Cyber Security Today, Nov. 3, 2023 – Hackers are after vulnerable Apache and Citrix products

Share post:

Hackers are after vulnerable Apache and Citrix products.

Welcome to Cyber Security Today. It’s Friday, November 3rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


It didn’t take long for threat actors to exploit a vulnerability in the Apache ActiveMQ message broker. Apache announced the vulnerability and a fix on October 25th — a week ago Wednesday. Two days later researchers at Rapid7 detected attempts to exploit it and install the HelloKitty ransomware. The lesson: Patch Apache ActiveMQ if you haven’t already done so.

More on Apache: Earlier this year a vulnerability was reported in Apache Airflow, an open source platform for scheduling workflows in Amazon AWS and Google Cloud Composer. Unfortunately, say researchers at Tenable, the managed Airflow services provided by AWS and Google were using an unpatched version of this platform. AWS now offers a non-vulnerable version of Airflow, while Google is working on a new non-vulnerable. This is important because IT departments using Apache Airflow in a cloud environment have a choice of Airflow images from AWS and Google. They should make sure they are running the updated version.

Four threat actors are trying to exploit a recently disclosed vulnerability in Citrix’s NetScaler Application Delivery Controllers and Gateways. That’s according to researchers at Mandiant. Although the vulnerability was disclosed on October 10th, Mandiant says it’s been exploited since late August. Once devices have been compromised the attackers have taken over user sessions, bypassing password and multifactor authentication. It’s vital by now to patch these devices and look for indicators of network compromise.

There’s been a recent surge in threat actors taking advantage of spreading malware through Excel spreadsheets. That’s according to researchers at HP Wolf Security. Attackers are trying to infect peoples’ computers by emailing them what are supposed to be invoices. The emails were likely sent from a hacked email account so they don’t look suspicious to email security apps.

Application developers for cryptocurrency platforms should know they are targets for hackers. One of the most recent attempts to compromise their computers was caught by Elastic Security. A threat actor believed to be from North Korea pretended to be a member of a blockchain engineering community on the Discord platform. The attacker then offered members a link to a bot that is supposed to be a cryptocurrency utility. Installing the bot started a complicated infection chain. One lesson: Developers should always be wary of any applications they are offered. Even the trusted online community you belong to can hide a hacker.

How prepared is your IT infrastructure for power failures? I mention it because yesterday the core North American data centre of Cloudflare, which many organizations rely on for content delivery and mitigation of denial of service attacks, suffered a power outage. Impacted for much of the day were alerts, dashboards, load balancing, healthchecks and other services. Some core services flipped over to a backup data centre, but that only partially mitigated the impact.

There are 5.5 million people around the world holding cybersecurity jobs, a new high according to the ISC2, which offers cybersecurity certification programs> However, that’s still not enough meet the demand. In its annual survey released this week the organization said only 52 per cent of members questioned believe their organization has the people and tools to face cyber incidents over the next two years. Ninety-two per cent of respondents report skills gaps at their organization.

Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs and I will discuss allegations against SolarWinds, an international ransomware conference and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov. 3, 2023 – Hackers are after vulnerable Apache and Citrix products first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways