Password manager 1Password has become the second publicized victim of Okta’s recent customer support breach. Okta, a cloud-based identity and access management (IAM) service, disclosed that a threat actor had used stolen credentials to access its customer support case management system and then leveraged its access to penetrate some of its customers. Companies should be aware of the sensitivity in sharing data with customer service agents and proactively protect their most sensitive accounts to prepare for a worst-case scenario.
VMware has issued an urgent advisory for critical vulnerabilities in its vCenter Server and VMware Cloud Foundation products. The vulnerabilities, identified as CVE-2023-34048 and CVE-2023-34056, allow for remote code execution and partial disclosure of information respectively. VMware has released patches for these vulnerabilities, including for older, end-of-life products. Additionally, VMware has warned of an authentication bypass flaw in VMware Aria Operations for Logs, urging users to apply available patches due to the risk of remote code execution.
A security flaw has been discovered in the libcue library used in GNOME Linux systems, which could lead to remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2023-43641, is caused by memory corruption in libcue and affects versions 2.2.1 and earlier. By tricking a user into downloading a malicious .cue file, an attacker can exploit the flaw to execute arbitrary code on the victim’s machine.
Microsoft has launched an early access program for its Security Copilot AI assistant, which aims to help security teams counter threats more efficiently. The AI assistant, similar to ChatGPT, provides instant incident summaries, rapid guided responses, simplified natural language queries, and real-time malware analysis. It also integrates with Microsoft’s 365 Defender Extended Detection and Response (XDR) platform and offers access to Microsoft Defender Threat Intelligence data at no cost.
During the first day of the Pwn2Own 2023 competition in Toronto, security researchers successfully hacked the Samsung Galaxy S23 smartphone twice. The vulnerabilities were exploited by Pentest Limited and the STAR Labs SG team, earning them cash prizes and Master of Pwn points. The competition also saw successful exploits on other devices such as Xiaomi smartphones, printers, smart speakers, NAS devices, and surveillance cameras.
The FBI and CISA have issued a joint cybersecurity advisory warning of increasing AvosLocker ransomware attacks targeting critical infrastructure sectors in the US. AvosLocker affiliates compromise networks using legitimate software and open-source remote system administration tools, and then use data extortion tactics with threats of leaking stolen data. The advisory recommends implementing necessary mitigations, such as application controls, limiting remote desktop services, restricting PowerShell use, and maintaining offline backups, to reduce the likelihood and impact of AvosLocker ransomware and other ransomware incidents.
A malvertising campaign has been targeting Brazil’s PIX instant payment system with a new malware called GoPIX. The campaign uses malicious ads that appear in search results for ‘WhatsApp web’ to redirect users to a malware landing page. The GoPIX malware functions as a clipboard stealer, hijacking PIX payment requests and replacing them with attacker-controlled strings.
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw. The vulnerability, tracked as CVE-2023-34051, allows for authentication bypass and remote code execution. Additionally, Citrix has released an advisory for a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway, which has been actively exploited in the wild.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.