Vulcan’s Q2 2023 Vulnerability Watch report has been released by its Voyager18 Cyber research team. The report focuses on the top vulnerabilities that have been discovered over the past three months and provides recommendations for mitigation strategies. In order to combat the ever-changing cyber threat landscape, organizations are urged to prioritize staying up to date with emerging trends in cybersecurity, implement proactive vulnerability management strategies, and invest in ongoing training and education for their IT teams. The report highlights twelve particularly notable vulnerabilities, including CVE-2023-34362 (MOVEit Transfer), CVE-2023-34364 (Progress DataDirect Connect), and CVE-2023-2868 (Barracuda Networks ESG). It also introduces the anticipated new CVSS 4.0, which aims to provide simpler and more flexible ratings for vulnerabilities.
Moving on, The CyberWire daily briefing team has been closely monitoring Russia’s hybrid war against Ukraine, with a special focus on the cyber aspects of the conflict. They have recently released a report titled “Russia’s hybrid war against Ukraine: lessons learned,” which provides a detailed analysis of Russia’s cyber and disinformation operations throughout the war. The report takes into account historical events and utilizes the expertise of The CyberWire team, who possess extensive knowledge of military doctrine, geopolitics, and cyber operations.
The Global Initiative against Transnational Organized Crime has published a report discussing the fracturing of the Conti cybercrime group and the rise of its successors. The report reveals that Conti’s decline began after the group declared its support for Russia in the Ukraine-Russia war. Following this declaration, a Twitter profile under the handle @ContiLeaks started leaking the ransomware group’s internal communication. This leak, dubbed the “Panama Papers of ransomware,” comprised over 100,000 files and significantly disrupted Conti’s operations. While Conti’s websites have reportedly stopped working, IBM’s Security X-Force has identified that some fragments of the group remain active under different names, such as Royal, Quantum, Zeon, BlackBasta, and Silent Ransom.
Canadian energy company SUNCOR recently disclosed that it had fallen victim to a cyberattack. The company is currently working with third-party experts to investigate and resolve the incident, and it has notified the relevant authorities. So far, there is no evidence to suggest that data relating to customers, suppliers, or employees has been compromised. However, customers have reported issues with logging into their accounts, as well as problems with accumulating rewards points and using credit/debit cards at Petro-Canada stations. The Canadian Centre for Cyber Security has acknowledged the incident but has declined to comment further on specific cybersecurity incidents.
According to ForgeRock’s 2023 Identity Breach report, at least 1.5 billion user records were exposed in 2022, with 53% of all breaches attributed to third-party organizations. Unauthorized access continues to be the leading cause of data breaches for the fifth consecutive year, at 49%. However, ransomware attacks have seen an increase, accounting for 34% of breaches. Companies’ misconfigurations of cloud services, firewalls, and human error are identified as major contributing factors to these breaches.
Check Point Research has published a report on a USB-propagated malware campaign attributed to the Chinese-based espionage group Camaro Dragon. The research team discovered the malware while investigating an incident at a European hospital. The campaign appears to be opportunistic rather than targeted, with the malware spreading via USB drives. It is believed that the initial infection occurred when a conference attendee connected a USB drive to a colleague’s infected computer.
An update on the Russia-Ukraine hybrid war reveals that after being shelled by the Russian Ministry of Defense in Ukraine, Wagner’s owner, Yevgeny Prigozhin, announced his intention to seek justice for the military leaders of Russia. This led to a brief uprising by the PMC group, resulting in the capture of key military command and control points in Rostov-on-Don. However, the uprising ultimately settled 200 km away from Moscow, and Prigozhin was effectively exiled to Belarus after negotiations with the Belarusian President. General Sergey Vladimirovich Surovikin, Commander of Aerospace Forces, is currently unaccounted for and is speculated to have been taken into custody in connection with the mutiny. This is not General Surovikin’s first brush with imprisonment, as he was previously arrested for his involvement in the failed 1991 coup attempt against Mikhail Gorbachev.
The future of the Wagner PMC group remains uncertain, as they have been barred from participating in the “Special Military Operation.” Employees have been given the choice of joining the Russian military, joining Prigozhin in Belarus, or returning home. This treatment is seen as relatively lenient compared to President Putin’s usual response to dissidents, which typically involves imprisonment. The situation continues to unfold, and the fate of the Wagner PMC group is yet to be determined.