Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Swedish cloud hosting service provider, Tietoevry, has become the latest victim of the Akira ransomware group. The attack, which occurred late last week, has impacted several of the company’s datacentres, leading to a loss of operations for several of their customers across the country.
Multiple customer websites have been shut down as a result of the incident, and they may be waiting a while until their sites are restored. Tietoevry anticipates a restoration process lasting days to weeks due to the incident's nature and the need to recover customer-specific systems.
By cybernews.com
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive (24-01) in response to the widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions. The vulnerabilities (CVE-2023-46805 and CVE-2024-21887) pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies.
The directive requires agencies running affected products to immediately download and import Ivanti's mitigation XML file, run Ivanti's External Integrity Checker Tool, and take additional steps if indications of compromise are detected. Agencies must also report to CISA a complete inventory of instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks, including actions taken and results.
By cisa.gov
Mozilla has released security updates for Firefox and Thunderbird, addressing 15 vulnerabilities, including five rated as high severity. One high-severity flaw (CVE-2024-0741) involves an out-of-bounds write in the ANGLE (Almost Native Graphics Layer Engine) graphics engine used in Firefox and Chrome, potentially leading to denial of service or arbitrary code execution.
Another significant flaw (CVE-2024-0742) is described as a "failure to update user input timestamp," enabling unintentional activation or dismissal of specific browser prompts. Additional noteworthy vulnerabilities include a TLS handshake code problem (CVE-2024-0743), a JavaScript code glitch (CVE-2024-0744), and a stack buffer overflow in WebAudio (CVE-2024-0745). Mozilla also addressed medium-severity issues, one of which could permit an attacker to set an arbitrary URI in the address bar or history. Firefox 122, Thunderbird 115.7, and Firefox ESR 115.7 were released with patches to address these vulnerabilities. No mention has been made of any exploits occurring in the wild for these vulnerabilities, and further details on the resolved issues can be found on Mozilla's security advisories page.
By securityweek.com
The National Cyber Security Centre (NCSC) warns that the number of cyberattacks is likely to increase in the next two years, with artificial intelligence (AI) playing a significant role. Ransomware remains a top cyber threat globally and is expected to worsen with the integration of AI, lowering the entry barrier for less skilled hackers.
The NCSC report notes that AI is already being utilized in malicious cyber activities, enabling novice cybercriminals to conduct more effective operations, particularly in access and information gathering. The report emphasizes the emergence of criminal generative AI (GenAI) and "GenAI-as-a-service," making it accessible to those willing to pay. While the report acknowledges the potential risks of AI in cyberattacks, it also highlights the importance of managing these risks and harnessing AI's potential for defensive purposes.
The National Crime Agency notes that ransomware is likely to remain a significant threat due to its financial rewards and established business model. The British government has invested £2.6 billion ($3.3 billion) to enhance the country's cyber resilience as part of its Cyber Security Strategy.
By cybernews.com
UK utility company, Southern Water, has confirmed that their IT systems were breached, and attackers have stolen a “limited amount of data.”
Responsibility for this attack has been claimed by the Black Basta ransomware group who publicly released a fraction of the 750 GB of stolen data. The publicised data contained identity documents such as passports and driving licenses, documents containing personal information of home addresses, dates of birth, nationalities, email addresses, and corporate car leasing documents.
The root cause of the breach is still unknown and Black Basta has given Southern Water six days to pay the ransom in full; if these conditions are not met, the stolen data will be released to the public in full.
By theregister.com
Fortra has warned that a new authentication bypass in Linoma Software’s GoAnywhere Managed File Transfer (MFT allows attackers to create a new admin user. GoAnywhere MFT is used by many organisations to securely transfer files with customers and other organisations.
The critical vulnerability, tracked as CVE-2024-0204, has a CVSS of 9.8, and is remotely exploitable. While there are no reports of active exploitation, the disclosure of this vulnerability is likely to see proof of exploit code being developed and potential exploitation by threat actors. All versions prior to 7.4.1 are affected, and users are advised to apply the latest updates as soon as possible.
By bleepingcomputer.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #266 – 26th January 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
