Threat Intelligence Report - July 8, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.


NetFire Threat Intelligence Team

Other articles

33% of Security Breaches Go Unnoticed According to Hybrid Cloud Report 


Gigamon's Hybrid Cloud Security trends report indicates that although 94% of respondents are confident in their security visibility and insights, almost one-third of security breaches go undetected by IT and Security professionals, a figure that increases to 48% in the U.S.  Key issues include visibility into encrypted data (70% lack this), insights into containers (35% lack this), laterally moving data (48% lack insights), and knowledge about where sensitive data is stored and how it's secured, with a third of CISOs and 50% of IT leaders admitting uncertainty in this area.


Read more:



Mastodon Patches Flaws That Allow Server Takeover


Mastodon, a decentralized social network with over 14 million users, has fixed critical vulnerabilities that posed significant threat to its user base and internet ecosystem, including one that could allow hackers to create and overwrite files anywhere the software could access on an instance, leading to potential server takeover. Another critical flaw allowed attackers to bypass Mastodon's HTML sanitization process and inject arbitrary HTML into oEmbed preview cards, creating a vector for Cross-Site Scripting (XSS) attacks when users interacted with malicious links.


Read more:


BlackByte 2.0 Ransomware: Digital Devastation in 5 Days


Microsoft Incident Response has investigated a rapid ransomware attack using BlackByte 2.0, causing major disruptions to a victim organization in just five days. The threat actor exploited ProxyShell vulnerabilities in unsecured Microsoft Exchange Servers, used existing tools for covert information gathering, established Cobalt Strike beacons for command and control, bypassed defensive mechanisms using process hollowing and vulnerable drivers, deployed custom-developed backdoors for persistence, and used custom tools for data exfiltration.


Read more:



JumpCloud Resets API


JumpCloud, a provider of directory-as-a-service products, has mandated the replacement of application programming interface (API) security keys among its customers in response to an unidentified ongoing security incident. The incident has potentially affected several services and products, leading to the company invalidating existing API keys as a precautionary measure, and urging IT administrators to update the integrations with new API keys, highlighting the importance of efficient key management in mitigating cybersecurity risks.


Read more:



Trubot Malware Attacks on the Rise Targeting US and Canada


The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued warnings about new variants of the Truebot malware exploiting a critical remote code execution (RCE) vulnerability (CVE-2022-31199) in Netwrix Auditor software, affecting organizations in the United States and Canada. This malware, linked to Russian-speaking cybercrime group Silence, enables unauthorized actors to execute malicious code with elevated privileges, escalate their access within networks, and potentially deploy further malicious payloads such as ransomware; organizations using Netwrix's software are strongly advised to apply patches and updates to mitigate this cybersecurity risk.


Read more:



Pen Testing Combats Rising Cyber Insurance Costs

The rising costs of cyber insurance and stricter eligibility requirements have underscored the importance of regular penetration testing (pen testing) in evaluating an organization's cybersecurity risk profile. Automated Penetration Testing as a Service (PTaaS) has emerged as a more efficient, real-time solution that not only identifies and remediates vulnerabilities in an organization's cybersecurity system but also positively impacts the cyber insurance eligibility and potential cost to the organization.


Read more:


Follow Us at NetFire and stay tuned for more insights.


#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #HybridCloud #BlackByteRansomware #Ransomware #Microsoft #Mastodon #JumpCloud #Trubot #CISA #PenTesting #cyberinsurance #NetOnFire