Take a look at this week's Cyber Weekly Digest where we dive into the latest cyber security news, including another UK police data breach and how threat actors have been able to compromise nearly 2,000 Citrix NetScaler servers. Keep reading to stay up to date on stories from across the world.
A threat actor has compromised nearly 2,000 Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. More than 1,200 servers were backdoored before administrators installed the patch for the vulnerability and continue to be compromised as they have not been checked for signs of successful exploitation. Although the exposure was patched at the end of July, many threat actors started exploiting it in the wild as a zero-day to execute code without authentication. Later in the month, the CISA warned that threat actors had leveraged the vulnerability to breach a critical infrastructure organisation in the US. Researchers scanned the internet for devices for the same web shells discovered in recent incident response engagements, finding 1,952 NetScaler servers backdoored.
Discord.io has shut down operations after suffering a major data breach exposing the personal details of its 760,000 members. A statement on their website confirmed that a snapshot of Discord.io’s users’ databases had been posted on a cybercrime market forum on Monday this week. The attackers were also offering the rest of the database for sale. The third-party service is not an official Discord website but allows server owners to create custom invites to their Discord channels. Discord.io added that it has cancelled all active subscriptions and will contact individual members immediately. It was revealed that the breach happened due to a vulnerability in the website’s code.
Norfolk and Suffolk police in the UK have confirmed the accidental exposure of more than 1000 individuals’ data. The exposure occurred due to a Freedom of Information response issued, which resulted in the inclusion of raw crime report data in some FOI responses between April 2021 and March 2022. The sensitive information breached included crime report data, details of witnesses, victims and suspects, including criminal acts such as domestic incidents and hate crimes. This follows the data breach last week, where the information on 10,000 officers and staff members from the Police Service of Northern Ireland was accidentally exposed.
This week researchers discovered 120,000 infected systems containing the credentials for cybercrime forums. Researchers noted that many of the computers belonged to hackers and had inadvertently infected their computers, leading to their credentials being stolen. The researchers were able to collect the information through publicly available leaks as well as info-stealer logs sourced directly from threat actors. Ironically, researchers found that hacker credentials were generally stronger than those for government websites.
Attackers claim to have breached the network of a major auction house and offered access to whoever was willing to pay $120,000. Researchers noted that this is one of the most expensive access sales on the Russian-speaking hacker forum Exploit. The hackers did not provide too many details but said they had privileged backend access to multiple high-end auctions (i.e. admin panel), like Stradivarius violins or collectable cars. The researchers found that access listings were majority under $1,000 and mainly targeted retail and finance in the US, Australia and the UK.