Fortigate firewall flaw, BatCloak’s undetectable malware, Swiss government cyberattacks

Fortigate firewall flaw, BatCloak’s undetectable malware, Swiss government cyberattacks

Critical RCE flaw discovered in Fortinet FortiGate firewalls

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend, that the vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on every SSL VPN appliance.” French cybersecurity company Olympe Cyberdefense, in an independent alert, said the issue has been patched in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5, noting, “the flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated.”

(The Hacker News )

BatCloak engine makes malware fully undetectable

Researchers at Trend Micro describe this undetectable malware obfuscation engine as giving threat actors “the ability to load numerous malware families and exploits with ease through highly obfuscated batch files.” Active since September 2022, the researchers added that almost 80% of the total 784 artifacts unearthed have no-detection across all security solutions. The BatCloak engine forms the crux of an off-the-shelf batch file builder tool called Jlaive, which comes with capabilities to bypass Antimalware Scan Interface (AMSI) as well as compress and encrypt the primary payload to achieve heightened security evasion.

(The Hacker News )

Swiss Government targeted by series of cyberattacks

Last week, the Swiss government was investigating a ransomware attack on Xplain, a Swiss software vendor with ties to multiple government agencies, including the Swiss army, the Federal Office of Police (Fedpol) and the national railway company (FSS). That attack was attributed to the Play ransomware group, believed to be based in Russia. Yesterday, the websites of several Swiss federal agencies and state-linked companies became inaccessible due to a DDoS attack claimed by NoName, a pro-Russia threat group specializing in such attacks against Ukrainian and European organizations.

(Infosecurity Magazine )

Thanks to this week’s episode sponsor, Conveyor

No alt text provided for this image

More vulnerabilities found in MOVEit file transfer software

Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered more issues that the company said could be used to stage additional exploits. Progress said the discovery was made by cybersecurity firm Huntress, which it had engaged to conduct a detailed code review of its systems. The newly discovered exploits are distinct from the issue reported earlier, and as such another patch for MOVEit Transfer and MOVEit Cloud hasbeen issued to fix this latest discovered bug. Progress gave no description of the newfound vulnerabilities and said a CVE number or numbers are pending.

(The Register )

Confidential data downloaded from UK regulator Ofcom in cyberattack

In a related story, Britain’s communications regulator Ofcom announced on Monday that confidential information which it held on companies it regulates was downloaded by hackers exploiting a vulnerability in the MOVEit file transfer tool. “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” the spokesperson said. It is not known how many companies globally have been affected by the hacking campaign.

(The Record )

Last week in ransomware

The MOVEit Transfer data-theft attacks dominated last week’s ransomware news – in addition to Ofcom just mentioned, other organizations currently known to have been affected include: the BBC, Irish airline Aer Lingus, British retailer Boots, British Airways, the University of Rochester, the Government of Nova Scotia, Extreme Networks, the state of Illinois, the Minnesota Department of Education (MDE). Last week also saw the emergence of the new BlackSuit encryptor, thought to belong to the Royal ransomware group. New ransomware variants called Cyclops and Xollam emerged. Rhysida’s ransomware attack on the Chilean army has seen an Army corporal arrested for alleged involvement. There was also an attack on Japanese pharmaceutical company Eisai and Australia’s largest commercial law firm, HWL Ebsworth, refusing to give into ALPHV’s extortion demands. Listeners interested in observing an impressive family tree of ransomware operations created by CERT Orange Cyberdefense threat intelligence researcher Marine Pichon can check it out here.??

https://github.com/cert-orangecyberdefense/ransomware_map/blob/main/OCD_WorldWatch_Ransomware-ecosystem-map.pdf

(Bleeping Computer ?and?Cyber Security Headlines )

要查看或添加评论,请登录

社区洞察

其他会员也浏览了