Ethan Grammer
Guillermo Sánchez / September 28, 2024 / 3 minutes of readingAdvisories, Vulnerabilities & Alerts
Adobe Releases Security Updates for Multiple Products
Description: The Cybersecurity & Infrastructure Security Agency (CISA) has released an advisory citing multiple Adobe products with their latest vulnerabilities and associated patches. All software that is present within an organization should be patched immediately to prevent malicious threat actors from exploiting the vulnerabilities against machines.
Recommended Actions:
- Implement Adobe-provided patches and/or workarounds for each piece of software that is present within your organization
Take Action Now: Perform a software inventory check on all listed Adobe products from the associated advisory, and immediately patch affected products and versions.
External Links:
Veeam Releases Patch for Critical Vulnerability
Description: Veeam has released a new software patch that addresses a critical vulnerability found within the company’s Backup & Replication product which allows a threat actor to fully takeover a compromised system.
Recommended Actions:
- Ensure that Veeam backup servers are not exposed to the internet if not absolutely necessary
- Do a full inventory of all internal systems utilizing Veeam as a backup solution and check systems for affected version
- Ensure that systems are regularly patched with third-party software and operating systems
- Regularly stay up to date with software patches and associated vulnerabilities to ensure that potentially vulnerable software is patched in a timely manner
Take Action Now: Update affected Veeam Backup & Replication servers to the latest stable software release from Veeam (12.2.0.334).
External Links:
RansomHub Ransomware
Description:
According to the US government, since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services, and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
RansomHub ransomware IOCs and TTPs have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
Recommended Actions:
- Ensure strong passwords.
- Keep all operating systems, software, and firmware up to date, as soon as they are released.
- Require phishing-resistant multifactor authentication ((i.e., non-SMS text based)) to administrator accounts and for as many services as possible.
- Segment networks.
- Maintain offline backups of data, and regularly maintain backup and restoration.
Take Action Now:
- Add the updated IOCs provided by CISA in this advisory to your SIEM tool to aid in the RansomHub ransomware detection.
- Train users to recognize and report phishing attempts.
External Links:
FBI and CISA Warn of Iranian-Backed Ransomware Campaigns against U.S. Organizations
Description: The Federal Bureau of Investigation (FBI), along with the Cybersecurity & Infrastructure Security Agency (CISA) has released a security advisory warning U.S. organizations of potential ransomware campaigns initiated by Iranian-backed criminal cyber groups. The advisory states that a number of private Iranian-backed cyber groups are targeting various sectors in the United States in an attempt to deploy ransomware attacks and gain network access.
Recommended Actions:
- Review the CISA advisory that details the sources and methods likely used by the Iranian-backed groups to gain unauthorized access to systems
- Add the related Indicators of Compromise (IOC) to current threat intelligence platforms for monitoring
Take Action Now: Ensure that all publicly-facing infrastructure is updated with the latest security patches and has active monitoring in place
External Links: