBleed". Discovered by Bishop Fox, this flaw could let attackers occasionally extract sensitive data from memory, such as HTTP request bodies. Unlike CitrixBleed, which was widely exploited, this newly identified issue was less likely to yield valuable information. Citrix resolved the bug in NetScaler version 13.1-51.15 before it was publicly disclosed and did not assign a CVE identifier to it.

Supply Chain Breaches Up 68% Year Over Year, According to DBIR

Link: Darkreading, Darkreading, Verizon

Breaches involving third parties rose by 68% last year, according to Verizon's Data Breach Investigations Report. The increase, partly due to enhanced definitions of supply chain breaches, includes third-party software vulnerabilities often exploited in ransomware attacks. The report highlights the shift in treating such vulnerabilities as both a vendor management and vulnerability management issue, suggesting that organizations refine their vendor selection processes to mitigate future risks. This holistic approach is seen as crucial in addressing the broader implications of supply chain security.

LLMs & Malicious Code Injections: 'We Have to Assume It's Coming'

Link: Darkreading

At a CISO roundtable during the RSA Conference, the rising threat of prompt injection attacks on large language models (LLMs) was discussed as a significant emerging risk for organizations. Karthik Swarnam from ArmorCode highlighted the inevitability of such attacks, emphasizing the need for companies to understand and prepare for prompt engineering. He also noted that many companies are covertly using AI despite official policies, suggesting that firms should officially embrace AI with clear boundaries to enhance areas like customer service and incident response.

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Link: TheHackerNews

Czechia and Germany reported being targets of a prolonged cyber espionage campaign by the Russia-linked APT28, affecting political and infrastructure entities through a Microsoft Outlook flaw, CVE-2023-23397. This vulnerability enabled attackers to escalate privileges and conduct relay attacks. The campaign, which also implicated other European sectors, underscores a pattern of Russian cyber operations aimed at undermining democratic processes. This incident has drawn criticism from international bodies like the EU, NATO, and the governments of the UK and US, highlighting the geopolitical implications of such cyber activities.

Read next

Cyber Bits: July 8, 2024
Cyber Bits ·

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: June 24, 2024
Cyber Bits ·

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.