9 Jun 2023
Week in review
Greetings,
The ocean is an indispensable life source as it blankets 70% of our planet’s surface and generates at least 50% of Earths oxygen. To commemorate World Ocean Day I would like to pose a challenge for you all, whenever you visit the beach, choose to make a positive impact by leaving it in a better condition than when you arrived by collecting at least one piece of rubbish. Remember even small steps contribute to significant successes!
Just like the vastness of the ocean, the digital landscape is a deep-sea of data that remains largely unexplored and not fully comprehended. Where possible we need to take the advice of experts to ensure we are staying ahead of attackers and protecting ourselves as best we can. In our newest episode of Share Today Save Tomorrow, Anthony explores Mobile Device Security with Martin McGregor CEO of Devici. To enhance the security of your device and ensure the safety of your data, consider downloading an authenticator app on your phone. This app will provide an additional layer of security for all your applications, adding an extra layer to the authentication process and safeguarding your sensitive information.
Just as the ocean is in constant motion, cyber security threats continuously evolve and come in waves. They can be unpredictable and relentless constantly crashing on our shores and causing havoc. Recently an attack on MOVEit a private file-sharing platform faced a significant security breach which has sparked global concern. The cyber extortion group known as Clop, has come forward identifying themselves as being behind the attack and threatening to release stolen data unless the targeted organisations meet their ransom demands. Authorities have issued warnings regarding the global-supply chain attack as reportedly hundreds of organisations across different sectors could be impacted.The deep and unknown depths of the dark web can cause concern and requires awareness and proactive measure to navigate through these murky waters. But remember small steps to safeguard your businesses can make the biggest impacts! If you would like further advice on how to better safeguard yourself against possible attacks get in contact with us today!
Clop ransomware claims responsibility for MOVEit extortion attacks
Date: 2023-06-05
Author: Bleeping Computer
The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data.
This confirms Microsoft's Sunday night attribution to the hacking group they track as 'Lace Tempest,' also known as TA505 and FIN11.
The Clop representative further confirmed that they started exploiting the vulnerability on May 27th, during the long US Memorial Day holiday, as previously disclosed by Mandiant.
Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity
Date: 2023-06-06
Author: Dark Reading
Tagged, organized, and free for anyone who wants it, social media posts and data are an underused threat intelligence resource for many enterprise cybersecurity teams.
Just as cybercriminals have found social media platforms useful for gathering information on targets and launching attacks, network defenders should likewise be looking at Twitter and other similar public-facing social media data sources, so called open source intelligence (OSINT), to help inform cyber defenses, according to experts.
Sextortionists are making AI nudes from your social media images
Date: 2023-06-06
Author: Bleeping Computer
The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake content to perform sextortion attacks.
Sextortion is a form of online blackmail where malicious actors threaten their targets with publicly leaking explicit images and videos they stole (through hacking) or acquired (through coercion), typically demanding money payments for withholding the material.
In many cases of sextortion, compromising content is not real, with the threat actors only pretending to have access to scare victims into paying an extortion demand.
Law Council says privacy should be considered in cyber security review
Date: 2023-06-07
Author: iTnews
The Law Council of Australia has asked the government to deal with invasive personal data collection practices as part of a potential Cyber Security Act.
The council’s submission to the government’s cyber security discussion paper, published yesterday [pdf', said any Cyber Security Act should also look at ways Australians can verify their identity without providing excessive amounts of personal data.
Barracuda says hacked ESG appliances must be replaced immediately
Date: 2023-06-07
Author: Bleeping Computer
[Please also see AUSCERT bulletin ASB-2023.0107]
Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability.
"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned in an update to the initial advisory issued on Tuesday.
"Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."
According to Barracuda, affected customers have already been notified through breached ESGs' user interface. Customers who haven't yet replaced their devices are urged to contact support urgently via email.
ASB-2023.0107 – Barracuda Email Security Gateway Appliance (ESG): CVSS (Max): 9.8
A remote connection injection vulnerability has been detected in Barracuda Email Security Gateway devices. Barracuda advise its customers to replace impacted devices immediately.
ESB-2023.3285 – VMware Aria Operations for Networks: CVSS (Max): 9.8
VMware has released patches to remediate the command injection vulnerability in Aria Operations for Networks.
ESB-2023.3248 – ALERT Google Chrome: CVSS (Max): None
Google has released updates to its stable and extended stable channels, which will roll out over the coming days/weeks.
ESB-2023.3195 – Android OS: CVSS (Max): 9.8*
Security patch levels of 2023-06-05 or later address the security vulnerabilities affecting Android devices.
ESB-2023.3194 – GitLab Community Edition (CE) and Enterprise Edition (EE): CVSS (Max): 8.7
The most recent security patch release for GitLab Community Edition (CE) and Enterprise Edition (EE) contains important security fixes. The users are strongly advised to apply the patches as soon as possible to avoid being exploited.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
