Top news stories this week
- Crackdown. UK government proposes measures to ban ransomware payments.
- Rapidly exploited. SharePoint zero-day exploited.
- Sued. Clorox sues Cognizant for USD 380 million.
- Breached. Security breach at Swiss healthcare provider Ameos.
- Busted. Suspected admin of Russian hacking forum arrested in Ukraine.
- Unauthorised access Cisco warn that maximum severity remote code execution vulnerabilities exploited in the wild.
1. UK government proposes measures to ban ransomware payments
The UK government is advancing its plans to prohibit public sector and critical infrastructure organisations from paying ransomware demands. Private companies will be required to notify authorities prior to paying cyber criminals. Mandatory reporting is also being developed to aid law enforcement in tracking and disrupting attackers.
So what?
These measures signal the UK government’s determination to combat ransomware and urges organisations to strengthen their resilience to this threat.
[Researcher: Milda Petraityte]
2. SharePoint zero-day mass exploitation
At least 400 organisations are reported to have fallen victim to a zero-day vulnerability in Microsoft SharePoint, described as one of the most rapid transitions from proof-of-concept to mass exploitation. Microsoft has stated that a threat actor is using the vulnerability to deploy the Warlock ransomware strain.
So what?
The rapid and mass exploitation of this vulnerability highlights the importance of a multi-layered security strategy and network segmentation to mitigate the impact of zero-day exploits.
[Researcher: Tlhalefo Dikolomela ]
3. Clorox sues Cognizant for USD 380 million
Clorox is suing its service desk provider, Cognizant, claiming that the IT support team’s "failures and actions” led to the August 2023 cyber attack, causing USD 380 million in damages. The lawsuit stated the cyber criminal socially engineered the Cognizant Service Desk to obtain credentials.
So what?
Conducting regular audits and vulnerability assessments is necessary to identify and address potential security gaps in both internal systems and those managed by third parties.
[Researcher: Tlhalefo Dikolomela ]
4. Security breach at Swiss health care provider Ameos
Ameos, a Zurich-based healthcare provider with over 100 facilities, has experienced a security breach. The breach could lead to the exposure of sensitive data such as patient, customers, employees and partner information. There are no signs at present that data have been published and, no major ransomware group has claimed responsibility.
SO WHAT?
Healthcare providers are a target for ransomware groups due to the sensitivity of data, making it crucial for organisations operating within this critical sector to implement and maintain robust security measures
[Researcher: Lena Krummeich]
5. Admin of Russian hacking forum arrested in Ukraine
Ukrainian authorities have arrested the suspected administrator of the Russian-speaking hacking forum XSS.is, following a request from French law enforcement. The forum, a major hub for cyber crime since 2013 with over 50,000 members, was subsequently taken offline by officials.
So What?
With control over the forum’s backend, it is likely that the authorities now hold incriminating evidence against other members of the forum, which may result in more law enforcement action in the future.
[Researcher: Lester Lim]
6. Cisco Identity Services Engine remote code execution vulnerabilities exploited
Cisco has warned that three critical remote code execution vulnerabilities that do not require authentication are being exploited in the wild. The vulnerabilities were identified in the Cisco Identity Services Engine (ISE) platform.
Separately, SonicWall has urged their customers to patch SMA 100 series appliances which the company indicate would permit cyber criminals with administrative privileges to upload files to systems.
SO WHAT?
It can be challenging for organisations to keep software up to date but patching is crucial to remain secure. A patch management solution simplifies the process by automatically deploying patches.
[Researcher: Jon Seland ]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
