October 11, 2024 at 11:13PM
A joint advisory from US and UK agencies warns of a massive Russian hacking campaign exploiting known vulnerabilities, led by APT29. Organizations are urged to prioritize patching systems and improve cyber defenses. Additionally, phone phishing scams are on the rise, and GitLab users need to patch critical vulnerabilities urgently.
Here are the key takeaways from the meeting notes:
1. **Russian Cyber Threats**:
– The US and UK governments have issued a joint advisory warning about an aggressive cyber campaign by Russian hackers, specifically APT29, linked to the Foreign Intelligence Service (SVR).
– Hackers are scanning for unpatched vulnerabilities across various organizations, increasing the risk for any entity with vulnerable systems.
2. **Vulnerabilities Highlighted**:
– A list of 24 Common Vulnerabilities and Exposures (CVEs) being exploited by the Russians includes critical vulnerabilities in systems like Cisco iOS and JetBrains TeamCity.
– Organizations are advised to install security patches promptly and consider additional security measures such as configuration adjustments to reduce their attack surface.
3. **Rising Phone-Based Phishing Scams**:
– There’s an increase in “telephone-oriented attack delivery” (TOAD), where scammers use phone calls for social engineering attacks instead of emails.
– Employees should be trained to recognize and avoid these scams, particularly against downloading remote control software upon request.
4. **F5 Big-IP Security Advisory**:
– Users of F5 Big-IP Local Traffic Manager are urged to encrypt persistent cookies to prevent exploitation by threat actors who leverage unencrypted cookies to identify and exploit network resources.
– The use of F5’s Big-IP iHealth tool is recommended to ensure best practices are followed.
5. **Urgent GitLab Patching Required**:
– GitLab has released patches for critical vulnerabilities affecting Community and Enterprise editions. This includes a serious flaw allowing unauthorized pipeline execution.
– Users are encouraged to install these patches immediately and consider signing up for email notifications regarding future patches.
6. **New Anti-Scam Initiative**:
– Google has partnered with GASA and DNSRF to launch the Global Signal Exchange, aimed at tracking and profiling online scams.
– This initiative intends to enhance the exchange of abuse signals to facilitate quicker identification and disruption of fraudulent activities across different platforms.
Overall, the notes emphasize the importance of cybersecurity vigilance, proactive measures in patching vulnerabilities, and employee training to recognize and prevent scams.