Cybersecurity Update
Third Wave Innovations
A pioneering force in risk management, offers a powerful mix of technology and expertise.
Security Agencies Urge Users to Patch Citrix Zero-Day Flaw: Vulnerable Citrix Appliances Used in Healthcare Sector; Exploits Seen in the Wild. The bug, tracked as CVE-2023-3519, has a 9.8 CVSS score and gives RCE privileges to unauthenticated attackers. Citrix said the vulnerability is being actively exploited by unnamed threat actors.? Read More??
The Roundup:? The Citrix appliances are used in the healthcare sector for remote access and balancing network demands on applications such as electronic health records. Citrix did not say how many devices have been affected by the zero-day bug but "this product line is a popular target for attackers of all skill levels, and we expect that exploitation will increase quickly," said cybersecurity firm Rapid7.?
?
White House Unveils Cyber Trust Label for Smart Devices:? The Biden administration on Tuesday initiated a nationwide cybersecurity certification and product labeling program aimed at helping consumers choose smart devices that offer enhanced protection against hacking risks. Read More?
The Roundup:? The new U.S. Cyber Trust Mark program was proposed by Federal Communications Commission Chairwoman Jessica Rosenworcel will help consumers make informed purchasing decisions and identify products in the marketplace with higher cybersecurity standards, the White House said.??
?
Number of Victims Breached Via MOVEit Zero-Day Keeps Climbing: The Clop - aka Cl0p - ransomware group has claimed credit for attacks targeting Progress Software's widely used MOVEit file transfer software. The group targeted a zero-day vulnerability in the software, allowing it to access the software and steal data. Most of the attacks appear to have occurred on May 30 and May 31. Read More?
The Roundup:? Clop has been posting additional victims to its data leak site on a daily basis, typically in batches of 10. When an organization gets posted to Clop's site, it typically means the victim declined to pay a ransom. How many organizations did pay a ransom to avoid seeing their name get listed - and for a promise their stolen data would be deleted - remains unknown.?
?
?
Microsoft Expands Logging Access After Chinese Hack Blowback: A Microsoft customers will gain access to expanded cloud logging capabilities at no additional cost just days after lower-level customers were unable to detect a Chinese cyberattack. E3 Licensees Unlock Access to More Cloud Logs After Only E5 Clients Could Spot Hack. Read More?
The Roundup: "Asking organizations to pay more for necessary logging is a recipe for inadequate visibility into investigating cybersecurity incidents," CISA Executive Assistant Director Eric Goldstein wrote in a blog post. "We believe every organization deserves to have products that are secure by design and come with necessary security data 'out of the box.' Microsoft's announcement today is an important step." ?
?
?
?
JumpCloud breach traced back to North Korean state hackers: US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike, and Mandiant. Read More?
The Roundup: During the investigation, on July 5th, JumpCloud detected "unusual activity in the commands framework for a small set of customers." Collaborating with incident response partners and law enforcement, it also analyzed logs for signs of malicious activity and force-rotated all admin API keys.??
?
APT41 hackers target Android users with WyrmSpy, DragonEgg spyware:? The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. Read More?
The Roundup: "Lookout [security] researchers have not yet encountered samples in the wild and assess with moderate confidence that they are distributed to victims through social engineering campaigns. Google confirmed that based on current detection, no apps containing this malware are found to be on Google Play," Lookout said. ??
?
Estée Lauder beauty giant breached by two ransomware gangs: Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks. In a disgruntled message to the company, the BlackCat gang mocked the security measures, saying that they were still present on the network.? Read More?
The Roundup:? Referring to the security experts that Estée Lauder brought in to investigate, BlackCat said that despite the company using Microsoft’s Detection and Response Team (DART) and Mandiant the network remained compromised and they still had access.?
??
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw: As part of today’s out-of-band update, Adobe fixed three vulnerabilities: a critical RCE tracked as CVE-2023-38204 (9.8 rating), a critical Improper Access Control flaw tracked as CVE-2023-38205 (7.8 rating), and a moderate Improper Access Control flaw tracked as CVE-2023-38206 (5.3 rating).? Read More?
The Roundup:? As this vulnerability is actively exploited in attacks to take control of ColdFusion servers, it is strongly recommended that website operators install the update as soon as possible.?
?
Microsoft: Hackers turn Exchange servers into malware control centers: Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor.? Read More?
The Roundup: This malware is a cyberespionage tool that allows the threat actors to launch javascript on the device, steal data from event logs, steal information about systems files, and steal authentication tokens, cookies, and credentials from a wide variety of programs, including browsers, FTP clients, VPN software, KeePass, Azure, AWS, and Outlook.???
?
Justice Department Announces New National Security Cyber Section Within the National Security Division:? The Justice Department today announced the creation of the new National Security Cyber Section – known as NatSec Cyber – within its National Security Division. The newly established litigating section has secured congressional approval and comes in response to the core findings in Deputy Attorney General Lisa O. Monaco’s Comprehensive Cyber Review in July of 2022.? Read More?
The Roundup: Today’s announcement builds upon recent successes in identifying, addressing and eliminating national security cyber threats, including the charging of an alleged cybercriminal with ransomware attacks against U.S. critical infrastructure and disruption the Russian government’s premier cyberespionage malware tool.?