Another month has passed, and our team of experts have reported on some very spooky vulnerabilities, threats, and attacks dominating different industries!
To summarise, the University of Michigan announced a recent data breach, two hospitals in New York experienced a cyber attack, Okta’s systems were compromised in a hack, plus much more. But it isn’t all doom and gloom! This month, TryHackMe released a brand new learning path and two NEW recent threat rooms, and attended two very special events that we can’t wait to share with you.
Continue reading as we dive straight into October’s news!
The release of our NEW SOC Level 2 learning path!
On the 2nd of October, we launched our brand new SOC Level 2 learning path, suitable for advanced SOC professionals to enhance their skills in a real-world simulated environment.

Modules in the path include Log Analysis, Advanced Splunk, Advanced ELK, Detection Engineering, Threat Hunting, Threat Emulation, Incident Response, and Malware Analysis.
Looking to enroll in the path? You may wish to complete our SOC Level 1 learning path first, giving you a baseline of cyber threat intelligence, threat detection, digital forensics, endpoint security, plus much more. The SOC Level 2 learning path can also help you transition into a SOC Analyst (Level 2) position!
Looney Tunables CVE-2023-4911 vulnerability
At the beginning of the month, the CVE identifier CVE-2023-4911 was assigned to The Qualys Threat Research Unit (TRU), due to a critical security flaw in the GNU C Library's dynamic loader, known as ld.so. This vulnerability poses a significant risk since it allows attackers to escalate the privileges of a logged-on user and obtain full control of the vulnerable instance.
This vulnerability was introduced in glibc version 2.34 through commit 2ed18c. The vulnerability affects recent versions of major Linux distributions such as RHEL, Ubuntu, Fedora, Debian, Amazon Linux, Gentoo and any other distribution that uses glibc.
TryHackMe’s new recent threat room, Looney Tunables, walks you through how to:
- Exploit the Linux Linker via GLIBC_TUNABLES
- Learn how to predict memory addresses
- Build your library for PrivEsc
Confluence CVE-2023-22515 vulnerability
On the very next day (4th of October), Atlassian released a security advisory regarding CVE-2023-22515, a broken access control vulnerability, with an assigned CVSS score of 10.0.
The vulnerability was introduced in version 8.0.0 of Confluence Server and Data Center editions and is present in versions <8.3.3, <8.4.3, <8.5.2. According to Atlassian, the vulnerability has already been exploited in the wild. With unauthenticated users allowed to create administrator accounts in vulnerable versions of the Atlassian Confluence Server, CVE-2023-22515 presents a significant security risk.
TryHackMe’s new recent threat room, Confluence CVE-2023-22515, enables you to:
- Understand the root cause of the CVE-2023-22515 vulnerability
- Exploit the broken authentication and become the admin
- Learn how to detect and patch the bug
Cyber attack on New York hospitals
In late October, two hospitals in New York experienced a cyber attack. The targets for this attack were part of the Westchester Medical Center Health Network; HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainside Residential Care Center.
Currently, the cyber attack is still under investigation by local law enforcement, the FBI, and an independent cyber security firm. To address the threat, IT systems at all three facilities were shut down. As a temporary measure, ambulances were diverted and some patients at HealthAlliance Hospital were transferred to other facilities.
In August, we saw a similar attack which had impacted hospitals in California, Connecticut, Pennsylvania, Rhode Island, and Texas.
University of Michigan suffers data breach
This month, it was also announced that hackers broke into the University of Michigan’s network on the 23rd of August. The University of Michigan isolated its entire campus network upon detecting suspicious activity. However, it has since been revealed that hackers managed to access staff and students' sensitive personal data.
Exposed data includes:
- Social Security number
- Driver’s license or government-issued ID number
- Financial account or payment card number
- Health information
This attack targeted all members of the University, including students, applicants, alumni, donors, employees, patients, and research study participants. The University of Michigan is offering complimentary credit monitoring services for those affected.
Universities are at a high risk of cyber crime, with student data, personal information, and extremely valuable research causing educational institutions to be prime targets of attack.
Universities often lack the resources to secure their data adequately, which poses another motivation behind attacks. A recent study showed education and research was found to be the most attacked industry sector, seeing a 114% increase in the past two years. 75% of data breaches in the education sector occur at universities alone, while a third of UK universities have been hit with ransomware attacks over the past decade.
As offence is argued to be the best defence, offensive cyber security is invaluable for the cyber security positioning of educational institutions. With bite-sized training suited to all skill levels, TryHackMe can help omit risk and the repercussions of breaches that commonly occur in educational institutions.
CyberWomen Conference 2023
On the 25th of October, TryHackMe attended CyberWomen@Warwick, an amazing conference celebrating the awesome work that women contribute to cyber! CyberWomen is a student-led initiative with a passion for inspiring more women into the industry and promoting inclusivity and positive change within STEM.
The stories and experiences attendees heard were not only inspiring but are paving the way for the next generation of women in cyber.
We would like to say a huge congratulations to the Warwick and Coventry CyberWomen teams for bringing everyone together and making this happen. Your drive and determination to shine a light on the vital roles women play in this field are commendable and truly appreciated. Here's to a future in cyber that celebrates everyone!
Okta’s systems compromised
It is a bad time to need support! Okta Security detected unauthorised access using a stolen credential. The threat actor accessed Okta's support case management system, specifically recent support cases.
Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust.
— Matt Johansen (@mattjay) October 24, 2023
Here's everything we know about it:
Fortunately, the system is separate from the main Okta service, which remains unaffected. Auth0/CIC case management is also not impacted.
But what exactly can come from accessing support cases? Okta support may request customers to upload an HTTP Archive (HAR) file for troubleshooting. HAR files can contain sensitive data like cookies and session tokens, which can be exploited by malicious actors.
All customers affected have been informed and Okta has taken appropriate measures, for example revoking embedded session tokens. If you use Okta, you may also want to refresh your credentials and session tokens!
Has Google Chrome finally stopped phishing sites?
You may want to update your Google Chrome website browser, because this update may just save you! Google has developed a new solution to correct typos in the search bar, taking you to the correct website.
This involves using the user’s search history to approximate a user’s intended search results. The goal of this update is to attempt to reduce the amount of steps it takes a user to get to their desired website, of which will overall reduce the amount of risk a user is exposed to while browsing on the web.
This update aims to reduce the number of victims falling for phishing techniques similar to domain mismatching or look-a-like domains.
TryHackMe sponsors Lithuanian CTF event, Ugninis Skydas
On Friday the 20th of October, Jordan Pelling (Enterprise Customer Success Manager at TryHackMe) attended the three-day CTF event, ‘Ugninis Skydas’. TryHackMe sponsored and supported the event, run by the National Cyber Security Centre and Lithuanian Riflemen’s Union.

Ahead of the event, TryHackMe provided virtual machines, created custom labs, and even provided CTF winners with prizes, meanwhile, Scalewolf provided cash prizes for each of the winners.
We would like to say a very special thank you to all organisers and volunteers, and congratulations to all winners and participants!
If you want TryHackMe to support an upcoming CTF event, please reach out to our TryHackMe Business team!