Take a look at Cyber Vigilance's security news top picks from the week in our Cyber Weekly Digest. In this digest, we dive into Microsoft's June Patch Tuesday and the latest updates from the MOVEit transfer app hack. Keep reading to stay up to date on the latest cyber security news from across the globe.
June's Microsoft Patch Tuesday saw security updates for 78 flaws, including 38 remote code execution vulnerabilities. Although 38 RCE vulnerabilities were fixed, Microsoft only rated six as critical. The update also included patches for three security feature bypasses, 17 elevations of privileges, 10 denial of service flaws, and more. One positive from this month's updates is that there are no zero-day vulnerabilities or actively exploited bugs.
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorised access to the environment." Progress Software urges customers to turn off all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared. The vulnerability joins the zero-day being exploited by the Clop ransomware group to mass target companies worldwide. The Clop gang also started extorting victims of the attack after they gave June 14th as the negation deadline.
A threat group known as "Pink Drainer" has been impersonating journalists in phishing attacks targeting Discord and Twitter accounts. According to analysts, Pink Drainer was able to compromise 1,932 victims and stole just under $3 million in digital assets. They were also able to steal $327,000 in NFTs from just one person. The attacks are carried out through social engineering in which Pink Drainer impersonates journalists from popular media Outlets such as Cointelegraph and Decrypt, asking victims to participate in fake interviews. Pink Drainer remains active, so digital asset holders are urged to be suspicious of media outlet communications.
Allied security agencies released a new advisory this week, revealing that the infamous LockBit ransomware allowed attackers to steal $91 million from US victims since 2020. They also claimed that LockBit was the most deployed ransomware of 2022 and accounted for 1700 attacks in the US. Since January 2020, affiliates of the ransomware-as-a-service outfit have targeted organisations of varying sizes and in multiple critical infrastructure sectors. The advisory warns that LockBit continues to be a real threat to any organisation. Later this week, the US also arrested an individual who was allegedly involved in deploying LockBit to US victims.
This week the Swiss government revealed that a recent ransomware attack on an IT supplier may have impacted their data and that they are also being targeted in DDoS attacks. The IT supplier was compromised by the Play ransomware gang at the end of May, as the threat actor claimed to have stolen documentation, including private and confidential data. The Swiss government portal warned users able access problems after an outage caused by a DDoS attack launched by a pro-Russian hacktivist group called NoName. The hacktivists attacked the website after parliament members discussed sending aid to Ukraine.