Network Security News | Ingalls Information Security

Articles of interest from the week of June 24, 2024

Written by John Frasier | Jun 27, 2024 12:46:38 PM

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

A high-severity security vulnerability (CVE-2024-5806) in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's being actively exploited in the wild just hours after it was made public. (Dark Reading)

 

It's no surprise to see threat actors moving quickly to exploit new vulnerabilities in the MOVEit Transfer software, given how successful the Russian-backed Cl0p ransomware group was last year. However, it is important to note that the instances being observed in the wild at this moment are within honeypots monitored by organizations such as the non-profit Shadowserver Foundation. Honeypot activity does not always correlate with real-world production environments, as these attacks may be coming from the cybersecurity community itself to identify potentially vulnerable systems. Thankfully Progress Software has already provided a new version and urges its customers to upgrade to the latest patched version immediately. The main takeaway for organizations is to stay vigilant about news and updates from their vendors and deploy patches immediately in case of severe vulnerabilities. However, organizations should also ensure that they adhere to their patch management policy, considering risk tolerance and the potential business impact of a successful exploitation.

Tadeh Anbarchian, SOC Analyst at Ingalls Information Security

 

 

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability, tracked as CVE-2024-30103 (CVSS score of 8.8), leading to remote code execution. (SecurityWeek)

 

Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack

CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US. (Dark Reading)

 

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. (The Hacker News)

 

New BadSpace Backdoor Deployed in Drive-By Attacks

The BadSpace backdoor is being distributed via drive-by attacks involving infected WordPress websites and JavaScript downloaders, (SecurityWeek)

 

Phone Scammers Impersonating CISA Employees

The US cybersecurity agency CISA has warned the public that phone scammers are impersonating its employees. The agency has reminded people that it will never contact anyone to request money, cryptocurrency, or gift cards. (CISA)

 

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. (The Hacker News)