Cyber Stories Newsletter: Stay Informed on the Latest Cybersecurity News - Week of January 15th 2024
Welcome to another edition of our newsletter, your go-to source for the latest cybersecurity developments and news.
We try to bring you a glimpse into some of the more intriguing stories that have been making headlines in the cyber world this week 🌐.
Be sure to subscribe to our blog to get these latest threat reports and news stories delivered right to your inbox 📬.
As always, be sure to reach out with any questions or concerns you have on these or any recent threats. Your security is our priority!
Stay safe and informed! 🚀
Akira Ransomware Attackers Targeting and Wiping NAS and Tape Backups: Recommendations for Enhanced Cybersecurity
There has been a recent surge in Akira ransomware attacks, particularly in Finland, where the attackers have been actively targeting organizations' backups. The attackers exploit vulnerabilities in internet-facing Cisco ASA or FTD devices, gaining unauthorized access to networks. They then proceed to delete backups before deploying the ransomware, rendering victims helpless. The Finnish National Cybersecurity Center (NCSC-FI) advises organizations to implement multi-factor authentication (MFA) for login credentials, upgrade Cisco devices to fixed versions, and create offline backups stored in different physical locations. Additionally, following the 3-2-1 rule of maintaining three backups in two different places, with one copy completely off the network, is recommended for critical data. Heightened cybersecurity measures are necessary to mitigate the impact of Akira ransomware attacks and protect organizations from data loss and extortion.
https://www.helpnetsecurity.com/2024/01/12/finland-akira-ransomware/
CISA Warns of Actively Exploited Critical Microsoft SharePoint Bug
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning stating that a critical vulnerability in Microsoft SharePoint is being actively exploited by attackers. The vulnerability, identified as CVE-2023-29357, allows remote attackers to gain administrator privileges on unpatched servers by bypassing authentication using spoofed JWT authentication tokens. This flaw can also be combined with another critical bug, CVE-2023-24955, to execute arbitrary code on compromised SharePoint servers. The exploit chain was successfully demonstrated during the Pwn2Own contest in March 2023, and proof-of-concept exploits have been released, further increasing the risk of exploitation. Organizations are advised to patch their systems promptly to mitigate the vulnerability.
Ukrainian Cybercriminal Arrested for Exploiting CloudServices in Extensive Cryptojacking Scheme
A 29-year-old Ukrainian national has been apprehended for orchestrating a sophisticated cryptojacking operation, resulting in illicit profits exceeding $2 million. The individual, considered the mastermind behind the scheme, was caught in Mykolaiv, Ukraine, with the assistance of Europol and a cloud service provider. The suspect managed to infect the servers of a prominent American company with a miner virus, gaining control of over 1,500 compromised accounts. The cybercriminal utilized brute-force tools and created over one million virtual computers to ensure the smooth operation of the malware. Cryptojacking involves unauthorized usage of computing resources to mine cryptocurrencies, often achieved by compromising credentials or infrastructure. This arrest highlights the ongoing battle against these illicit activities and serves as a warning to other cybercriminals operating in the cryptojacking realm.
https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html
Over 178K SonicWall Firewalls Vulnerable to DoS and Potential RCE Attacks
Security researchers have discovered that over 178,000 SonicWall next-generation firewalls (NGFW) with exposed management interfaces are susceptible to denial-of-service (DoS) and potential remote code execution (RCE) attacks. These vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656, allow attackers to exploit the firewalls, potentially gaining remote code execution capabilities. While there is currently no evidence of these vulnerabilities being exploited in the wild, experts warn of the significant attack surface and advise remediation actions to prevent potential disruptions and unauthorized access.
.svg)