CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.6.FEB.24

PreviousCCTR.7.FEB.24NextCCTR.5.JAN.24

Last updated 1 year ago

Monday morning Cyber coffee read CCTR.6.FEB.24.

CISA’s Ultimatum

CISA has issued an emergency directive mandating the immediate disconnection of Ivanti Connect Secure and Ivanti Policy Secure products, citing actively exploited security vulnerabilities by Chinese state-based threat actors. To enhance security measures in light of these vulnerabilities, it is advised to continue threat hunting on connected systems, monitor exposed authentication services, isolate devices from enterprise resources, and conduct regular audits on privilege level access accounts.

Ref https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Breach

AnyDesk had a security breach where threat actors allegedly stole the source code and private code signing keys / certificates. In response, AnyDesk revoked security certificates. As a precaution, they also revoke all passwords to their web portal and advise users to change their passwords if the same credentials are used elsewhere.

Ref https://anydesk.com/en/public-statement

Thanksgiving hack

In November, a nation-state actor successfully breached Cloudflare's internal systems with the aim of establishing persistent and extensive access to the global network. The infiltration included unauthorized access to Cloudflare's internal wiki and Jira bug database. Moreover, the actor had limited access to their source code management system as well. The threat actor employed an access token and service account credentials obtained during the Okta compromise in October 2023, which had not been rotated.

Cloudflare team demonstrated commendable transparency by providing detailed information and sharing valuable lessons learned. This serves as a valuable resource for other organizations, offering insights on identifying Indications of Compromise (IOCs).

Ref https://blog.cloudflare.com/thanksgiving-2023-security-incident

Leaking Crypto

Sensitive material, including code and internal passwords from the cryptocurrency exchange Binance, was reportedly leaked on GitHub and remained publicly accessible for months. The exposed content included code related to Binance's security measures, and the leaked passwords were associated with systems marked "prod," indicating their likely use in the production environments.

Ref https://decrypt.co/215438/binance-data-leak-code-security-passwords-on-github