A quick Saturday digest of cybersecurity news articles from other sources.
CISA and Partners Release Joint Guide to Securing Remote Access Software
06/06/2023 08:00 AM EDT
Today, CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software.
Remote access software provides organizations with a broad array of capabilities to maintain and improve information technology (IT), operational technology (OT), and industrial control system (ICS) services; however, malicious actors often exploit this software for easy and broad access to victim systems.
CISA encourages organizations to review this joint guide for recommendations and best practices to implement in alignment with their specific cybersecurity requirements to better detect and defend against exploitation. Additionally, please refer to the additional information below on guidance for MSPs and small- and mid-sized businesses and on malicious use of remote monitoring and management software in using remote software and implementing mitigations.
Chrome zero-day: “This exploit is in the wild”, so check your version now
Chrome 0-day patched now, Edge patch coming soon.
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
Little Bobby Tables is back!
Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management and more, alerted customers of its MOVEit Transfer and related MOVEit Cloud products about a critical vulnerability dubbed CVE-2023-34362.
As the name suggests, MOVEit Transfer is a system that makes it easy to store and share files throughout a team, a department, a company, or even a supply chain.
In its own words, “MOVEit provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting.”
Unfortunately, MOVEit’s web-based front end, which makes it easy to share and manage files using just a web browser (a process generally considered less prone to misdirected or “lost” files than sharing them via email), turned out to have a SQL injection vulnerability. More…
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
06/07/2023 02:30 PM EDT
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.
The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.
CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
Gozi banking malware “IT chief” finally jailed after more than 10 years
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end…
History revisited: US DOJ unseals Mt. Gox cybercrime charges
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all…
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com