Ivanti Grapples with New Zero-Day Vulnerability
Ivanti, has urgently addressed a zero-day vulnerability in its Sentry product. The flaw, dubbed CVE-2023-38035, received a severity rating of 9.8/10 and allows unauthorised attackers to access crucial APIs meant for configuring Ivanti Sentry's admin portal. Malicious use could let hackers modify system configurations or introduce files onto the platform.
Despite its high severity, Ivanti asserted that clients who haven't exposed port 8443 online are at a low risk. Nonetheless, some adversaries have already exploited this gap against several Ivanti clients. Ivanti has yet to disclose the exact number of compromised customers.
This vulnerability, affects all current Sentry software versions, with older versions also under threat. As a preventative measure, Ivanti advises customers to disconnect servers from the internet and narrow down access to internal managerial networks.
This incident marks the third significant Ivanti vulnerability exploited in recent times, with past breaches potentially tied to state-sponsored cyber-attacks. The identity of the current attackers, however, remains unknown.
UK Utility Infrastructure Faces Potential Cyber Threat from Energy One Incident
A cyber attack on Energy One, an Australian energy software and services provider, might have impacted critical utility infrastructure operators in the UK. Energy One disclosed the incident to the Australian Securities Exchange (ASX) on Monday 21 August, hinting at its initiation on Friday 18 August.
Board chairman Andrew Bonwick commented on the breach affecting "certain corporate systems" in both Australia and the UK. Immediate measures were taken by Energy One, including engagement with cyber security specialists and notifying the Australian Cyber Security Centre and relevant UK authorities. The priority, Bonwick emphasized, lies in ensuring the security of their staff, customers, and systems. Efforts are ongoing to gauge the extent of the attack and to determine if personal data or customer systems have been compromised.
To mitigate potential downstream spread, Energy One has severed specific links between corporate and user-centric systems. Some notable UK clientele of Energy One includes Good Energy, SSE, and Yorkshire Gas and Power. As the time of writing, there's no concrete evidence suggesting these firms are impacted.
Seiko hit by cyber security Breach; BlackCat Ransomware Gang Claims Responsibility
Watch manufacturer Seiko, recently fell victim to a data breach. On August 10th, 2023, Seiko issued an official statement acknowledging unauthorized access to its IT systems. The breach, suspected to have occurred on July 28, led Seiko to engage external cybersecurity experts on August 2nd. Their preliminary findings indicated a compromise of some stored data. Seiko promptly alerted its business affiliates and customers about the breach, emphasizing caution against deceptive emails or communications masquerading as Seiko.
This week, the notorious BlackCat ransomware gang has publicly taken credit for the cyberattack. They uploaded purportedly stolen data samples, mockingly highlighting Seiko's cyber security vulnerabilities. These samples include employee identification, release plans for new models, lab test outcomes, and most alarmingly, technical blueprints of Seiko watch designs. Such revelations could be catastrophic for Seiko if competitors and replicators gain access to their patented technologies.
BlackCat remains one of the most formidable ransomware entities, pioneering novel extortion methodologies, like clearweb data leak sites and a dedicated data leak API.
Intriguingly Curated Intel hinted at a potential initial access broker marketing entry to a Japanese manufacturer closely resembling Seiko, a day before the company's stated breach date.
Interpol's Africa Cyber Surge II hailed a success following 14 arrests
This week, Interpol announced the outcomes of its cyber crime fighting operation, Africa Cyber Surge II. 14 arrests, and the detection of over 20,000 dubious cyber networks associated with financial damages exceeding $40 million were made.
The operation's revelations encompassed 3,786 malevolent command and control servers, 14,134 IP addresses linked to data theft incidents, 1,415 phishing domains and links, and 939 scam IPs. Interpol emphasized the interrelation between cybercrime and financial fraud, endorsing a "follow the money" approach for law enforcement.
In Cameroon, three individuals were apprehended over an online scam tied to fraudulent art sales totaling approximately $850,000. Mauritius saw arrests related to scams on messaging platforms. Meanwhile, Kenya witnessed the shutdown of 615 malware operators, and two Darknet sites were neutralized in Cameroon.
Jürgen Stock, Interpol's Secretary-General, highlighted the operation's success and acknowledged the enhancements in the cybercrime departments of member nations. "This is a significant step towards reducing global cybercrime and safeguarding regional communities," he stated.
