Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 42 – 2023

Publication date

23.10.2023

Featured Story

Over 10,000 Cisco Devices Hacked in IOS XE Zero-Day Attacks

A critical vulnerability (CVE-2023-20198) in Cisco IOS XE with Web UI enabled is being actively exploited. Threat actors are using it to take full control of routers and switches. VulnCheck detected thousands of infected internet-facing hosts. Cisco has provided guidance and detection tools.

SOC Analysis:
  • Disable Web UI and remove device management from the public internet.
  • Monitor logs for suspicious admin account creation.
  • Follow Cisco’s PSIRT guidance for mitigation and detection.
  • Subscribe to Cisco advisories to stay updated on critical threats.

Our SOC team can assist in reviewing device configurations and checking for IOCs.


Other Stories

New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack

Cofense has identified a widespread phishing campaign using LinkedIn Smart Links. Over 800 messages were observed, targeting users in the finance, energy, and manufacturing sectors. Smart Links bypass many security filters, making them an effective tool for harvesting credentials.

SOC Analysis:
  • Train staff to recognize Smart Link phishing attempts.
  • Enhance email gateway rules to flag suspicious URLs.
  • Monitor LinkedIn business accounts for misuse or unauthorized access.

DarkGate Malware Spreads Through Skype and Teams Messages

A threat actor is using compromised Microsoft Teams and Skype accounts to deliver DarkGate malware. Messages appear to come from trusted contacts and contain malicious attachments. DarkGate enables keylogging, crypto mining, and full remote access.

SOC Analysis:
  • Implement file scanning on Teams and Skype traffic.
  • Enforce MFA on all Microsoft 365 accounts.
  • Restrict external messaging where possible.

We provide secure collaboration assessments and malware detection support.


Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years Later

Researcher Joshua Rogers disclosed 55 vulnerabilities in Squid over two years ago, but 35 remain unpatched. The flaws could lead to crashes or remote code execution. Over 2.5 million Squid instances are still exposed online.

SOC Analysis:
  • Evaluate whether Squid is essential in your environment.
  • Monitor Squid updates and switch to supported alternatives if needed.
  • Segment and isolate proxy servers from critical infrastructure.

Several Belgian Government Websites Disrupted by DDoS Attack

The Royal Palace, Senate, and Prime Minister’s office websites were impacted by a DDoS attack earlier this week. Services were restored the same day. The origin remains unknown but is part of a trend targeting pro-Ukraine nations.

SOC Analysis:
  • Maintain strong DDoS protection through upstream filtering or scrubbing services.
  • Collaborate with public CERTs and private threat intel sources during major disruptions.
  • Simulate DDoS readiness internally to test your crisis response.

Our SOC team can help assess and improve your DDoS defense posture.


Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?