Threat Landscape Briefing – December 2023

In this month’s briefing we explore:

• Lockbit Affiliates Exploit Citrix Bleed (timestamp – 01:11)
  • Affiliates of the LockBit 3.0 ransomware group leveraged a vulnerability in Citrix Netscaler to bypass multifactor authentication (MFA) and hijack legitimate user sessions.
  • See Info-Tech’s Implement Risk-Based Vulnerability Management.
• Rising Threat: Remote Access Apps Exploitation (timestamp – 03:51)
  • Security experts are sounding the alarm over a targeted cyberattack campaign against US healthcare organizations.
  • See Info-Tech’s Build a Zero Trust Roadmap.
• BlueNoroff Targets Mac Users in the Financial Sector (timestamp – 06:44)
  • BlueNoroff, a hacking group with ties to North Korea, has been targeting Mac users in the financial sector – notably banks, venture capital firms, and cryptocurrency exchanges – using a simple but effective social engineering technique.
  • See Info-Tech’s Integrate Threat Intelligence Into Your Security Operations.
• Clop Ransomware Strikes Again by Exploiting Vulnerability (timestamp – 09:04)
  • Researchers have identified clop ransomware as the main culprits that were exploiting a new vulnerability in an IT support software that they attacked in November.
  • See Info-Tech’s Build Resilience Against Ransomware Attacks.
• Atlassian Confluence Vulnerability Under Attack (timestamp – 11:57)
  • Atlassian confirms that ransomware is exploiting the latest Confluence bug. Hackers using Cerber ransomware are taking advantage of this bug shortly after Atlassian made the vulnerability public.
  • See Info-Tech’s Build Your Security Operations Program.