Dec 28 2023

Chinese Hackers Exploit New Zero-Day In Barracuda’s ESG To Deploy Backdoor

Category: cyber security,Information Security,Zero daydisc7 @ 12:56 pm

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841.

Additionally, the vulnerability targeted only a limited number of ESG devices. 

However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been automatically applied to all the devices, which does not require any action from the user.

The new vulnerability has been assigned to CVE-2023-7102, and the severity is yet to be categorized.

Chinese Hackers Exploit New Zero-Day

This vulnerability exists due to using a third-party library, “Spreadsheet::ParseExcel,” in the Barracuda ESG appliances.

This open-source third-party library is vulnerable to arbitrary code execution that can be exploited by sending a specially crafted Excel email attachment to the affected device.

The Chinese Nexus threat actors have been using this vulnerability to deploy new variants of SEASPY and SALTWATER malware to the affected devices.

However, Barracuda has patched these vulnerabilities accordingly. Moreover, Barracuda stated, “Barracuda has filed CVE-2023-7102 about Barracuda’s use of Spreadsheet::ParseExcel which has been patched”.

Another vulnerability, CVE-2023-7101, affected the same spreadsheet: ParseExcel, and no patches or updates were available.

Nevertheless, both of these vulnerabilities were associated with a previously discovered vulnerability, CVE-2023-2868, that was exploited by the same threat group in May and June 2023.

Furthermore, a complete report about these vulnerabilities, along with additional information, has been published, which provides detailed information about this vulnerability and the previously discovered vulnerabilities.

Indicators Of Compromise

MalwareMD5 HashSHA256File Name(s)File Type
CVE-2023-7102 XLS Document2b172fe3329260611a9022e71acdebca803cb5a7de1fe0067a9eeb220dfc24ca56f3f571a986180e146b6cf387855bddads2.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acddon.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acdpersonalbudget.xlsxls
SEASPY7b83e4bd880bb9d7904e8f553c2736e3118fad9e1f03b8b1abe00529c61dc3edf da043b787c9084180d83535b4d177b7wifi-servicex-executable
SALTWATERd493aab1319f10c633f6d223da232a2734494ecb02a1cccadda1c7693c45666e1 fe3928cc83576f8f07380801b07d8bamod_tll.sox-sharedlib

Network IOCs

IP AddressASNLocation
23.224.99.24240065US
23.224.99.24340065US
23.224.99.24440065US
23.224.99.24540065US
23.224.99.24640065US
23.225.35.23440065US
23.225.35.23540065US
23.225.35.23640065US
23.225.35.23740065US
23.225.35.23840065US
107.148.41.146398823US

Tiger Trap: America’s Secret Spy War with China

21st Century Chinese Cyberwarfare

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: 21st Century Chinese Cyberwarfare, cyber security, Tiger trap, zero-day


Oct 02 2015

Cyber crime costs the global economy $445 billion a year

Category: cyber security,CybercrimeDISC @ 3:06 pm

by 

A new report – A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity – reveals that cyber crime costs the world $445 billion annually, with the top ten economies accounting for more than 50% of the costs. Since 2005 there have been 5,029 reported data breach incidents in the US alone, and at least 200 breaches in Europe involving 227 million records.

It is estimated that the average cost of a data breach is $3.8 million, which is up from $3.3 million a year earlier.

AGCS_Cyber_Crime_full

Source: A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity, Allianz Global Corporate & Specialty (AGCS)

Cyber risks are underestimated

Published by Allianz Global Corporate & Specialty (AGCS), the report warns that “cyber risk is the risk most underestimated by businesses” and asserts that “everyone is a target”.

73% of respondents who took part in an Allianz Risk Barometer 2015 believe that underestimation of cyber risks is preventing companies from being better prepared for them. Other hindrances include budget constraints (59%), failure to analyze the problem (54%), IT infrastructure that is too sensitive for major changes (30%) and failure to identify the right personnel (10%).

The US shows higher levels of awareness of cyber risk due to having tougher legislation than other countries. The majority of US states require companies to notify individuals of a breach. Europe is heading in the same direction, with the European Union (EU) currently reviewing its data protection law and planning to introduce more stringent rules in terms of data breaches.

Data shows that cyber attacks are becoming more frequent and sophisticated. The number of detected cyber attacks was up by 48% in 2014 according to the Global State of Information Security Survey 2015.

In order to protect themselves from breaches, businesses should identify key assets at risk and make decisions as to what risks to accept, avoid, mitigate or transfer.

Future cyber risk trends

The AGCS report makes predictions that businesses will be increasingly exposed to risks from the supply chain and that we are yet to witness “a major cyber event of truly catastrophic proportions”.

Jens Krickhahn, practice leader, Cyber & Fidelity at AGCS Financial Lines Central & Eastern Europe, explains:

“Business exchanges with partners are increasingly electronic.

“Even if a company is confident in its own IT controls, it is still exposed to cyber risk through its business partners, contractors and supply chains.”

The Internet of Things (IoT) is seen as one of the biggest factors that will change the face of cyber threats leading to interconnected risks. It will exacerbate vulnerabilities, bringing increasing potential for physical loss and data breaches.

ISO 27001 and cyber risks

Management of information security risks is at the core of the ISO 27001, the international standard that sets out the specifications of an information security management system (ISMS).

ISO 27001 requires compliant organizations to carry out risk assessments based on agreed criteria. The outcome of the risk assessment should enable the business to balance expenditure on controls against the business harm likely to result from security failures.

Download IT Governance’s free green paper, Risk Assessment and ISO 27001, to learn more about managing cyber risks.





Tags: cyber attack, cyber criminals, cyber security, cyber threats, Cyber-warfare, Cybercrime


Jun 19 2015

Cyber Resilience Best Practices

Category: Cyber Insurance,cyber security,CybercrimeDISC @ 11:07 am

Cyber Resilience

Cyber Resilience

RESILIA™ Cyber Resilience Best Practices

AXELOS’s new guide RESILIA™ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle

RESILIA™ Cyber Resilience Best Practices

Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices
is part of the AXELOS RESILIA™ portfolio.

RESILIA™ Cyber Resilience Best Practices is aimed at anyone that is responsible for staff or processes that contribute to the cyber resilience of the organization.

The methodology outlined in this manual has been designed to complement existing policies and frameworks, helping create a benchmark for cyber resilience knowledge and skills.

  • Designed to help organizations better prepare themselves to deal with the increasing range and complexity of cyber threats.
  • Provides a management approach to assist organizations with their compliance needs, complementing new and existing policies and frameworks.
  • Developed by experts in hands-on cyber resilience and systems management, working closely with subject and technology experts in cyber security assessment.
  • Supports the best-practice training and certification that is available to help organizations educate their staff by providing a defined benchmark for cyber resilience knowledge and skills.
  • Aligned with ITIL®, which is the most widely accepted service management framework. The best practice is equally suitable for organizations to adopt within other systems, such as COBIT® and organization-specific frameworks.

 

Target market

 

  • Managers who are responsible for staff and processes where cyber resilience practices are required – for example those processing payment card information, sensitive commercial data or customer communications.
  • IT service management teams, IT development and security teams, cyber teams and relevant team leaders that operate the information systems that the organization relies on.
  • IT designers and architects, those responsible for the design of the information systems and the controls that provide resilience.
  • The chief information security officer (CISO), the chief security officer (CSO), IT director, head of IT and IT managers.

 

Buy this guide and gain practical guidance on assessing, deploying and managing cyber resilience within business operations.
RESILIA™ Cyber Resilience Best Practices





Tags: Chief Information Security Officer, CISO, Computer security, CSO, cyber crime, Cyber Defence, Cyber Insurance, Cyber protection, Cyber Resilience, cyber security, Cyber Security countermeasures, Cyber Security Safeguards, cyber threats, data security, Information Security, Information Technology Infrastructure Library, ISO, iso 27001, iso 27002


Mar 06 2013

Your Cyber Security Project

Category: cyber securityDISC @ 12:04 pm

by James Warren

Internet technologies have revolutionised the way that business is conducted but these innovations expose your business to various cyber security risks.

Inadequate security can lead to the theft of customer data and, in the event of technological failure or a cyberattack, your business could lose its ability to function altogether. An effective risk management strategy is, therefore, vital to your company’s survival.

Cyber Security Risks for Business Professionals: A Management Guide Cyber Risks for Business Professionals: A Management Guide 

A general guide to the origins of cyber security risks and to developing suitable strategies for their management. It provides a breakdown of the main risks involved and shows you how to manage them.

Cybersecurity standards are an important element in building a strong, resilient information and communications infrastructure. ISO/IEC 27001 is the most significant international best practice standard available to any organisation that wants an intelligently organised and structured framework for tackling its cyber risks. As the leading provider of cyber security products and services, ITG can help you with any aspect of your project:

  • ITG publish books & documentation toolkits and sell the full range of cyber security standards. Saving you the hassle of shopping around;
  • ITG is responsible for world’s first certificated programme of ISO27001 education, offering delegates the opportunity to help their organisation achieve compliance and best practice and attain an industry-standard qualification;
  • ITG have created a comprehensive range of staff awareness solutions, an often overlooked element of a well-implemented IT project;
  • ITG industry-leading software tools, developed with your needs and requirements in mind, make Information Security Risk Management straightforward and affordable for all;
  • And ITG team of expert consultants are on tap to help you along the way. From an hour of live-online consultancy or a gap analysis to full certification projects, ITG focus on transferring knowledge and skill to you and your people, so that you can continue meeting compliance targets after the initial implementation period ends.

Cyber Security Risks for Business Professionals: A Management Guide  >> ITG | eBay | Amazon




Tags: Computer security, cyber security, Information Security, ISO/IEC 27001, Risk management


Nov 13 2009

Cyber criminals deface 50 to 60 Indian websites a day

Category: CybercrimeDISC @ 2:52 pm

microsoft_fr_hacked
Image by Clopin via Flickr

Webnewwire.com report submitted on November 11, 2009

Has your girlfriend blocked you and you cant see her on-line? Wondering how to keep your email account protected? Or want to hide files from your annoying siblings? MTV’s got Ankit Fadia – the coolest Ethical Hacker in the world to give you everything from tips, tricks to cheat codes that will help make your life on the world wide web a whole lot simpler. Learn cool stuff that you can with your computers, Internet, mobile and other technology in your life!

This is India’s first tech show which does not review tech gadgets, websites or software instead it gives viewers a low down (or download!) on cool stuff that they can do with technology that will make their every day life cooler, simpler and stylish!

I am hosting “MTV What the Hack!” show with MTV VJ Jose, informed Ankit Fadia who was in city on a private visit. Watch it on MTV India every Saturday @ 8:20 PM. Repeat Telecasts every day, he appealed to the people

The show is a guy show with lots of typical MTV style humour. VJ Jose and Ankit Fadia shoot the episodes without a script and just naturally jam in front of camera and talk about technology. The show has got a very good response so far as it is being different from other shows. Most of the tech shows in India are review based shows where gadgets, software and websites are reviewed. This is the India’s first reach show that actually teaches viewers something. The show is on as part of MTV’s move to beyond music and beyond television. Since October 17 this year dropped ‘Music Television’ baseline which has been there in India for the past 13 years. Music contributes about 40 per cent of its programming and soon will go down to 25 per cent. This is happening as part of repositioning exercise MTV kicked off two years back. MTV is born of music, inspired by music, driven by music –but not limited by music. IT is now about new ideas, new formats, new ways of reaching people in new places they choose to live in.

Addressing the press conference Ankit Fadia spoke on various issues concerning Cyber Security in India. Speaking about Cyber security issues India is facing today he said Pakistani cyber criminals are able to deface 50 to 60 Indian websites a day, but, in retaliation only 10 to 15 Pakistani websites are defaced. And this has been going on since 2001. Nodoubt, India is IT capital of the world, but, as far as security is concerned India is far lagging behind, informed Ankit.

Speaking further he added that Terrorists are using most advanced technologies for communication. Which include mainly VOIP(Voice Over Internet Protocol) Chats, hiding messages inside photographs, draft emails, encrypted pen drives etc are some of the techniques to communicate with each other, he informed.

Cyber laws in India are quite good, b ut the problem is that the police who enforce those laws are ill equipped and are not trained properly. And he challenged media to visit the nearest police station and lodge a cyber crime complaint. And you will shocked that 9 out of 10 times, the officials attending you won’t follow what you are saying, said Ankit.

The biggest problem that the police worldwide face while solving cyber crime is the fact that the Internet has no boundaries, however, while investigating a cyber crime case a number of geographical, political, social and diplomatic boundaries come into the picture.

The next big security threat could be from Social Networking, Ankit declared. Everybody in India is on the social networking bandwagon. Even Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor, Barack Obama and many other celebrities are updating Twitter daily. The latest viruses, worms, spyware and malware spread through social networking websites like Twitter, Facebook, Orkut and Myspace.

You will receive a private message from one of your friend (who is already infected) containing a link to a Youtube video. Halfway through the video, it will prompt you to download some Video Plugin or Code. Since the message came from your friend, most people tend to trust it and get infected!, said Ankit.

There are many financial scams and frauds happening on social networking websites. Get rich quick schemes, Earn Money Online Scams and various money laundering attacks now come to you through a Twitter update or a Facebook wall post!. Since Social Networking websites are all about your friends, many people are susceptible to the attack, Ankit said and added that Antivirus companies need to gear up to have a social networking aspect to them. People need to be made aware of the threats of social networking!

Another next big security threat could be People Hacking, he informed. People Hacking is all about sweet talking people to get things done. Especially things that they would normally don’t do or should not do!. People Hacking happens around us all the time. In the office, with your friends, at the check in counters at the airport or on the phone with the call centre. To carry out People Hacking you need to know what to say to whom and more importantly how to say it. Inducing fear, guilt, sympathy or just overpowering the victim with your words can lead to People Hacking, informed Ankit Fadia.

When asked about advise like Dos and Don’ts for average internet user he listed out the following.

– Use an Antivirus. More importantly, update it every week.

– Use an Anti Spyware. Update it every week.

– Use a Firewall. They are not as technical as they sound. A very good firewall that I recommend is Zone Alarm. Just do a Google search to download it.

– Use a strong password for all your accounts—a combination of alphabets, numbers and special characters. Use both lowercase and uppercase.

– Use Windows Update every fortnight to patch Windows.

– Use a Key Scrambler—a software the scrambles your keys in such a way that key loggers & other spying tools cant record what you type on your computer.

– Use a password on your Wi Fi network.

Reblog this post [with Zemanta]




Tags: Aishwarya Rai, Ankit Fadia, Barack Obama, cyber security, facebook, Google, MySpace, pakistan, Priyanka Chopra, Security, social engineering, Social Networking, Twitter, World Wide Web, YouTube


Jul 08 2009

Cyber attacks on US Government websites

Category: CybercrimeDISC @ 4:51 pm

cyberattack
Image by Boyce Duprey via Flickr
Associated Press reported by Hyung-jin Kim, Wed Jul 8 “South Korean intelligence officials believe North Korea or pro-Pyongyang forces committed cyber attacks that paralyzed major South Korean and U.S. government Web sites, aides to two lawmakers said Wednesday.”

See the details at the link below:
Cyber attacks on South Korean and U.S. government Web sites

Information Warfare: How to Survive Cyber Attacks

Cyber Threat

Cyber Security





Tags: cyber attack, cyber attacks, cyber crime, cyber criminals, cyber security, cyber terrorism, cyber threats, Cyber-warfare, cybergeddon