At a glance.
- CISA issues joint Cybersecurity Advisory on Citrix Bleed.
- Countering web shell threats.
- Law enforcement takes down "pig butchering" operations.
- Altman will return to OpenAI.
- Israeli honeypots deployed during the war.
- A renaissance in electronic warfare.
- And a response in the form of countermeasures.
- Online security during the holidays.
CISA issues joint Cybersecurity Advisory on Citrix Bleed.
The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) have released a joint Cybersecurity Advisory outlining LockBit 3.0 ransomware affiliates’ exploitation of the Citrix Bleed vulnerability (CVE-2023-4966) affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. CISA notes that both cybercriminal and nation-state threat actors are exploiting the vulnerability, which received a patch in October. For more on the joint Cybersecurity Advisory, see CyberWire Pro.
Countering web shell threats.
Akamai has published a report on the WSO-NG webshell, a newer version of the WSO webshell that “provides cyberattackers with the contemporary tools that are essential for navigating today's security-aware digital environment.”
The researchers note, “In the typical shared web hosting environment offered by many hosting providers, precautions are implemented to prevent website owners from accessing other sites on the same server and from escalating privileges. Hosting providers employ various mechanisms, such as restricting the use of risky PHP functions like direct shell command execution through the PHP add-filter functionality. WSO-NG incorporates a built-in exploit specifically designed to circumvent these security measures. Additionally, it capitalizes on a pre-existing exploit for executing arbitrary code in FastCGI environments, a prevalent configuration in web hosting. This enables it to escalate privileges and establish a foothold at the ‘root’ level.”