Cybersecurity Daily: October 12, 2023

Your daily dose of relevant cybersecurity advisories, industry news, and product updates for October 12, 2023.

Alerts & Advisories

• Apple fixes iOS Kernel zero-day vulnerability on older iPhones
• Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin
• HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
• Adobe Acrobat Reader Vuln Now Under Attack
• Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws
• Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
• Google Chrome Use-after-free Flaw Let Attackers Perform Heap Exploitation
• LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
• Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
• One-Click ‘Gnome’ Exploit Is a Supply Chain Risk for Linux OSes
• Looney Tunables’ Linux Flaw Sees Snowballing Proof-of-Concept Exploits
• High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security
• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet
• Ransomware attacks now target unpatched WS_FTP servers
• A new Magecart campaign hides the malicious code in 404 error page

Cybersecurity News

• SEC to investigate Progress Software over mass MOVEit hack
• Hyped up curl vulnerability falls short of expectations
• Shadow PC warns of data breach as hacker tries to sell gamers’ info
• US Space Forces stops use of AI tools for information security concerns
• Pan-African Financial Apps Leak Encryption, Authentication Keys
• Simpson Manufacturing Takes Systems Offline Following Cyberattack
• New California Delete Act Tightens Rules for Data Brokers
• Israel-Hamas conflict extends to cyberspace
• Microsoft, American Express most spoofed brands in financial services phishing emails
• Air Europa data breach exposed customers’ credit cards
• Over 800k Flagstar Bank Customers Impacted by Third Data Breach Since 2021
• Phishers Spoof USPS, 12 Other Natl’ Postal Services

Products & Service

• Microsoft Defender now auto-isolates compromised accounts
• Google Adopts Passkeys as Default Sign-in Method for All Users
• Vanta bakes generative AI into core security and compliance product
• Wallarm and MuleSoft empower users to tackle API threats
• CyberArk enhances Secure Cloud Access for zero standing privileges in cloud security
• Veza releases new IGA solution to enhance identity security

For the latest news on malware and ransomware, check out our latest Weekly Malware Roundup.