Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

PolarDNS: Open-source DNS server tailored for security evaluations
PolarDNS is a specialized authoritative DNS server that allows the operator to produce custom DNS responses suitable for DNS protocol testing purposes.

Open-source AV/EDR bypassing lab for training and learning
Best EDR Of The Market is a user-mode endpoint detection and response (EDR) project designed to serve as a testing ground for understanding and bypassing EDR’s user-mode detection methods.

The shifting sands of the war against cyber extortion
Ransomware and cyber extortion attacks aimed at organizations are not letting up. Occasionally, they even come in pairs.

How LockBit used Citrix Bleed to breach Boeing and other targets
CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,” cybersecurity and law enforcement officials have confirmed on Tuesday.

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023.

Apache ActiveMQ bug exploited to deliver Kinsing malware
Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems.

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector
The Cybersecurity and Infrastructure Security Agency (CISA) has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks.

Microsoft announces Defender bug bounty program
Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs.

CISOs can marry security and business success
With an endless string of cyber fires to be put out, it’s easy to forget that the cybersecurity function in an organization doesn’t exist in a vacuum.

MFA under fire, attackers undermine trust in security measures
In this Help Net Security video, Renée Burton, Head of Threat Intelligence at Infoblox, discusses MFA attacks.

9 Black Friday cybersecurity deals you don’t want to miss
9 Black Friday cybersecurity deals you don’t want to miss.

NIS2 and its global ramifications
NIS2 is much wider in scope than its predecessor: all businesses – including small and micro businesses – that are deemed to have an important or essential role in a member state are now covered.

Segmentation proves crucial for fast response to security incidents
In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the recent surge of ransomware attacks in the U.S. and how it relates to microsegmentation.

Only 9% of IT budgets are dedicated to security
Despite their best efforts, 67% of businesses say they need to improve security and compliance measures with 24% rating their organization’s security and compliance strategy as reactive, according to Vanta.

Why boards must prioritize cybersecurity expertise
In this Help Net Security video, Graeme Payne, US Advisory Service Leader at Kudelski Security, discusses how, with the incredible number of complex threats facing modern businesses, board members must take an increased role in cybersecurity decisions – or face the consequences.

8 free AI and GenAI courses from AWS
Amazon’s AI Ready initiative aims to provide free AI skills training and education to 2 million people globally by 2025.

New horizons in cyber protection with 2024 trends to watch
In this Help Net Security video, Fei Huang, VP of Security Strategy at SUSE, dives into the latest cybersecurity predictions, unveiling the trends shaping our online defenses and exploring how innovation will safeguard our digital lives.

Organizations’ serious commitment to software risk management pays off
There has been a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors, according to Synopsys.

1 in 5 executives question their own data protection programs
In this Help Net Security video, Tanneasha Gordon, Deloitte Risk & Financial Advisory’s data & privacy leader, discusses how many executives realize that trust is crucial to driving brand value and earning sustained customer loyalty.

How effective compensation makes a difference with cyber talent retention
Aligning cybersecurity organization models with business objectives enables talent retention and security program success, according to IANS and Artico Search.

Smaller businesses embrace GenAI, overlook security measures
Organizations are feeling the pressure to rush into generative AI (GenAI) tool usage, despite significant security concerns, according to Zscaler.