Updated: Oct 23
Take a look at this week's Cyber Weekly Digest for a run down of our top cyber security news picks of the week. In this release, we take a look at another data breach affecting Sony as well as the latest Citrix Netscaler vulnerabilities. Keep reading to stay up to date on the latest cyber security news from across the globe.
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada. The systems compromised in the breach included "limited personal information of some employees and certain records," according to Air Canada's statement. However, the attackers now claim that the stolen documents contained much more extensive information. The threat actors also shared screenshots of the stolen data on their dark web data leak website as proof and a detailed description of what was stolen from the airline's network. BianLian claims to have exfiltrated technical and operational data spanning from 2008 to 2023. Air Canada has yet to disclose how many employees were affected by the incident, the date when its network was breached, and when the attack was detected.
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 vulnerabilities in its software, with two coming under active exploitation in the wild. The two zero-day flaws are CVE-2023-36563, an information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes and CVE-2023-41763, a privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks. Of the 103 fixes, 13 are rated Critical, and 90 are rated Important in severity.
Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances. The flaw is tracked as CVE-2023-4966 and has a CVSS rating of 9.4, being remotely exploitable without requiring high privileges, user interaction, or high complexity. The recommended action is to upgrade to a fixed version that implements security updates addressing the two flaws, although Citrix has provided no mitigation tips or workarounds this time.
Open-source tool Curl has announced the release of fixes for two vulnerabilities, CVE-2023-38545 and CVE-2023-38546. Curl is a command-line tool for data transfer supporting various network protocols that plays a vital role in countless applications, with over 20 billion installations worldwide. The high-severity vulnerability, CVE-2023-38545, affects both curl and libcurl, potentially allowing a heap buffer overflow in the SOCKS5 proxy handshake. This flaw could be exploited under specific conditions and poses a significant security risk. The release of curl 8.4.0 aims to address these vulnerabilities, primarily focusing on CVE-2023-38545. This update ensures that curl no longer switches to local resolve mode if a hostname is too long, thus mitigating the risk of heap buffer overflows.
Sony Interactive Entertainment has confirmed a MOVEit data breach that leaked the personal information of current and former employees and their family members. The Clop ransomware gang that exploited the SQL injection vulnerability CVE-2023-34362 in the MOVEit file transfer platform listed Sony as a victim in June 2023, although the company did not respond then. According to the incident notification letters sent to victims, the breach occurred before the zero-day was public knowledge in May 2023. Later, the Ransomed.vc group claimed they also breached "all of Sony's Systems", exfiltrating 260GB of data. According to Sony's investigation, the incident affected just a single server in Japan used for internal testing.