In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

Law firm Allen & Overy targeted by ransomware group

Allen & Overy, one of the world’s top law firms, has suffered a data breach and the LockBit ransomware group appears to be responsible. The company said only a small number of storage servers were impacted. The attack may have involved exploitation of a recent Citrix product vulnerability dubbed CitrixBleed. 

Ransomware gang claims major Chinese bank paid ransom

The LockBit ransomware gang claimed China’s biggest bank, the Industrial and Commercial Bank of China, paid a ransom after the hacking of its systems caused some disruption to the US Treasury market, Reuters reported. 

Advertisement. Scroll to continue reading.

European police take down vishing gang that made €9 million

Europol announced offering support to Czech and Ukrainian police in taking down a voice phishing (vishing) gang that made €9 million. The criminals operated from call centers in Ukraine and carried out vishing attacks mainly aimed at Czech users. The fraudsters impersonated banks and police and asked victims to transfer funds from their allegedly ‘compromised’ bank accounts to ‘safe’ accounts.

Scattered Spider and Rhysida ransomware group reports

The FBI and CISA have released a joint report detailing the activities and TTPs of the ransomware group known as Scattered Spider, which took credit for the highly disruptive MGM Resorts attack in September.  In addition, the two agencies and Fortinet released separate reports on the Rhysida ransomware.

Dragos releases industrial ransomware analysis for Q3 2023

Dragos has released an industrial ransomware analysis report for the third quarter of 2023. While the number of attacks has decreased slightly compared to the previous quarter, impact has been more severe. 

Australia and US release ‘Business Continuity in a Box’ 

Australian and US cybersecurity agencies have released Business Continuity in a Box, guidance that organizations can use to quickly and securely stand up critical business functions during or after a cyber incident.

New variant of exploited ActiveMQ vulnerability

VulnCheck has found that CVE-2023-46604, an Apache ActiveMQ vulnerability that was exploited as a zero-day for at least two weeks before patches were released, has another variant that can allow attackers to execute arbitrary code from memory, making detection more difficult. 

PyPI conducts first security audit

The Python Package Index (PyPI) has conducted its first security audit, which resulted in 29 security advisories, but there were no high-severity issues.  The audit covered Warehouse, the open source codebase that powers pypi.org, and Cabotage, the custom open source container orchestration framework used to deploy Warehouse.

Researchers show crypto keys protecting SSH traffic can be stolen

Researchers have demonstrated that an error can cause the exposure of SSH private keys. While they showed that stealing the crypto keys protecting SSH traffic is possible, the error is rare and a vast majority of SSH connections are not impacted. 

Chrome, Fortinet, Splunk and Hikvision patches

Security advisories have been published over the last week for Chrome, Fortinet products, Splunk Enterprise, and Hikvision NVR/DVR devices. One Fortinet FortiSIEM vulnerability is critical, as it allows a remote, unauthenticated attacker to execute arbitrary commands. The Hikvision product flaw, found by IOActive, can be used to cause devices to malfunction, but the vendor says there is no evidence of exploitation in the wild. As for Splunk, many of the patched vulnerabilities impact third-party components. 

Related: In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying



Source link