Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
Citrix Warns of NetScaler Exploits in the Wild
Ealier this month, Citrix released fixes for CVE-2023-4966, an unauthorized data disclosure vulnerability in the NetScaler ADC (application delivery controller) and NetScaler Gateway products. The vulnerability affects NetScaler ADC if it is configured as a gateway (VPN virtual server, ICA proxy, CVPN or RDP proxy) or as a AAA (authentication, authorization and accounting) virtual server.
The vulnerability was discovered by Citrix's internal team, and at the time they disclosed it, they were not aware of any exploits in the wild.
But we all know how that goes: no sooner are patches or updated builds released than the bad guys get hold of them, do a diff against the unpatched version, find the modified code, reverse-engineer the fix and develop a matching exploit.
And sure enough, Citrix now has reports, via Mandiant, of incidents consistent with session hijacks, and credible reports of targeted attacks exploiting this CVE-2023--4966. CISA has also added this vuln to its Known Exploited Vulnerabilities Catalog. Customers using any of the affected builds should update immediately, and also kill all active and persistent sessions with the following commands:
kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
kill aaa session -all
clear lb persistentSessions
Shetty, Anil, CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway, blog post, 23 October 2023. Available online at https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/.
Mandiant, Remediation for Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966), blog post, 17 October 2023. Available online at https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966.
Microsoft To Invest $A5 Billion On AI and Cybersecurity In Australia
Timed to coincide with Prime Minister Athony Albanese's visit to the US comes news of Microsoft's investment of an additional $5 billion over the next two years in Australia. The investment was announced by the PM, along with Microsoft President Brad Smith and ANZ Managing Director Steve Worrall, at the Australian Embassy in Washington DC.
A large part of the investment will be in the construction of nine new data centers in Sydney, Melbourne and Canberra, primarily intended to support hyperscale cloud technology, particularly Microsoft's bold strategy to dominate the artificial intelligence market. This will add to an existing 20 data centers the company operates in Australia, and in order to staff these centres, in early 2024 the firm will open a new "Data Centre Academy", in conjunction with TAFE NSW, to train 200 people in two years. The company also proposes to support other programs which will deliver "digital skills training" to 300,000 Australians.
However, the other major part of the announcement related to cybersecurity, with increased collaboration between Microsoft and the Australian Signals Directorate in order to build a "cyber shield" which will boost Australia's protection from online threats. In a statement, the company said that the exchange of cyber threat information leads to better protection for Australian residents, businesses and government. The focus of its activity will be the detection, analysis and defence against the operations of nation-state advanced persistent threats.
ASD Director-General, Rachel Boble, said the investments would strengthen the agency's "strong partnership with Microsoft and ... turbocharge our collective capacity to protect Australians in cyberspace".
Murphy, Katharine and Daniel Hurst, Microsoft to help Australia’s cyber spies amid $5bn investment in cloud computing, The Guardian, 24 October 2023. Available online at https://www.theguardian.com/australia-news/2023/oct/24/microsoft-to-invest-5bn-in-australian-cybersecurity-over-next-two-years.
Ryan, Brad, Microsoft to help Australia build 'cyber shield', Anthony Albanese announces on Washington trip, ABC News, 24 October 2023. Available online at https://www.abc.net.au/news/2023-10-24/anthony-albanese-in-washington-dc-microsoft-deal/103012802.
Upcoming Courses
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 November 2023
- SE221 CISSP Fast Track Review, Sydney, 4 - 8 December 2023
- SE221 CISSP Fast Track Review, Sydney, 11 - 15 March 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 May 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 17 - 21 June 2024
- SE221 CISSP Fast Track Review, Sydney, 22 - 26 July 2024
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.