AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/19/2023

VirusTotal leaked data of 5,600 registered users

VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). Google-owned VirusTotal is a popular online service for analyzing suspicious files and URLs to detect malware and malicious content through antivirus engines and website scanners.


Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw

Attackers have been exploiting a critical flaw in the WordPress WooCommerce Payments plug-in in a spate of attacks over the last few days that peaked at 1.3 million attempts against 157,000 sites on July 15, researchers have found. Researcher Michael Mazzolini of GoldNetwork discovered flaw — tracked as CVE-2023-28121 and rated as 9.8 out of 10 on the CVSS vulnerability rating scale — in March while doing white-hat testing through WooCommerce’s HackerOne program. Exploit code soon followed, particularly from RCE Security, which released a blog post earlier this month detailing how to take advantage of the flaw.


Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware

A threat actor infected their own computer with an information stealer, which has allowed Israeli threat intelligence company Hudson Rock to uncover their real identity. Using the online moniker ‘La_Citrix’, the threat actor has been active on Russian speaking cybercrime forums since 2020, offering access to hacked companies and info-stealer logs from active infections. La_Citrix, Hudson Rock says, has been observed hacking into organizations and compromising Citrix, VPN, and RDP servers to sell illicit access to them. The hacker, the cybersecurity firm says, was careless enough to infect their own computer with an information stealer and to sell access to the machine without noticing.


New critical Citrix ADC and Gateway flaw exploited as zero-days

Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and “strongly urges” to install updated versions without delay. The security issue may be the same one advertised earlier this month on a hacker forum as a zero-day vulnerability. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.


Google Cloud Build Flaw Enables Privilege Escalation, Code Tampering

A newly discovered vulnerability in Google Cloud Build enables attackers to tamper with and inject malware into images stored in Artifact Registry, Google’s repository for hosting software artifacts such as packages and container images. Any applications then making use of those compromised container images risk malware infections, denial-of-service attacks, data theft, and other negative impacts.

Related Posts