Cyber Security Today, April 5, 2024 – New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more

Share post:

A new ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more.

Welcome to Cyber Security Today. It’s Friday, April 5th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.


Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


A new ransomware group emerged last month. Dubbed the RedCryptoApp, researchers at Netenrich say the gang has published data allegedly stolen from 11 organizations. That includes five in the U.S., and one each in Canada, Denmark, Spain, Italy, India and Singapore. Victim firms are in the software, manufacturing, IT, education, construction and hospitality sectors. the gang has likely been in business since December.

After the discovery of several product vulnerabilities in the last three months Ivanti is promising a new era of security. CEO Jeff Abbot said Thursday that the company is looking critically at every phase of its development processes to ensure the highest level of protection for customers. The promise includes revamping of core product engineering and using secure-by-design methodology. This comes after four new holes in Ivanti Connect Secure and Policy Secure Gateways were disclosed. Patches are available now. In January Ivanti revealed two vulnerabilities in Connect Secure and Policy Secure, followed three weeks later by the disclosure of two more holes had been found. A fifth was disclosed in February. A suspected Chinese threat group is believed to be among those exploiting the vulnerabilities. Among the victims: The U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The current value to cybersecurity pros of the Common Vulnerabilities and Exposures (CVE) List and the National Vulnerability Database is being questioned. That’s partly because the U.S. National Institute of Standards and Technology, which maintains the national database and uses the CVE list, has a backlog of vulnerabilities to process. NIST hopes a consortium of industry, governments and others will help. But SecurityWeek columnist Kevin Townsend also says the CVE database, which is overseen by the not-for-profit MITRE organization has its own problems. A hundred thousand vulnerabilities have no CVE number. And not all of those that do are real vulnerabilities. There’s also a problem with rating the criticality of vulnerabilities, which impairs the ability of IT administrators to decide which bugs needs to be patched first. IT pros need to pay attention to this issue and offer solutions.

IT administrators are being warned to check with their server providers for security updates to close vulnerabilities in their implementation of HTTP/2. A number of applications are vulnerable to a denial of service attack including Red Hat and SUSE Linux, the Apache HTTP Server Project including Apache Tomcat and Traffic Server, the Go programming language, AMPHP (a library for PHP-based projects) and some products from Arista Networks. Discovered by researcher Bartek Nowotarsk,i the root cause is an incorrect handling of headers and multiple Continuation frames which ultimately leads to Denial of Service. If no fix is available admins may have to disable HTTP/2 on servers.

Finally, Sophos released its latest Active Adversary report on cybersecurity attacks its staff investigated. For the fourth year in a row the most common way threat actors got into Windows systems was by taking advantage of security holes in a remote desktop server. In 90 per cent of attacks Sophos investigated last year abuse of RDP was in some way involved. In one case, an organization was compromised four times within six months through a customer’s exposed RDP ports. How are attackers abusing RDP? The most common way in the 150 cases investigated last year was through compromised credentials. In 43 per cent cases the organizations did not have multifactor authentication to protect logins. Is your IT department securing remote access?

Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss recent news including a report highly critical of Microsoft’s security by the U.S. Cyber Safety Review Board, a case study of a ransomware attack and a plot to infect a critical Linux library.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker

The post Cyber Security Today, April 5, 2024 – New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Will the “AI bubble” burst? Hashtag Trending for Wednesday, July 10, 2024

Europe may be reigning in big tech, but Canada and the US are struggling, despite public concern.  Analysts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways