Featured Story
Zero-Day Alert! Critical Flaw in Citrix ADC and Gateway Exploited in the Wild
Citrix has disclosed a critical vulnerability (CVE-2023-3519, CVSS 9.8) allowing unauthenticated remote code execution in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. Versions 13.1, 13.0, and 12.1 are affected, with 12.1 now end-of-life.
Two additional CVEs were also disclosed:
- CVE-2023-3466: Reflected XSS attack (CVSS 8.3)
- CVE-2023-3467: Privilege escalation to nsroot (CVSS 8.0)
Admins should upgrade immediately and inspect shell logs and HTTP error logs for signs of compromise.
Patch urgently and conduct proactive threat hunting. Patching does not remediate historical compromise—look for web shells or suspicious admin activity. Our SOC team can assist with detection, validation, and containment guidance.
Other Stories
SophosEncrypt Ransomware Fools Security Researchers
A new ransomware strain disguised as a Sophos product caught researchers off guard. Initially thought to be part of a red team exercise, it was later confirmed as real malware. It’s written in Rust and includes links to a TOR-based affiliate panel.
Always verify software authenticity. Use code signatures, vendor validation, and endpoint protection to detect abuse. Our SOC team offers malware analysis support and EDR monitoring.
Dozens of Reports of CEO Fraud Targeting Belgian Organizations
Scammers are exploiting summer holiday periods to impersonate CEOs and CFOs. These attacks often occur before weekends or holidays, using urgency and secrecy to pressure finance staff into wiring large payments.
Use dual verification (phone/SMS/WhatsApp) before approving sensitive payments. Train staff to recognize fraud signs, and report suspicious messages to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our SOC is also available to advise on incident handling and prevention training.
Two Jira Plugin Vulnerabilities in Attacker Crosshairs
The “Stagil navigation for Jira – Menus & Themes” plugin contains two path traversal flaws (CVE-2023-26255 and CVE-2023-26256). Attackers are now actively exploiting these bugs to access sensitive configuration files on unpatched servers.
If you use this plugin, update to version 2.0.52 immediately. Public PoCs are available, and scanning has begun. We can help assess plugin exposure and audit Jira configurations.
Microsoft Relents, Offers Free Critical Logging to All 365 Customers
Microsoft has removed fees for extended security logging in Microsoft 365 following criticism from CISA and others. All license levels will now receive Purview Audit Standard logging, with 180-day retention and access to 30+ log types previously restricted.
This is a huge win for transparency and detection. We recommend activating the new logging features and reviewing access logs regularly. Our SOC can assist with log integration into SIEM and alerting workflows.
