November 17, 2023 at 11:15AM
SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing gang that made €9 million. The FBI, CISA, and Fortinet released reports on Scattered Spider, Rhysida ransomware, and superior industrial ransomware analysis. Australia and the US released “Business Continuity in a Box” to assist organizations during cyber incidents. Other stories include a new variant of an exploited ActiveMQ vulnerability, PyPI’s first security audit, the exposure of SSH private keys, and various patches for Chrome, Fortinet, Splunk, and Hikvision products.
Based on the meeting notes, here are the key takeaways:
1. Allen & Overy, a top law firm, experienced a data breach and was targeted by the LockBit ransomware group. The attack may have exploited a Citrix product vulnerability.
2. The LockBit ransomware group claimed that the Industrial and Commercial Bank of China paid a ransom after a hack that caused disruption to the US Treasury market.
3. Europol assisted Czech and Ukrainian police in taking down a voice phishing gang that made €9 million by impersonating banks and police in vishing attacks.
4. The FBI, CISA, and Fortinet released reports on the activities and tactics of the ransomware groups Scattered Spider and Rhysida.
5. Dragos released an analysis report on industrial ransomware in the third quarter of 2023, highlighting a decrease in attacks but a more severe impact.
6. Australian and US cybersecurity agencies published the “Business Continuity in a Box” guidance to help organizations quickly restore critical business functions after a cyber incident.
7. A new variant of the exploited Apache ActiveMQ vulnerability (CVE-2023-46604) has been discovered, making detection more difficult.
8. The Python Package Index (PyPI) conducted its first security audit, resulting in 29 security advisories but no high-severity issues.
9. Researchers demonstrated that SSH private keys protecting SSH traffic can be exposed due to an error, although the impact is rare.
10. Security advisories were released for Chrome, Fortinet products, Splunk Enterprise, and Hikvision NVR/DVR devices, addressing critical vulnerabilities in some cases.
Note: For more details on these stories, refer to the SecurityWeek weekly cybersecurity roundup publication.