Feature
#ELLIE • 6 min read

This Month in Cyber Security: October 2023

Another month has passed, and our team of experts have reported on some very spooky vulnerabilities, threats, and attacks dominating different industries!

To summarise, the University of Michigan announced a recent data breach, two hospitals in New York experienced a cyber attack, Okta’s systems were compromised in a hack, plus much more. But it isn’t all doom and gloom! This month, TryHackMe released a brand new learning path and two NEW recent threat rooms, and attended two very special events that we can’t wait to share with you.

Continue reading as we dive straight into October’s news!

The release of our NEW SOC Level 2 learning path!

On the 2nd of October, we launched our brand new SOC Level 2 learning path, suitable for advanced SOC professionals to enhance their skills in a real-world simulated environment.

Modules in the path include Log Analysis, Advanced Splunk, Advanced ELK, Detection Engineering, Threat Hunting, Threat Emulation, Incident Response, and Malware Analysis.

Looking to enroll in the path? You may wish to complete our SOC Level 1 learning path first, giving you a baseline of cyber threat intelligence, threat detection, digital forensics, endpoint security, plus much more. The SOC Level 2 learning path can also help you transition into a SOC Analyst (Level 2) position!

Looney Tunables CVE-2023-4911 vulnerability

At the beginning of the month, the CVE identifier CVE-2023-4911 was assigned to The Qualys Threat Research Unit (TRU), due to a critical security flaw in the GNU C Library's dynamic loader, known as ld.so. This vulnerability poses a significant risk since it allows attackers to escalate the privileges of a logged-on user and obtain full control of the vulnerable instance.  

This vulnerability was introduced in glibc version 2.34 through commit 2ed18c. The vulnerability affects recent versions of major Linux distributions such as RHEL, Ubuntu, Fedora, Debian, Amazon Linux, Gentoo and any other distribution that uses glibc.

TryHackMe’s new recent threat room, Looney Tunables, walks you through how to:

  • Exploit the Linux Linker via GLIBC_TUNABLES
  • Learn how to predict memory addresses
  • Build your library for PrivEsc

Confluence CVE-2023-22515 vulnerability

On the very next day (4th of October), Atlassian released a security advisory regarding CVE-2023-22515, a broken access control vulnerability, with an assigned CVSS score of 10.0.

The vulnerability was introduced in version 8.0.0 of Confluence Server and Data Center editions and is present in versions <8.3.3, <8.4.3, <8.5.2. According to Atlassian, the vulnerability has already been exploited in the wild. With unauthenticated users allowed to create administrator accounts in vulnerable versions of the Atlassian Confluence Server, CVE-2023-22515 presents a significant security risk.

TryHackMe’s new recent threat room, Confluence CVE-2023-22515, enables you to:

  • Understand the root cause of the CVE-2023-22515 vulnerability
  • Exploit the broken authentication and become the admin
  • Learn how to detect and patch the bug

Cyber attack on New York hospitals

In late October, two hospitals in New York experienced a cyber attack. The targets for this attack were part of the Westchester Medical Center Health Network; HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainside Residential Care Center.

Currently, the cyber attack is still under investigation by local law enforcement, the FBI, and an independent cyber security firm. To address the threat, IT systems at all three facilities were shut down. As a temporary measure, ambulances were diverted and some patients at HealthAlliance Hospital were transferred to other facilities.

In August, we saw a similar attack which had impacted hospitals in California, Connecticut, Pennsylvania, Rhode Island, and Texas.

University of Michigan suffers data breach

This month, it was also announced that hackers broke into the University of Michigan’s network on the 23rd of August. The University of Michigan isolated its entire campus network upon detecting suspicious activity. However, it has since been revealed that hackers managed to access staff and students' sensitive personal data.

Exposed data includes:

  • Social Security number
  • Driver’s license or government-issued ID number
  • Financial account or payment card number
  • Health information

This attack targeted all members of the University, including students, applicants, alumni, donors, employees, patients, and research study participants. The University of Michigan is offering complimentary credit monitoring services for those affected.

Universities are at a high risk of cyber crime, with student data, personal information, and extremely valuable research causing educational institutions to be prime targets of attack.

Universities often lack the resources to secure their data adequately, which poses another motivation behind attacks. A recent study showed education and research was found to be the most attacked industry sector, seeing a 114% increase in the past two years. 75% of data breaches in the education sector occur at universities alone, while a third of UK universities have been hit with ransomware attacks over the past decade.

As offence is argued to be the best defence, offensive cyber security is invaluable for the cyber security positioning of educational institutions. With bite-sized training suited to all skill levels, TryHackMe can help omit risk and the repercussions of breaches that commonly occur in educational institutions.

CyberWomen Conference 2023

On the 25th of October, TryHackMe attended CyberWomen@Warwick, an amazing conference celebrating the awesome work that women contribute to cyber! CyberWomen is a student-led initiative with a passion for inspiring more women into the industry and promoting inclusivity and positive change within STEM.

The stories and experiences attendees heard were not only inspiring but are paving the way for the next generation of women in cyber.

We would like to say a huge congratulations to the Warwick and Coventry CyberWomen teams for bringing everyone together and making this happen. Your drive and determination to shine a light on the vital roles women play in this field are commendable and truly appreciated. Here's to a future in cyber that celebrates everyone!

Okta’s systems compromised

It is a bad time to need support! Okta Security detected unauthorised access using a stolen credential. The threat actor accessed Okta's support case management system, specifically recent support cases.

Fortunately, the system is separate from the main Okta service, which remains unaffected. Auth0/CIC case management is also not impacted.

But what exactly can come from accessing support cases? Okta support may request customers to upload an HTTP Archive (HAR) file for troubleshooting. HAR files can contain sensitive data like cookies and session tokens, which can be exploited by malicious actors.

All customers affected have been informed and Okta has taken appropriate measures, for example revoking embedded session tokens. If you use Okta, you may also want to refresh your credentials and session tokens!

Has Google Chrome finally stopped phishing sites?

You may want to update your Google Chrome website browser, because this update may just save you! Google has developed a new solution to correct typos in the search bar, taking you to the correct website.

This involves using the user’s search history to approximate a user’s intended search results. The goal of this update is to attempt to reduce the amount of steps it takes a user to get to their desired website, of which will overall reduce the amount of risk a user is exposed to while browsing on the web.

This update aims to reduce the number of victims falling for phishing techniques similar to domain mismatching or look-a-like domains.

TryHackMe sponsors Lithuanian CTF event, Ugninis Skydas

On Friday the 20th of October, Jordan Pelling (Enterprise Customer Success Manager at TryHackMe) attended the three-day CTF event, ‘Ugninis Skydas’. TryHackMe sponsored and supported the event, run by the National Cyber Security Centre and Lithuanian Riflemen’s Union.

Ahead of the event, TryHackMe provided virtual machines, created custom labs, and even provided CTF winners with prizes, meanwhile, Scalewolf provided cash prizes for each of the winners.

We would like to say a very special thank you to all organisers and volunteers, and congratulations to all winners and participants!

If you want TryHackMe to support an upcoming CTF event, please reach out to our TryHackMe Business team!

authorBen Spring
Oct 30, 2023

Recommended

Get more insights, news, and assorted awesomeness around cyber training.

from-the-military-to-cloud-security-architect-how-steven-upshaw-used-tryhackme-to-reinvent-his-careerBlog • 3 min read

From the Military to Cloud Security Architect : How Steven Upshaw Used TryHackMe to Reinvent His Career

When Steven Upshaw retired from the U.S. military in 2021 after 25 years of service, he wasn’t sure what was next. What he did know was this: he still had the drive to serve, solve problems, and continuously grow.

how-tryhackmes-advanced-endpoint-investigations-learning-path-builds-the-cross-platform-expertise-modern-threats-demandBlog • 4 min read

How the Advanced Endpoint Investigation Learning path builds the cross-platform expertise modern threats demand

The Advanced Endpoint Investigations Path is a hands-on, lab-driven journey built to close the growing skill gap in digital forensics and incident response.

improving-incident-preparedness-with-tryhackmes-new-tabletop-exercises-ttx-productBlog • 4 min read

Improving incident preparedness with TryHackMe’s new tabletop exercises (TTX) product

We’ve launched a free TTX product that allows SOC and IR teams to create custom tabletop exercises within minutes. Organisations can use AI to tailor tabletop scenarios to their environment by providing details on their industry, common attack types, architecture and more.

Join over 640 organisations upskilling their
workforce with TryHackMe

TryHackMe for Business

We use cookies to ensure you get the best user experience. For more information contact us.

Read more