A new ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more.
Welcome to Cyber Security Today. It’s Friday, April 5th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A new ransomware group emerged last month. Dubbed the RedCryptoApp, researchers at Netenrich say the gang has published data allegedly stolen from 11 organizations. That includes five in the U.S., and one each in Canada, Denmark, Spain, Italy, India and Singapore. Victim firms are in the software, manufacturing, IT, education, construction and hospitality sectors. the gang has likely been in business since December.
After the discovery of several product vulnerabilities in the last three months Ivanti is promising a new era of security. CEO Jeff Abbot said Thursday that the company is looking critically at every phase of its development processes to ensure the highest level of protection for customers. The promise includes revamping of core product engineering and using secure-by-design methodology. This comes after four new holes in Ivanti Connect Secure and Policy Secure Gateways were disclosed. Patches are available now. In January Ivanti revealed two vulnerabilities in Connect Secure and Policy Secure, followed three weeks later by the disclosure of two more holes had been found. A fifth was disclosed in February. A suspected Chinese threat group is believed to be among those exploiting the vulnerabilities. Among the victims: The U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The current value to cybersecurity pros of the Common Vulnerabilities and Exposures (CVE) List and the National Vulnerability Database is being questioned. That’s partly because the U.S. National Institute of Standards and Technology, which maintains the national database and uses the CVE list, has a backlog of vulnerabilities to process. NIST hopes a consortium of industry, governments and others will help. But SecurityWeek columnist Kevin Townsend also says the CVE database, which is overseen by the not-for-profit MITRE organization has its own problems. A hundred thousand vulnerabilities have no CVE number. And not all of those that do are real vulnerabilities. There’s also a problem with rating the criticality of vulnerabilities, which impairs the ability of IT administrators to decide which bugs needs to be patched first. IT pros need to pay attention to this issue and offer solutions.
IT administrators are being warned to check with their server providers for security updates to close vulnerabilities in their implementation of HTTP/2. A number of applications are vulnerable to a denial of service attack including Red Hat and SUSE Linux, the Apache HTTP Server Project including Apache Tomcat and Traffic Server, the Go programming language, AMPHP (a library for PHP-based projects) and some products from Arista Networks. Discovered by researcher Bartek Nowotarsk,i the root cause is an incorrect handling of headers and multiple Continuation frames which ultimately leads to Denial of Service. If no fix is available admins may have to disable HTTP/2 on servers.
Finally, Sophos released its latest Active Adversary report on cybersecurity attacks its staff investigated. For the fourth year in a row the most common way threat actors got into Windows systems was by taking advantage of security holes in a remote desktop server. In 90 per cent of attacks Sophos investigated last year abuse of RDP was in some way involved. In one case, an organization was compromised four times within six months through a customer’s exposed RDP ports. How are attackers abusing RDP? The most common way in the 150 cases investigated last year was through compromised credentials. In 43 per cent cases the organizations did not have multifactor authentication to protect logins. Is your IT department securing remote access?
Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss recent news including a report highly critical of Microsoft’s security by the U.S. Cyber Safety Review Board, a case study of a ransomware attack and a plot to infect a critical Linux library.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker