Cyber Bits · · 3 min read

Cyber Bits: April 22, 2024

Cyber Bits: April 22, 2024

Last week was a doozy with tons of ransomware attacks coming to light, the MITRE group dealing with a security incident, Palo Alto dealing with fallout from CVE-2024-3400, and LastPass staff being targeted in nuanced attacks.

Ransomware hitting its stride in 2024

Link: BleepingComputer

Bleeping Computer has pulled together a list of ransomware attacks in the last week and, well, let’s just say it’s not pretty. Some of the most notable are:

While these attacks are news-worthy and obviously targeting large organizations, it’s important to remember most ransomware groups aren’t focusing on specific entities. They would rather cast a wide net with specific attack vectors or methods of entry and, if successful, continue with their attacks.

It’s worth its weight in gold for every organization to revisit their security posture, defense in depth, perform table top exercises, and take a look at their cybersecurity insurance policies.

Palo Alto gives more details on CVE-2024-3400

Link: BleepingComputer, Palo Alto

Palo Alto has given more information on the latest CVE to target PAN-OS. In a recent blog post, they identify the attack daisy-chains two, somewhat innocuous attacks, into one that grants RCE. By taking advantage of a flaw that allows attackers to send a special command instead of a session ID, causing the system to write that command to a file. This file can later be referenced in a subsequent attack, allowing remote code execution.

According to the Shadowserver Foundation, there are roughly 22,000 firewalls that are susceptible to this exploit. With publicly-available proof of concept in the wild, it’s critical to patch any vulnerable systems in your organization.

MITRE investigating cyber incident

Link: MITRE

MITRE has announced that a state-sponsored attacker was able to gain access to a “prototyping and research network” earlier this month. While the investigation is ongoing, the Principal Cybersecurity Engineer Lex Crumpton has provided some information about the attack, sourced to Ivanti zero-days, in efforts to share experiences with organization that may be facing similar incidents.

It’s a breath of fresh air to see an organization clearly detail the steps they took, along with identifying areas of improvement, when it comes to an incident like this. We highly recommend reading the post to learn more about their response and what they’ve identified as next steps.

LastPass phishing pages added to hacking kit

Link: BleepingComputer

Last week, LastPass warned of phishing campaigns targeting users using CryptoChameleon, an advanced phishing kit that was spotted earlier this year. LastPass discovered that its service was recently added to the kit, and a phishing site was hosted at a unique domain crafted for the attack.

While this isn't a call to action to migrate from LastPass (honestly, all password managers are going to be targeted because where they are keys, there's treasure!), it is a call to action to review your end user awareness training on a business and personal level.

Read next

Cyber Bits: July 8, 2024
Cyber Bits ·

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: June 24, 2024
Cyber Bits ·

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.