Top news stories this week
- MOVEit 2.0? Exploited MOVEit tool developer discloses new vulnerabilities in the WS_FTP file transfer software.
- Open mail. New EXIM zero-day vulnerability estimated to impact millions of servers.
- End of the road. UK logistics group shuts its doors following a ransomware attack.
- Royal threat. Hacktivist group claims responsibility for DDoS attack on UK Royal Family's website.
- Byte-sized feud. Sony data leakage leads to an online quarrel between two cyber gangs.
- Law and order. Nigerian extradited to US pleads guilty to business email compromise scheme.
1. MOVEit makers warn of new vulnerabilities
Progress Software, known for the exploited MOVEit tool, identified vulnerabilities in another file handling product, WS_FTP Server. While there's no evidence of active exploitation, one of the high severity flaws could allow attackers to execute remote commands on affected systems. Emergency patches have been released.
Organisations using the affected software should promptly update it to the latest patched version to prevent potential security risks.
2. Critical EXIM vulnerability puts millions of servers at risk
Six zero-day vulnerabilities have been published for the widely used EXIM mail transfer agent. The most concerning, CVE- 2023-42115, allows for an unauthenticated attacker to perform remote code execution to compromise systems. The critical vulnerability affects all versions of the EXIM software, and it is currently estimated that more than 3.5 million servers running EXIM are exposed. At present, no patches for CVE-2023-42115 have been released.
Until a patch is released, organisations should urgently minimise the exposure to exploitation by stopping the use of the EXIM service or blocking traffic on port 25 on servers running EXIM. It is imperative that, once published by EXIM, the patches for the vulnerability are applied.
3. Ransomware attack blamed for 730 job losses
KNP Logistics Group, one of the UK’s largest privately-owned logistics groups, entered into administration following a ransomware attack in June. The attack crippled the group’s network and adversely impacted its financial position, resulting in the loss of 730 jobs.
Suffering a cyber incident is a difficult way to appreciate the value of proactively investing in cyber resilience. Spending on cyber security is an investment in an organisation’s ability to conduct its business with confidence in the face of a formidable cyber threat landscape.
4. UK Royal Family's website taken down by hacktivist group
Over the weekend, KillNet, a pro-Russian hacktivist group, claimed responsibility for a Distributed Denial of Service (DDoS) attack on the UK Royal Family's website. The attack resulted in the website being inaccessible for 90 minutes. KillNet had previously threatened to target anyone who supported Ukraine.
Having redundant servers and load balancing mechanisms across the network, as well as DDoS protection offered by firms like Cloudflare, are important considerations for organisations creating a DDoS prevention strategy.
5. Sony data leakage sparks dispute between hacker groups
Sony has conducted an investigation into a data leakage that led to the disclosure of 3.14GB of data. Amidst the fallout, a dispute has emerged between two hacker groups, with both RansomedVC and MajorNelson claiming responsibility for the leakage by posting samples of the stolen data as evidence.
When responding to a cyber attack, it’s crucial that organisations use actionable intelligence to verify a threat actor’s claims and attribute responsibility. Obtaining this information is an important part of a threat actor engagement strategy.
6. Extradited BEC scammer pleads guilty
Kosi Goodness Simon-Ebo, a Nigerian extradited to the US from Canada, has pled guilty to participating in a business email compromise (BEC) scheme that caused victim losses of approximately USD 1 million. Simon-Ebo will be required to pay victims the USD 1 million in restitution as part of his plea deal.
BECs are one of the most common types of cyber attacks. Multi-factor authentication and conditional access policies can go a long way towards mitigating the risk of an email account compromise.