Threat Intelligence Cybersecurity Hacking News December 29, 2022
Updated: Jan 3
Organizations that use Rockwell Automation controllers in their systems should be cautious. Researchers discovered four bugs in its products that can cause various conditions such as privilege escalation, DoS, arbitrary code execution, and more. NCC Group revealed that a couple of bugs in Citrix ADC and Gateway have become a concern, with thousands of endpoints still unfixed. The NSA issued a similar warning earlier this month.
Furthermore, cybercriminals are increasingly using Google Ads to distribute Raccoon Stealer, the IcedID botnet, and other malware families. They prey on unsuspecting victims by promoting bogus websites for popular software and applications.
Top Threat Intelligence Cybersecurity Breaches Reported in the Last 24 Hours
A ransomware attack has occurred in the United States.
The Royal group allegedly targeted the telecommunications company Intrado with a ransomware attack. According to reports, the attack began on December 1 and the hackers demanded $60 million in ransom. Hackers claimed they could obtain internal company documents, passports, and driving licences from the server.
Breach at U.S. healthcare provider
Lake Charles Memorial Health System (LCMHS), Southwest Louisiana, revealed an unauthorised third-party intrusion in its network that affected 270,000 patients. It announced that a data breach had compromised individuals' personal and medical information. The organisation did not respond to questions about the nature of the cyberattack.
Top Threat Intelligence Cybersecurity Malware Reported in the Last 24 Hours
Raccoon Stealer and IceID malware are distributed via Google Ads.
Malware operators are increasingly using the Google Ads platform to distribute malware, including Raccoon Stealer variants and the IcedID botnet. Threat actors imitate the official websites of popular software in order to trick users into downloading malicious versions..
Top Threat Intelligence Cybersecurity Vulnerabilities Reported in the Last 24 Hours
Thousands of Citrix products are at risk.
The Fox IT team at NCC Group reported that thousands of Citrix ADC and Gateway deployments were vulnerable to two critical security flaws. CVE-2022-27510 is an authentication bypass vulnerability. The second vulnerability, CVE-2022-27518, allows unauthenticated attackers to conduct RCE attacks. During the release of a security update, the latter was being exploited in the wild.
Rockwell Automation has faulty controllers.
Rockwell Automation controllers were discovered to have multiple high-severity flaws. CVE-2022-3156, CVE-2022-3157, CVE-2022-46670, and CVE-2022-3166 are the flaws identified. Rockwell Automation has issued separate advisories for each vulnerability. The company is not aware of any such exploitation.