Organizations that have deployed controllers made by Rockwell Automation into their systems need to watch out. Researchers have laid bare a total of four bugs across its products that can trigger various conditions, such as privilege escalations, DoS, arbitrary code execution, and more. A couple of bugs in Citrix ADC and Gateway have become a concern as thousands of endpoints still lying unfixed, revealed NCC Group. The NSA also warned against this threat earlier this month.
Moreover, Cyber adversaries are increasingly using Google Ads to deliver Raccoon Stealer, IcedID botnet, and other malware families. They trap potential victims by promoting fake websites of top software and applications.
Top Breaches Reported in the Last 24 Hours
U.S. telecom provider suffers ransomware attack
Telecommunications company Intrado allegedly fell victim to a ransomware attack by the Royal group. Reports suggest that the attack began on December 1 and hackers demanded $60 million in ransom. According to hackers, they could harvest internal company documents, passports, and driving licenses of employees from its server.
Breach at U.S. healthcare provider
Lake Charles Memorial Health System (LCMHS), Southwest Louisiana, disclosed an unauthorized third-party intrusion in its network affecting 270,000 patients. It announced that the personal and medical information of individuals was compromised in a data breach. The organization did not comment on the nature of the cyberattack.
Top Malware Reported in the Last 24 Hours
Raccoon Stealer and IceID malware via Google Ads
Different malware operators are increasingly abusing the Google Ads platform to drop malware, including variants of Raccoon Stealer and the IcedID botnet. Threat actors clone the official websites of popular software to lure users into downloading their malicious versions.
Top Vulnerabilities Reported in the Last 24 Hours
Thousands of vulnerable Citrix products
NCC Group’s Fox IT team reported thousands of Citrix ADC and Gateway deployments vulnerable to two sensitive security holes. The first bug, CVE-2022-27510, is an authentication bypass flaw. The second bug, CVE-2022-27518 enables unauthenticated attackers to perform RCE attacks. The latter was being exploited in the wild during the release of a security update.
Flawed controllers at Rockwell Automation
Controllers by Rockwell Automation were found to host multiple high-severity flaws. The flaws identified are tracked as CVE-2022-3156, CVE-2022-3157, CVE-2022-46670, and CVE-2022-3166. Rockwell Automation has published individual advisories for each vulnerability. The firm is not aware of any exploitation of these.