Cyber Security Today, Nov. 22, 2023 – Boeing division hacked through NetScaler vulnerability, and more

Share post:

Boeing division hacked through NetScaler vulnerability, and more.

Welcome to Cyber Security Today. It’s Wednesday, November 22nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Last week I told listeners that the LockBit ransomware gang had publicly released 45 gigabytes of data it recently stole from the parts distribution division of aircraft manufacturer Boeing. A report from U.S. cyber authorities released yesterday explained how it was done: The gang exploited a vulnerability in Citrix NetScaler ADC and Gateway appliances. The hole has been nicknamed Citrix Bleed. It allows attackers to bypass password requirements and multi-factor authentication. According to researchers at Mandiant, threat actors have been trying to exploit that vulnerability since late August. Citrix released security updates on October 10th. On October 27th LockBit claimed responsibility for the attack and said it would publish the stolen data if it wasn’t paid.

The first time I reported that Netscaler vulnerability was in a November 3rd podcast. That same episode included news that hackers were exploiting a vulnerability in Apache’s ActiveMQ message broker. A patch for that was issued on October 25th. But some people didn’t get the message, because this week researchers at Trend Micro said hackers are looking for unpatched Linux systems to compromise. If they do, they install a cryptocurrency miner to soak up processor power. Hackers are also trying to exploit this vulnerability to install malware or ransomware. Admins need to remember that ActiveMQ is a message broker that allows communications between different applications. Do you know if it’s in your IT environment? Has it been patched?

Still on Linux, in an October 4th podcast I reported a vulnerability in a library of the operating system that needed to be patched in Fedora, Ubuntu, Debian and other distributions. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its known exploited vulnerabilities catalog. That means federal civilian agencies have to get cracking and plug this hole. Businesses should too, if they haven’t already done so.

Personal information of staff working at the Idaho National Laboratory was stolen over the weekend. The lab is a federal nuclear energy research facility. In a statement to a local news service the lab said servers supporting its Oracle human resources system were hacked. The information of thousands of employees was apparently copied. According to Bleeping Computer, the SiegedSec hacktivist group says it is responsible and is publishing the data about staff members.

American car parts chain AutoZone is notifying almost 185,000 people that their personal information it has was stolen. How? A compromise of the MOVEit file transfer application it uses from Progress Software. Data included names and Social Security numbers.

Another American victim of a MOVEit hack has emerged. Enstar US, a re-insurance provider to other insurance companies, is notifying almost 65,000 people some of the personal data it holds was stolen in the hack of Enstar’s MOVEit server.

Security provider Sumo Logic says no customer data was impacted in cybersecurity incident earlier this month. On November 3rd the company detected an attacker used a compromised credential to access a Sumo Logic AWS account. As a result it urged customers to change their login credentials for accessing Sumo Logic products and related API keys.

Finally, is your IT security team concentrating on stopping malware? That may be the wrong strategy, according to researchers at Huntress Labs. In a report this week the company said threat actors continue to focus on breaking into IT networks by taking advantage of tools already in an environment. One example is remote monitoring and management software for administrators. This is particularly important for managed service providers to pay attention to, because they oversee IT environments of many customers. One solution: Deploy behavior analysis tools to help identify unusual behavior by those on your network.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov. 22, 2023 – Boeing division hacked through NetScaler vulnerability, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways