Articles of interest from the week of October 9, 2023

U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user. (The Hacker News)

“Adobe Acrobat, being a widely used PDF management software solution, has faced vulnerabilities seemingly since its inception. Historically, many allow for code execution, attracting the attention of both cybersecurity researchers and malicious actors alike, as is evident by a quick search through exploit-db. Adobe has actively addressed these continual concerns with patches and updates. However, given Acrobat's extensive usage, it remains a prime target. This once again highlights the importance of regular software updates, vigilant security practices, and overall defense in depth to safeguard against the exploitation of vulnerabilities.” – Jessica Owens, Tier 1 SOC Analyst at Ingalls Information Security

Dallas Says Royal Ransomware Breached Its Network Using Stolen Account

The City of Dallas, Texas, said that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.

Royal gained access to the City's network using a stolen domain service account in early April and maintained access to the compromised systems between April 7 and May 4. (BleepingComputer)

Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event

An Internet-wide security vulnerability is at the root of a zero-day attack dubbed "HTTP/2 Rapid Reset," which resulted in a distributed denial-of-service (DDoS) flood that was orders of magnitude larger than any previous attack ever recorded. It marks a new chapter in the evolution of DDoS threats, researchers noted. (Dark Reading)

One Out of Five Organizations Must Improve Their Security Posture to be Eligible for Cyber Insurance

As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements which puts the onus on organizations to be more secure. (KnowBe4)

New ZeroFont Phishing Tricks Outlook Into Showing Fake AV-Scans

Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. Although the ZeroFont phishing technique has been used in the past, this is the first time it has been documented as used in this way. (BleepingComputer)

Patch Tuesday, October 2023 Edition

On Tuesday Microsoft issued security updates for more than 100 newly discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. (Krebs on Security)