Switzerland under cyberattack
The Swiss government is under DDoS attacks, but several ransomware gangs have also turned their sights on other Swiss organizations.
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign
Affected Platforms: FortiOS Impacted Users: Targeted at government, manufacturing, and critical infrastructure Impact: Data loss and OS and file corruption Severity Level: Critical Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context to that advisory, providing our customers with additional details to help them make informed, risk-based decisions, and provides our perspective relative to recent events involving malicious actor activity.
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.
CVE-2023-34362
On May 31, 2023, Progress Software disclosed a critical SQL injection vulnerability that was later assigned CVE-2023-34362. Rapid7 has observed exploitation in…
How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program
Regime has trained cybercriminals to impersonate tech workers or employers, amid other schemes
Shell Recharge security lapse exposed EV drivers’ data
Oil giant Shell said it is investigating after a security researcher found an exposed internal database spilling the personal information of drivers who use the company’s electric vehicle charging stations.
Les CFF et le canton d'Argovie aussi concernés par la cyberattaque qui a touché la société Xplain
Les CFF et le canton d'Argovie sont à leur tour concernés par la cyberattaque qui a touché la société informatique bernoise Xplain. Des données ont été volées, ont indiqué l'entreprise ferroviaire et le canton. Une fuite a entraîné le vol des données, ont confirmé dimanche les CFF, suite à un article de la NZZ am Sonntag. De leur côté, les autorités argoviennes font savoir qu'"un petit volume de données opérationnelles liées à des protocoles d'erreur qui étaient analysées chez Xplain" est concerné par la fuite, ainsi que "de la correspondance commerciale".
Cyber Extortion activity reached the highest volume ever recorded in Q1 2023 after a decline of 8% in 2022, reveals new Orange Cyberdefense report
- The shift previously observed in the geographical location of cyber extortion (Cy-X) victims continues to accelerate, moving from the United States (-21%), and Canada (-28%) to Southeast Asia region (+42%), the Nordics (+40%) & Latin America (+32%). * Whilst Manufacturing continues to be the biggest industry impacted, the number of victims decreased (-39%), with a shift towards the Utilities sector (+51%), Educational Services (+41%) and Finance and Insurance Sectors (+11%). * Businesses in 96 different countries were impacted by Cy-X in 2022, equating to nearly half (49%) the countries in the world. Since 2020 Orange Cyberdefense has recorded victims in over 70% of all countries worldwide * Over 2,100 organizations in the world were publicly shamed as a victim of Cy-X in 2022, across an almost even distribution of business sizes.
MOVEit Transfer and MOVEit Cloud Vulnerability
This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates. CVE-PENDING (June 9, 2023) CVE-2023-34362 (May 31, 2023)
Turkish Citizens' Personal Data Offered Online After Govt Site Hacked
In a major digital security breach, a website is offering personal data about Turkish citizens including President Recep Tayyip Erdogan that appears to have been stolen by hackers from a government services website.
Pro-Ukraine hackers bring Russian banking system to its knees
A team of hackers, hacked into several Russian businesses and the nation's largest ISP and service provider to the Central Bank of Russia. Because of the hack, the Russian banking system went down. The hackers also put up pro-Ukrainian posters on the hacked websites.
Cyberattaque contre l'entreprise Xplain: l'administration fédérale est également touchée
Informations actuelles de l'administration. Tous les communiqués de l'administration fédérale, des départements et des offices.
La commune vaudoise de Bex touchée par une cyberattaque
Les cybercriminels ont fait une nouvelle victime en Suisse romande.
Another huge US medical data breach confirmed after Fortra mass-hack
Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year. Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021
On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362). Learn more.
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Analyzing CVE-2023-29336 Win32k vulnerability, its exploitation, and mitigation measures in the context of evolving security practices.
Unmasking the Darkrace Ransomware Gang
Cyble analyses Darkrace Ransomware, a new ransomware group shares similarities with infamous LockBit Ransomware.
Le site web du parlement suisse attaqué par des hackers
Une cyberattaque paralyse en partie le site www.parlament.ch, une agression peut-être en lien avec la prochaine prise de parole du président ukrainien.
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
ChatGPT creates mutating malware that evades detection by EDR
A global sensation since its initial release at the end of last year, ChatGPT's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.
Service Rents Email Addresses for Account Signups
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam…
Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica
SQL injection attacks on MOVEit file-transfer service likely to get worse.
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.
How malicious extensions hide running arbitrary code
Eight malicious extensions still remain in Chrome Web Store. These use some interesting tricks to keep running arbitrary code despite restrictions of Manifest V3.
Hackers steal Swiss police and customs data
Hackers have published data from the federal police and customs offices on the Darknet, after an attack on the servers of the host company.
Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast
The voice, very similar to President Putin’s, also announced martial law, general mobilisation and the evacuation of civilians in three regions bordering Ukraine.
MOVEit hack: BBC, BA and Boots among cyber attack victims
Staff at multiple organisations are warned of a payroll data breach after an IT supplier is hacked.
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai
Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.