Featured Story
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
CISA and the FBI have issued a joint cybersecurity advisory in response to active exploitation of a MOVEit vulnerability by the CL0P ransomware gang. The advisory includes indicators of compromise (IOCs), tactics, techniques, and mitigation guidance.
The TA505 threat actor group behind CL0P has compromised thousands of organizations globally, including high-profile victims like the BBC. The MOVEit vulnerability was used to exfiltrate data from impacted systems.
We advise following the CISA/FBI recommendations:
- Inventory all assets and data, and review unauthorized access
- Enforce least privilege policies and allowlisting
- Patch systems promptly and run vulnerability assessments
- Harden network services and monitor for unusual activity
Our SOC team is available to assist with threat hunting or containment guidance.
Other Stories
Barracuda Urges Customers to Replace Hacked Email Security Appliances
Following active exploitation of CVE-2023-2868, Barracuda recommends customers replace compromised ESG appliances entirely. While patches were released, the company advises decommissioning affected hardware.
A rare and serious case — even after patching, full appliance replacement is advised. If you use Barracuda ESG, scan for published IOCs, and contact Barracuda or our SOC for further response assistance.
Google Fixed the Third Chrome Zero-Day of 2023
Google has patched CVE-2023-3079, a type confusion flaw in the V8 engine of Chrome. The bug was actively exploited in the wild, potentially by state-sponsored attackers. Other Chromium-based browsers (Edge, Brave, Opera) are also impacted.
All users should update to Chrome 114.0.5735.110 (Windows) or 114.0.5735.106 (macOS/Linux). Our SOC can assist in identifying browsers at risk and monitoring for signs of exploitation via web logs or EDR data.
VMware Plugs Critical Flaws in Network Monitoring Product
Three critical vulnerabilities were found in VMware Aria Operations for Networks (formerly vRealize Network Insight). CVE-2023-20887, a command injection flaw, scored 9.8/10 CVSS and poses a high RCE risk.
No workarounds are available. Update immediately using the official VMware KB. Our SOC is available to support remediation and threat hunting around these critical flaws.
Do You Fear That Your Passwords Are Circulating on the Internet?
Safeonweb reminds users that personal data is often stolen from platforms like online shops, healthcare portals, and social media. The Have I Been Pwned platform helps users check if their data has been leaked in a breach.
Check if your data has been compromised and:
- Change passwords for impacted platforms
- Enable two-factor authentication wherever possible
For businesses, our SOC can help with credential exposure monitoring and awareness campaigns.
