US federal agencies affected by MOVEit vuln, Pentagon leak suspect indicted, Suspected LockBit ransomware affiliate nabbed
US federal agencies affected by MOVEit breach
US officials confirmed Thursday that several federal agencies have been impacted by the Russia-based Clop ransomware gang’s ongoing attacks on the widely used MOVEit file transfer tool. The Department of Energy has been confirmed as one of several federal agencies breached. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said her team and the FBI are providing assistance to the affected agencies, who have yet to receive any related ransom demands. CISA’s response comes as Progress Software, who produces MOVEit, is working to fix a second vulnerability that has been discovered in MOVEit’s code.
On Wednesday, the Clop gang posted names of organizations who have fallen victim to their campaign to their darknet site. Oil giant Shell was among 26 organizations named and has since confirmed it is a victim.
(CNN?and?The Record?and?BBC)
Pentagon leak suspect indicted by a federal grand jury
Jack Teixeria, the Air National guardsman accused of leaking classified documents online, was indicted Thursday by a federal grand jury in Boston. The 21-year-old was arrested in April on charges of sharing highly classified military documents about the war in Ukraine, and other top national security issues, on Discord. Teixeria faces six counts of willful retention and transmission of national defense information. If convicted, he could face up to 10 years in prison for each charge and a fine of up to $250,000.?A federal judge had ordered Teixeira to remain behind bars until his trial.
(NPR)
Suspected LockBit ransomware affiliate nabbed
A Russian national has been arrested in Arizona and charged with executing at least five Lockbit ransomware attacks against victim computer systems in the United States and abroad between August 2020 and March 2023. Twenty-year-old Ruslan Magomedovich Astamirov is the third LockBit affiliate to be charged by the US Justice Department in the last seven months. If found guilty, he could face up to 20 years in prison and fines up to $250,000 or double the financial loss resulting from the offense, whichever is higher. On Wednesday, authorities also revealed that the Lockbit has carried out 1,700 successful attacks on US organizations since 2020, extorting roughly $91 million.?
Chinese spies blamed for attacks on Barracuda email gateways
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of the recently patched zero-day flaw (CVE-2023-2868 – CVSS score of 9.8) in Barracuda Email Security Gateway (ESG) appliances. The critical flaw allows for remote code injection and affects versions 5.1.3.001 through 9.2.0.006. Since as early as October 10, 2022, UNC4841 has been sending victim organizations emails containing malicious TAR file attachments designed to exploit the bug. Barracuda addressed the problem in late May, 2023, but has since urged affected customers to immediately replace the devices “regardless of patch version level.”
领英推荐
And now a word from our sponsor, Conveyor
Database containing millions of Zacks users’ info leaked online
A database containing personal information of over 8.9 million Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations. Zacks was notified of the issue by breach notification service Have I Been Pwned. Exposed records include names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes. The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords.?
Microsoft Azure subdomain takeovers continue to pose a threat
Subdomain takeover occurs when a domain is left open after deleting an Azure website, allowing cybercriminals to create fraudulent sites to impersonate organizations, launch attacks, and propagate spam. Researchers at Keytos have discovered that approximately 15,000 vulnerable subdomains per month are using cryptographic certificates. Microsoft’s attempts to address the issue through solutions like Defender have not fully resolved the problem. Despite the researchers attempts to notify over 1,000 organizations about their domain issues, only 2% have taken action to address the problem. Site owners can take measures to protect themselves including implementing certificate transparency monitoring, removing dangling DNS entries, and using Certificate Authority Authorization (CAA) records.
CISA and NSA publish BMC hardening guidelines
On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released joint guidance on hardening Baseboard Management Controllers (BMCs). BMCs are highly privileged computer hardware components that facilitate remote management and control and, if vulnerable, serve as attractive entry points for bad?actors seeking to compromise critical infrastructure. The agencies’ recommendations include protecting BMC credentials, enforcing VLAN separation, hardening configurations and performing routine BMC update checks. Organizations should also monitor BMC integrity, move sensitive workloads to hardened devices, use firmware scanning tools periodically and treat unused BMCs as potential security risks.
Hackers infect Russian-speaking gamers with WannaCry imposter
Researchers from Cyble have uncovered a phishing campaign targeting Russian-speaking players of Enlisted, a free-to-play World War II themed multiplayer first-person shooter game. Enlisted was published by Russia-founded company Gaijin Entertainment in 2021 and has between 500,000 and a million active monthly players. A fake Enlisted website hosts a legitimate game installer and ransomware that mimics the infamous WannaCry cryptoworm. The ransomware uses the ‘wncry’ file extension for encrypting files, and has been dubbed WannaCry 3.0, despite not being a genuine WannaCry variant.