Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: The Importance of an Asset Inventory
You are faced with an announcement that certain applications on your network are in urgent need of patching, and selected devices need to be replaced immediately for security reasons. Can you respond?
Asset management is one of the fundamentals of a comprehensive cybersecurity program. It is essential to have full visibility into each element in your network, whether those assets are physical or virtual, on-premises or cloud-based. Without a current and complete inventory, you may have gaps in security – potential exposures and unprotected threat surfaces that could be exploited by attackers.
Fortunately, tools and software are available that can help. They can document each asset on your network, right down to version and patch level, giving you a clearer view of areas of risk and the information you need to address vulnerabilities quickly. As the saying goes, you can’t properly defend something you don’t know about.
Barracuda urges customers to replace ESG appliances immediately
In a June 6 announcement on their website, Barracuda Networks urged customers affected by a recently disclosed zero-day vulnerability to replace their Barracuda Email Security Gateway (ESG) appliances immediately.
“Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now. Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG,” according to the action notice.
Barracuda reportedly discovered the vulnerability on May 19 and deployed a patch on May 20. On May 21, they followed up with a script that was deployed to all affected appliances, designed to contain the incident and counter unauthorized access methods. However, this latest news suggests that there may be fundamental issues that are resistant to patch and mitigation strategies.
Patch alert: New version of MOVEit software released June 9
In a June 9 update, Progress Software announced that they have identified additional vulnerabilities in their MOVEit file transfer application, beyond the initial flaws that made headlines in early June: “These newly discovered vulnerabilities are distinct from the previously reported vulnerability shared on May 31, 2023. All MOVEit Transfer customers must apply the new patch, released on June 9, 2023,” according to the update. The MOVEit Cloud version of the software was patched centrally on June 9.
The Progress knowledgebase offers important implementation information for users of the Transfer version of the software, as well as a separate post for users of the Cloud version.
Progress released initial patches on May 31 when they discovered that their managed file transfer software had been compromised with a critical SQL injection vulnerability. In a coordinated zero-day attack in late May and early June, the Cl0p ransomware gang exploited the vulnerability to access MOVEit databases from victims around the world.
On June 7, CISA released an advisory on the incident, and security firm Mandiant has developed a detailed background report on the zero-day attack, including information on indicators of compromise.
Cl0p ransomware gang claims to have deleted stolen Nova Scotia data
The government of Nova Scotia is among those victimized in the MOVEit third-party attack. On June 6, authorities in the government of Nova Scotia confirmed that the personal information of “many employees of Nova Scotia Health, the IWK Health Centre and the public service has been stolen in the MOVEit global cybersecurity breach,” and warned that the information of former employees of the Nova Scotia Health and the public service may also have been taken.
According to the statement, the province’s investigation has discovered that “social insurance numbers, addresses and banking information were stolen. The amount and type of information depends on the employer. This information was shared through the MOVEit file transfer service because this service is used to transfer employee payroll information.”
Their June 9 update brought more bad news, listing categories of stolen data affecting thousands of members of the public and more members of the public service. The province has issued guidance for those affected.
However, in a twist to the story, the Cl0p ransomware gang behind the incident has announced they have erased all of the data stolen from public sector entities like governments, municipalities, and police services – including data stolen from Nova Scotia’s systems. The dark web leak site operated by the Cl0p crime syndicate suggests that only private sector victims of the attack are subject to a June 14 ransom deadline.
IBM Security releases 2023 Definitive Guide to Ransomware
The X-Force team at IBM Security have published the latest version of their “Definitive Guide to Ransomware“. The guide contains the latest ransomware research, trends, and attack types.
The new version of the guide includes a detailed five-stage ransomware attack framework developed from the team’s real-life engagements facing ransomware events, and information on the evolution of ransomware in 2023. The report also provides helpful sections on incident response planning, considerations for managing ransom demands, and detection techniques to discover and prevent ransomware.
IBM is also hosting a free webinar entitled “The top 5 takeaways from the 2023 edition of The Definitive Guide to Ransomware,” being held on Wednesday, June 21 at 11:00 a.m. ET.
