Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. However, investigators found that officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for different security tasks. READ MORE...
Slovenia-based ACROS Security this week announced the release of patches that address additional attack vectors for the PetitPotam vulnerability. Disclosed in late July, PetitPotam is a remote code execution vulnerability (CVE-2021-36942) that abuses the Encrypting File System Remote (MS-EFSRPC) protocol. An attacker exploiting the bug could get a targeted server to connect to an attacker-controlled server and perform NTLM authentication. READ MORE...
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer-no verification needed. And worse, the employer cannot easily take these down. The feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes. The attackers can use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company. READ MORE...
The InkySquid advanced persistent threat (APT) group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers noticed suspicious code being loaded on the Daily NK site, a news outlet focused on North Korea, starting in April. READ MORE...
Cisco this week published information on a critical code execution vulnerability affecting its small business RV110W, RV130, RV130W, and RV215W routers, but cautioned that there are no plans to release security fixes. Tracked as CVE-2021-34730 with a CVSS score of 9.8, the vulnerability exists in the Universal Plug-and-Play (UPnP) service of the affected routers and could be abused by an unauthenticated, remote attacker to execute code as root, or cause a denial of service condition. READ MORE...