COMPANY BLOGPOSTED Jul 8, 2023

Threat Intelligence Report - July 8, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.

avatar

NetFire Threat Intelligence Team

Image
Other articles
Share:

33% of Security Breaches Go Unnoticed According to Hybrid Cloud Report 

 

Gigamon's Hybrid Cloud Security trends report indicates that although 94% of respondents are confident in their security visibility and insights, almost one-third of security breaches go undetected by IT and Security professionals, a figure that increases to 48% in the U.S.  Key issues include visibility into encrypted data (70% lack this), insights into containers (35% lack this), laterally moving data (48% lack insights), and knowledge about where sensitive data is stored and how it's secured, with a third of CISOs and 50% of IT leaders admitting uncertainty in this area.

 

Read more: https://netfire.link/hybid-cloud-report-security-breaches-undetected


 

 

Mastodon Patches Flaws That Allow Server Takeover

 

Mastodon, a decentralized social network with over 14 million users, has fixed critical vulnerabilities that posed significant threat to its user base and internet ecosystem, including one that could allow hackers to create and overwrite files anywhere the software could access on an instance, leading to potential server takeover. Another critical flaw allowed attackers to bypass Mastodon's HTML sanitization process and inject arbitrary HTML into oEmbed preview cards, creating a vector for Cross-Site Scripting (XSS) attacks when users interacted with malicious links.

 

Read more: https://netfire.link/mastodon-patch-server-takeover


 


BlackByte 2.0 Ransomware: Digital Devastation in 5 Days

 

Microsoft Incident Response has investigated a rapid ransomware attack using BlackByte 2.0, causing major disruptions to a victim organization in just five days. The threat actor exploited ProxyShell vulnerabilities in unsecured Microsoft Exchange Servers, used existing tools for covert information gathering, established Cobalt Strike beacons for command and control, bypassed defensive mechanisms using process hollowing and vulnerable drivers, deployed custom-developed backdoors for persistence, and used custom tools for data exfiltration.

 

Read more: https://netfire.link/blackbyte-ransomware-microsoft-exchange


 

 

JumpCloud Resets API

 

JumpCloud, a provider of directory-as-a-service products, has mandated the replacement of application programming interface (API) security keys among its customers in response to an unidentified ongoing security incident. The incident has potentially affected several services and products, leading to the company invalidating existing API keys as a precautionary measure, and urging IT administrators to update the integrations with new API keys, highlighting the importance of efficient key management in mitigating cybersecurity risks.

 

Read more: https://netfire.link/jumpcloud-resets-api

 


 

Trubot Malware Attacks on the Rise Targeting US and Canada

 

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued warnings about new variants of the Truebot malware exploiting a critical remote code execution (RCE) vulnerability (CVE-2022-31199) in Netwrix Auditor software, affecting organizations in the United States and Canada. This malware, linked to Russian-speaking cybercrime group Silence, enables unauthorized actors to execute malicious code with elevated privileges, escalate their access within networks, and potentially deploy further malicious payloads such as ransomware; organizations using Netwrix's software are strongly advised to apply patches and updates to mitigate this cybersecurity risk.

 

Read more: https://netfire.link/trubot-cve-2022-31199


 

 

Pen Testing Combats Rising Cyber Insurance Costs

The rising costs of cyber insurance and stricter eligibility requirements have underscored the importance of regular penetration testing (pen testing) in evaluating an organization's cybersecurity risk profile. Automated Penetration Testing as a Service (PTaaS) has emerged as a more efficient, real-time solution that not only identifies and remediates vulnerabilities in an organization's cybersecurity system but also positively impacts the cyber insurance eligibility and potential cost to the organization.

 

Read more: https://netfire.link/pen-testing-reduces-cyber-insurance-costs



 

Follow Us at NetFire and stay tuned for more insights.


 

#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #HybridCloud #BlackByteRansomware #Ransomware #Microsoft #Mastodon #JumpCloud #Trubot #CISA #PenTesting #cyberinsurance #NetOnFire