A new report by Bitsight, a cybersecurity ratings company, has found that organizations are remediating the MOVEit vulnerabilities at a much faster rate than is typical for software vulnerabilities. According to the report, typical remediation rates for software vulnerabilities are around 5 percent per month, but organizations are remediating the MOVEit vulnerabilities at a rate that is roughly 21 times faster. The report suggests that organizations are taking these vulnerabilities very seriously and are actively working to patch them. Bitsight attributes this rapid remediation to the diligence of Progress Software in publishing timely and informative advisories about the vulnerabilities and the issuance of alerts by the US Cybersecurity and Infrastructure Security Agency (CISA).
In another report, GuidePoint Security describes the current state of ransomware and the impact it is having on organizations. According to the report, ransomware attacks have reached an all-time high, with US companies making up 51.74 percent of the reported victims in Q2 2023. The report also highlights the most affected industries, with manufacturing, technology, and banking and finance being heavily impacted. The report identifies LockBit as the most prolific organization conducting these attacks, followed by Alphv and 8Base. The report warns that the reduced barriers to entry in the ransomware-as-a-service economy will likely encourage more attacks in the future, putting smaller or less-resourced organizations at increased risk.
There is also a report that WhatsApp accounts may be at risk due to a vulnerability that allows accounts to be deactivated by sending a simple email. Security researcher Jake Moore discovered that by emailing the phrase “Lost/Stolen: Please deactivate my account” along with the account’s phone number, the service will temporarily deactivate the account. The request can be sent from any email address, raising concerns about the potential for abuse. Forbes reports that WhatsApp has suspended the automated deactivation of accounts and now requires users to send a phone bill to verify their ownership of the account.
In Google Cloud, a privilege escalation vulnerability called “Bad.Build” has been discovered by Orca Security. This vulnerability could potentially allow an attacker to infect users and customers and carry out supply chain attacks. Orca Security notes that similar supply chain attacks have had far-reaching consequences, as seen with the SolarWinds and recent 3CX and MOVEit attacks. Google has closed the vulnerability but Orca Security warns that organizations should closely monitor the behavior of the default Google Cloud Build Service Account to detect any possible malicious activity.
JumpCloud, a provider of cloud-based directory services, announced that its systems were breached in a sophisticated attack conducted by a state-sponsored threat actor. The company discovered anomalous activity on an internal orchestration system, which was traced back to a spear-phishing campaign. While there was no evidence of customer impact, JumpCloud took immediate action to secure its network and perimeter. The company rotated credentials, rebuilt infrastructure, and engaged law enforcement in the investigation. The attack is believed to be sponsored by a nation-state, but the identity of the state remains unknown. Further investigation revealed unusual activity in the commands framework for a small set of customers, prompting JumpCloud to perform a force-rotation of all admin API keys.
In the ongoing conflict between Russia and Ukraine, Russian drone and cruise missile strikes continue to target the Ukrainian port city of Odessa. These attacks are part of Russia’s strategy to disrupt grain shipments and induce famine in an attempt to pressure Western countries into relaxing sanctions and withdrawing support for Ukraine. The disruption of grain exports is expected to have a particularly severe impact on Africa. In response, Ukraine has issued a warning to mariners to avoid Russia’s Black Sea ports, highlighting the Kerch Strait and the Sea of Azov as particularly risky areas. The US has accused Russia of mining the Black Sea approaches to Ukrainian ports, and Russian naval units have conducted anti-shipping missile firing drills in the Black Sea.
Additionally, the Wagner Group, a private military company, announced its move to Belarus in a telegram video posted by its proprietor, Evgeny Prigozhin. The company’s main role in Belarus will be to train the Belarusian army, with the goal of making it the second-best army in the world. Prigozhin handed command over to one of his employees, a GRU alumnus known as “Pioner,” who will lead the Wagner Group during its stay in Belarus. The announcement comes as tensions between Russia and Belarus have been escalating, with Belarus accusing Russia of interfering in its domestic affairs.