CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.5.JAN.24

PreviousCCTR.6.FEB.24NextCCTR.4.JAN.24

Last updated 1 year ago

Monday morning Cyber coffee read CCTR.5.JAN.24.

According to the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals and nation-state actors may have been actively exploiting several new vulnerabilities, such as VMware vCenter (CVE-2023-34048 CVSS 9.8), Atlassian Confluence Data Center (CVE-2023-22527 CVSS 10), and GoAnywhere MFT (CVE-2024-0204 CVSS 9.8). Prioritize these assets if you are using these technology stacks on internet-facing systems; it's patch time.

https://therecord.media/cybersecurity-experts-warn-of-vulnerabilities-apple-atlassian-fortra

Hewlett Packard Enterprise (HPE) disclosed that the suspected Russia-linked cyberespionage group Midnight Blizzard, also known as APT29 aka Cozy Bear, accessed their Microsoft Office 365 cloud-based email environment. The investigation revealed unauthorized access and data exfiltration dating back to May 2023.

Microsoft also recently issued a warning about the same Russia-linked group, Midnight Blizzard, compromising some of its corporate email accounts. The threat actor employed a password spray attack to compromise a legacy non-production test tenant account, establishing a foothold. Subsequently, they leveraged the account's permissions to access specific Microsoft corporate email accounts.

https://securityaffairs.com/158097/security/midnight-blizzard-hacked-hpe.html

Guidance for responders https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/

A threat actor successfully scraped data from an exposed Trello API and put it up for sale on a cybercrime marketplace. While scraping public data is not usually a concern, as the data was already public, email addresses associated with Trello accounts were only meant to be known by the account holder. Therefore, linking private data, such as an email, to the public profile elevates the severity of the leak. The abuse of the Trello API highlights the potential risks associated with the misuse of legitimate APIs and stresses the importance of robust API security measures.

https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million-accounts/

Despite the FBI's takedown of some of the group's infrastructure in December 2023, the "ALPHV"/"BlackCat" ransomware group has resurfaced. In their most recent attack on a healthcare provider, the group is not only threatening to release the stolen data but also to report the victim to the US Department of Health and Human Services (HHS). This pattern of escalation reflects a broader trend among cybercriminals, involving direct contact with individual victims whose data was compromised or reporting to regulatory agencies to intensify pressure for ransom payments.

https://thecyberexpress.com/cyberattack-on-brightstar-care/