Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. CVE-2023-4966 is a critical-severity remotely exploitable information disclosure flaw Citrix fixed on October 10 without providing many details. On October 17, Mandiant revealed that the flaw was abused as a zero-day in limited attacks since late August 2023. READ MORE...
University of Michigan Says Personal Information Stolen in August Data Breach
The University of Michigan on Monday confirmed that personal information was accessed in a data breach discovered in August 2023. Initially disclosed at the end of August, the incident involved unauthorized access to the academic institution's campus computer network and resulted in system disruption and internet outages. The attackers, the university says, were able to access the personal information of students, applicants, alumni, donors, employees, and others. READ MORE...
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people's data
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people. Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms. READ MORE...
Meet Rhysida, a New Ransomware Strain That Deletes Itself
Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazil's popular PIX payment system users. Researchers from Kaspersky reported Rhysida is functioning as a ransomware-as-a-service (RaaS) operation with a demonstrated ability to quickly evolve. The ransomware campaign targeting PIX has been ongoing since December 2022, the Kaspersky team noted. READ MORE...
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Rockwell Automation has warned customers about the impact of an actively exploited Cisco IOS XE zero-day vulnerability on its Stratix industrial switches. Unidentified hackers have been exploiting two Cisco IOS XE zero-day vulnerabilities tracked as CVE-2023-20198 and CVE-2023-20273 to create high-privileged accounts on affected devices and deploy a Lua-based implant that gives them complete control of the system. READ MORE...
VMware reveals critical vCenter vuln that you may have patched already without knowing it
VMware has disclosed a critical vulnerability in its vCenter Server - and that it issued an update to fix it weeks ago, along with patches for unsupported versions of the software. The soon-to-be-acquired-by-Broadcom virtualization giant on Wednesday delivered news that its implementation of the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol contains an out-of-bounds write vulnerability. READ MORE...
- ...in 1881, artist and co-founder of the Cubist movement Pablo Picasso is born in Malaga, Spain.
- ...in 1957, voice actress Nancy Cartwright, best known for playing Bart Simpson and other characters on "The Simpsons", is born in Dayton, OH.
- ...in 1960, the Rev. Dr. Martin Luther King, Jr. is sentenced to four months in jail for participating in a sit-in at a segregated lunch counter.
- ...in 2001, Microsoft releases Windows XP.
