22 November 2023
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability
Threat actors, including LockBit affiliates, exploit a severe Citrix NetScaler ADC and Gateway flawKey Facts:
- Exploitation targeted at gaining initial access to various environments.
- Joint advisory issued by U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI).
Microsoft Introduces Defender Bounty Program with Rewards Up to $20,000
Microsoft launches bug bounty program focused on enhancing Microsoft Defender security.Key Facts:
- Offers rewards ranging from $500 to $20,000 for identified vulnerabilities.
- Aims to strengthen security measures for Microsoft Defender platform.
CISA Directs Federal Agencies to Patch Looney Tunables Linux Bug
CISA issues an urgent directive for U.S. federal agencies to address an actively exploited Linux vulnerability.Key Facts:
- Vulnerability enables attackers to gain root privileges on major Linux distributions.
- Urgent call to secure systems against potential exploitation.
AutoZone Alerts Customers of MOVEit Data Breach
AutoZone notifies tens of thousands of customers regarding a data breach linked to Clop MOVEit attacks.Key Facts:
- Disclosure made after identifying customers potentially impacted by the breach.
- Alert aimed at raising awareness among affected customers.
DarkGate and Pikabot Malware Arise as Qakbot Successors in Advanced Phishing
Advanced phishing campaign introduces DarkGate and PikaBot malware variants following the dismantling of Qakbot.Key Facts:
- Emergence of DarkGate and PikaBot as successor malware strains in a sophisticated phishing operation.
- Indicates evolving tactics in phishing techniques.
Agent Tesla Malware Adopts ZPAQ Compression for Targeting Email Clients
New variant of Agent Tesla leverages ZPAQ compression to target data from email clients and web browsers.Key Facts:
- Exploiting ZPAQ compression for improved data theft from email clients and browsers.
- Indicates an enhanced level of stealth and data harvesting efficacy.