Newsletter

Advisories, Vulnerabilities & Alerts

Hackers target new MOVEit Transfer critical auth bypass bug 

Description:  

The new security issue received the identifier CVE-2024-5806 and allowed attackers to bypass the authentication process in the Secure File Transfer Protocol (SFTP) module, which is responsible for file transfer operations over SSH. The CVE impacts the following versions: 

• 2023.0.0 before 2023.0.11 

• 2023.1.0 before 2023.1.6 

• 2024.0.0 before 2024.0.2 

Recommended Actions: 

• MOVEit Cloud customers do not need to take any action to mitigate the critical flaw, as patches have already been automatically deployed. 

• Fixes were made available in MOVEit Transfer 2023.0.11, 2023.1.6, and 2024.0.2, available on the Progress Community portal. 

Take Action Now: System administrators are advised to block Remote Desktop Protocol (RDP) access to the MOVEit Transfer servers and restrict outbound connections to known/trusted endpoints.

External Links:

Bleeping Computer

Microsoft Arc Browser Fake Installers 

Description: Threat actors set up malicious advertisements on Google Search to attract users looking to download the new web browser. Since these installed the Arc browser as expected, it is unlikely that victims will realize they have become infected with malware. 

Recommended Actions: 

• Users need to be cautions of sponsored results 

• Have in place endpoint detection and response 

Take Action Now: 

Notify users to be aware of sponsored results and recommend contacting the IT department for installing new software. 

External Links:

ThreatDown

BitLocker abused for malware  

Description: BitLocker’s main function is to protect data from theft or exposure. It encrypts a device, and it needs a key to decrypt. Threat actors are using malicious scripts to alter boot settings and enable BitLocker to encrypt the device. 

Recommended Actions: 

• Ensure strong passwords 

• Secure storage of recovery keys 

• Have endpoint detection and response in place 

• Limit user privileges to prevent unauthorized enabling of encryption features or modification of registry keys 

Take Action Now:  

Using Mobile Device Management is recommended to enable BitLocker and store recovery keys. 

External Links:

Kaspersky

FBI and HHS release joint cybersecurity advisory on social engineering threats affecting healthcare sector 

Description: Social engineering threats targeting the health sector are not only about phishing anymore. Spear phishing campaigns (Targeting specific people) are increasing, threat actors are also calling users pretending to be their IT team to force password changes or steal credentials. 

Recommended Actions: 

• Enable Multifactor Authentication for every account. 

• Reduce the usage of remote access tools 

• Raise awareness on official channels of communications and processes related to IT and how the team communicates. 

Take Action Now:  

Leverage awareness training sessions to discuss how users will be contacted by the different departments of the organization and the official channels of communications to mitigate new social engineering risks.

External Links:

Industrial Cyber

Android Patch for critical security flaw on versions 12 and 12L 

Description: Google has released a patch for the critical vulnerability CVE-2024-31320. This vulnerability could allow a threat actor to access and control an Android device without any permissions. 

Recommended Actions: 

• Update the Android Devices to the latest July update 

Take Action Now:  

Updating regularly devices and systems will prevent known vulnerabilities from being exploited. 

External Links:

Giz China