Network Security News | Ingalls Information Security

Articles of interest from the week of June 19, 2023

Written by John Frasier | Jun 19, 2023 4:00:00 AM

A Third MOVEit Vulnerability Fixed, Cl0p Lists Victim Organizations (CVE-2023-35708)

Yet another MOVEit Transfer vulnerability, CVE-2023-35708, was discovered this week, the third that the company has disclosed, alongside CVE-2023-34362 and CVE-2023-35036. CVE-2023-35708 is a vulnerability that could lead to escalated privileges and unauthorized access. (Help Net Security) 

 

"Vulnerability management strategies and robust mitigation controls are crucial for businesses to implement to safeguard against flaws such as the MOVEit vulnerability. There will undoubtedly be more vulnerabilities similar to this one. These processes must allow swift action and effective communication between cybersecurity teams and the entire organization to minimize and mitigate the risks when these flaws are revealed."

Sean Scully, CTI Threat Hunter at Ingalls Information Security

 

 

Download the Highly Anticipated 2023 Verizon Data Breach Investigations Report (DBIR)

Keep your security plan up to date and help protect your organization—with access to in-depth analysis on recent cyber threats and data breaches. This year’s report includes data and insights from 5,199 confirmed breaches. (Verizon)

 

Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks

The US Justice Department on Thursday announced charges against a third Russian national allegedly involved in deploying the LockBit ransomware.

The man, Ruslan Magomedovich Astamirov, 20, of Chechen Republic, Russia, who was arrested in Arizona, allegedly owned, controlled, and used multiple IP addresses, email addresses, and other online accounts to deploy the LockBit ransomware and communicate with victims. (SecurityWeek) 

 

ChatGPT Creates Mutating Malware That Evades Detection by EDR

A global sensation since its initial release at the end of last year, ChatGPT's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems. (CSO)

 

Millions of Oregon, Louisiana state IDs stolen in MOVEit breach 

Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.

These attacks were conducted by the Clop ransomware operation, which began worldwide hacks of MOVEit Transfer servers on May 27th using a previously unknown, zero-day vulnerability tracked as CVE-2023-34362.

These attacks have led to widespread disclosures of data breaches worldwide, impacting companies, federal government agencies, and local state agencies. (BleepingComputer)