The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data leaks, Disruption, Extortion, Masquerading, Remote access trojans, Tunneling, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Anomali Global Security Event Intel - Progress Software Vulnerabilities – MOVEit & DataDirect Connect
(published: June 16, 2023)
Following the discovery of CVE-2023-34362 and its prior exploitation by a Clop ransomware affiliate, several additional vulnerabilities were discovered in MOVEit Transfer (CVE-2023-35036 and CVE-2023-35708) and other Progress Software products (CVE-2023-34363 and CVE-2023-34364). As the group’s darkweb leak site (>_CLOP^_-LEAKS) started addressing compromised entities, the original exploitation event was assessed as a global security event. This is based on the growing list of known breached organizations and the use of MOVEit among thousands of organizations around the world, including public, private, and government sectors.Analyst Comment: Network defenders should follow the Progress Software Corporation remediation steps that include hardening, detection, clean-up, and installing the recent MOVEit Transfer security patches. YARA rules and host-based indicators associated with the observed MOVEit exploitation are available in the Anomali platform for detection and historical reference.MITRE ATT&CK: [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1036 - Ma ..
Support the originator by clicking the read the rest link below.
