Last week cyber news
The Lockbit attack group announces that it hacked the Subway fast food chain. Subway is an American fast food chain, with branches all over the world. According to the company’s website, the chain has 36,821 restaurants in 102 countries and as of 2010 it is ranked as the largest fast food chain in the world. The Lockbit Group claims to have stolen hundreds of GB of data, which it will sell to competitors if Subway does not meet their demands.
Microsoft reports that hackers from Russia managed to break into some of the company’s systems and access the email accounts of senior executives, including those in the cyber field. Microsoft emphasizes that the attackers were not exposed to the information of the company’s customers
Recruitment and exits in Israel
The cyber company Vicarious, which develops software for the automatic correction of security weaknesses, reports raising $30 million.
Israeli domestic exit – Snyk company acquires Cyber Helios for an estimated amount of 25-30 million dollars.
The National Cyber Array
Vulnerabilities in Citrix/Netscaler ADC and Gateway servers – the vulnerabilities are in NetScaler ADC and Netscaler Gateway products, in the following versions:
1. NetScaler ADC and NetScaler Gateway14.1before14.1-12.35
2. NetScaler ADC and NetScaler Gateway13.1before13.1-51.15
3. NetScaler ADC and NetScaler Gateway13.0 before 13.0-92.21
4. NetScaler ADC 13.1-FIPS before 13.1-37.176
5. NetScaler ADC 12.1-FIPS before 12.1-55.302
6. NetScaler ADC 12.1-NDcPP before 12.1-55.302
One of the vulnerabilities (CVE-2023-6548) could allow an authenticated attacker to run remote code on the management interface. Access to NSIP, CLIP or SNIP is required in addition to access to the management interface.
The second vulnerability (CVE-2023-6549) could allow an attacker to perform a denial of service attack on the equipment. The equipment should be configured as: Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAAvirtualserver.
Attention that version 12.1 of the products is no longer supported (EOL) and is explicitly stated to be vulnerable!
Mitigation
It is recommended to test and install the following versions as soon as possible:
1. NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
2. NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
3. NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
4. NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
5. NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
6. NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP
Users of version 12.1 or earlier, it is highly recommended to update to a supported version of the product. The CVE-2023-6548 vulnerability originates in the management interface of the equipment. The company strongly recommends not to expose the management interface to the Internet, and to separate the traffic to the management interface by physical or logical means from normal network traffic. It is recommended to apply the company’s instructions for secure installation of the equipment.