Tag Archive for: Sheds

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

/in


Apr 20, 2023Ravie LakshmananRansomware / Cyber Attack

Fortra

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data.

The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The issue was patched by the company in version 7.1.2 of the software in February 2023, but not before it was weaponized as a zero-day since January 18.

Fortra, which worked with Palo Alto Networks Unit 42, said it was made aware of suspicious activity associated with some of the file transfer instances on January 30, 2023.

“The unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments,” the company said. “For a subset of these customers, the unauthorized party leveraged these user accounts to download files from their hosted MFTaaS environments.”

The threat actor further abused the flaw to deploy two additional tools, dubbed “Netcat” and “Errors.jsp,” between January 28, 2023 and January 31, 2023, although not every installation attempt is said to have been successful.

Fortra said it directly reached out to affected customers, and that it has not found any sign of unauthorized access to customer systems that have been reprovisioned a “clean and secure MFTaaS environment.”

While Netcat is a legitimate program for managing reading and writing data over a network, it’s currently not known how the JSP file was used in the attacks.

The investigation also found that CVE-2023-0669 was exploited against a small number of on-premise implementations running a specific configuration of the GoAnywhere MFT solution.

As mitigations, the company is recommending that users rotate the Master Encryption Key, reset all credentials, review audit logs, and delete any suspicious admin or user accounts.

The development comes as Malwarebytes and NCC Group reported a spike in ransomware attacks during the month of March, largely driven by active exploitation of the GoAnywhere MFT vulnerability.

A total…

Source…

Security Navigator 2022 Report From Orange Cyberdefense Sheds Light On Digital Pandemic / Digital Information World

/in


Cyber attacks that can lead businesses to terminate themselves or protect themselves from further attacks are spreading rapidly. This is why experts are now referring to these attacks as a “digital pandemic”.

Europe’s leading security service provider, Orange Cyberdefense, has recently shared their Security Navigator report for 2022. This report features research work along with some insights on the system and views from some leading experts based on the cyber threats globally.

As per the report, the ongoing year witnessed almost 95,000 cyber attacks. The number of attacks went up by 45,398 from the previous year. Similarly, in comparison to thirty-seven attacks per month in 2020, the ongoing year is led by almost forty-two attacks. Such attacks that were mostly reported by the victims were based on system malware, network abnormalities (for example, tunneling), abnormalities faced in accounts and getting phished through socially engineered attacks.

According to the statistical analysis, small-scale businesses had the lowest attack rate of just seventeen percent. While dissecting further into the types of attacks, it was observed that almost thirty-five percent were linked with system malware, closely followed by application and network abnormalities with twenty-nine percent, and the least type was found to be account irregularities with just fourteen percent. Though small-scale platforms had the lowest attack rate, in comparison to attacks done in 2020, the numbers have now gone up by almost ten percent. Moreover, according to Orange Cyberdefense, the attack rate increases gradually with the level of business, but in the case of small platforms, they experience thirty-percent more cyber attacks as compared to middle-class businesses. One reason for the increase in attack frequency could be that these types of businesses usually do not invest much in anti-cyber attack software as compared to medium or large-scale businesses. This is why these platforms are more vulnerable to cyber hackers and, as a result, they experienced more attacks this year.

Mid-level businesses, on the other hand, accounted for nearly a third of all reported cyber crime cases. The major portion of these…

Source…

IDG Contributor Network: Fiber map sheds light on infrastructure trends and weaknesses

/in

If you’ve ever wondered just where the fiber conduits that carry our Internet traffic run, wonder no more. Researchers have created a map.

Four years in the making, the map, sourced in part from public records, shows the long-haul fiber that carries Internet data around the country. Additionally, locations where multiple cables connect are shown.

This kind of map has never existed before.

Internet infrastructure

Not much is known about “today’s physical Internet infrastructure,” the researchers say.

So they delved in and, through a collection of Tier-1 ISP and cable company maps combined with public records, started to construct a map of the long-haul fiber network (PDF).

To read this article in full or to leave a comment, please click here

Network World Security

Browser Study Sheds Light On Firefox’s Insecurity (And Google Approves This Message) (Andy Greenberg/The Firewall)

/in

Andy Greenberg / The Firewall:
Browser Study Sheds Light On Firefox’s Insecurity (And Google Approves This Message)  —  Illustration by Galit Weisberg.  Click on the image to see his original.  —  Updated with a response from Mozilla.  —  When Google funds a study on browser security and allows it to be published …

Read more