Attacks

13 Jun

Top five APAC government hacks of 2023 (so far)

Attacks, Data Breaches

Local and national governments in the Asia-Pacific region have been high on the target list for hacking groups in 2023 Add bookmark In an interconnected world driven by advanced technology, the threat of cyber-espionage looms large, with governments increasingly becoming prime targets. The Asia-Pacific (APAC) region, home to bustling economies and geopolitical complexities, finds itself at the center of this silent war. From targeted attacks on critical infrastructure to the manipulation of sensitive information, such…

Read More
13 Jun

Fortinet Releases June 2023 Vulnerability Advisories

Attacks, Insights, Malware

Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Fortinet June 2023 Vulnerability Advisories page for more information and apply the necessary updates.

Read More
13 Jun

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Attacks, Insights, Malware

Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.  Agencies must be prepared to…

Read More
13 Jun

DDoS attacks launched against Swiss websites ahead of Zelensky address

Attacks, Data Breaches

Swiss government websites were taken offline through the use of targeted distributed-denial-of-service (DDoS) attacks ahead of a video address by Ukranian President, Volodymyr Zelensky. DDoS attacks disrupt sites by overwhelming their infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it.  The disruption to the Swiss government sites was discovered on June 12, as the Swiss parliament prepared for a video address by President…

Read More
12 Jun

Fortinet Releases Security Updates for FortiOS and FortiProxy

Attacks, Insights, Malware

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisory FG-IR-23-097 and apply the necessary updates. For more information, see Fortinet’s Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign.

Read More
12 Jun

Health Service Ireland latest victim of MOVEit cyber attack

Attacks, Data Breaches

Health Service Ireland (HSE) has become the latest victim of a supply chain cyber attack launched against document transfer service MOVEit. The attack was launched by ransomware gang, Clop. Clop were able to infiltrate MOVEit by exploiting a zero-day vulnerability that allowed the malicious group to break into company networks and steal data. Professional services partnership EY was also impacted by the cyber attack, leading to the breach. HSE was working with EY to automate…

Read More
09 Jun

Key role targeted cyber attacks are on the rise

Attacks, Data Breaches

Research by Ponemon Institute and cyber security company BlackCloak has found that hackers have been directly targeting C-suite executives and their family members with cyber attacks via their personal email addresses.  In Understanding the serious risks to executives’ personal cybersecurity and digital lives, which was released on June 5, researchers found that 42 percent of organizations said that an executive or an executive’s family member had been the direct target of a cyber attack. This…

Read More
08 Jun

VMware Releases Security Update for Aria Operations for Networks

Attacks, Insights, Malware

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks (Formerly vRealize Network Insight). The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command injection attack resulting in remote code execution. Patches have been made available to remediate the vulnerabilities found in VMWare products.    CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0012 and…

Read More
08 Jun

IOTW: Clop ransomware gang threatens BBC, Boots and BA

Attacks, Data Breaches

Ransomware gang Clop, who was responsible for a cyber attack on data transfer service MOVEit, has issued a threat to all those affected by the breach. The attack on MOVEit directly led to a data breach affecting payroll services provider Zellis, as the company uses MOVEit as a third-party provider. This exposed the data for over 100,000 employees from a number of companies including the British Broadcasting Company (BBC), health and beauty retailer Boots and…

Read More
07 Jun

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

Attacks, Insights, Malware

CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.  The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL…

Read More