Cyber Security Today, April 22, 2024 -Vulnerability in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more

Vulnerability found in CrushFTP file transfer software, security updates for Cisco’s controller management application, and more.

Welcome to Cyber Security Today. It’s Monday April 22nd, 2024. I’m Howard Solomon.

A warning is going out about a vulnerability in another file transfer platform. The hole is in CrushFTP servers, which run on Windows, Linux, Unix and macs. Versions below 11.1 are open to compromise. The exceptions are servers that have a DMZ in front of their main CrushFTP servers.

Cisco Systems has released security updates to close vulnerabilities in its Integrated Management Controller, a web interface used in a number of products. A remote hacker could exploit one of these vulnerabilities to take control of a system. Products affected include 5000 series Enterprise Network Compute Systems, UCS-C, E and S series servers, and Catalyst 8300 series edge servers.

LastPass, which makes a password manager used by companies and individuals, says a phishing campaign to trick users into giving up their passwords has begun a new phase. People get a phone call claiming their LastPass account has been compromised and are asked to press 2 to block the attack. Then the victim gets a second phone call from a person pretending to be a LastPass employee, who sends them an email with a supposed link to reset their account. The link, though, goes to a fake LastPass web page where the victims’ passwords are copied so the crook can enter their LastPass account and change the access password. From there the crook can do nasty things like access bank accounts. No one will call you claiming to be from LastPass support. Or Microsoft. Or your bank. Or the government.

A new variant of the Redline information stealer has been spotted. Researchers at McAfee don’t say how it’s being distributed. But it seems to be aimed at gamers because the malware tries to install an application called Cheat Lab. But network defenders should note two things: The malware appears to be hosted on Microsoft’s official GitHub repository. As researcher Ax Sharma notes in a tweet, that takes advantage of a GitHub flaw. Defenders should also note the malware includes a Lua just-in-time compiler to help evade detection.

Administrators that use Ivanti’s Avalanche mobile device management software should consider the application as well as the laptops, smartphones and other devices they manage to be compromised. That’s the advice from commentators at the SANS Institute. It follows the release by Ivanti of security updates to patch more 17 vulnerabilities.

Separately, last week the MITRE Corp., which creates cybersecurity frameworks, admitted a threat actor used two zero-day vulnerabilities in its Ivanti Connect Secure gateway earlier this month to get past defences. Using session hijacking, the attacker was able to get past multifactor authentication. Then they dug deep into MITRE’s VMware infrastructure using a compromised admin account to steal credentials.

The latest list of American organizations notifying customers or employees of data breaches includes

–The Township of Montclair, New Jersey is notifying almost 18,000 people that some of their information was stolen in a data breach last May. Among the information copied were names, driver’s licence numbers and non-driver ID card numbers;

–Kisco Senior Living, a chain of seniors’ residences in 12 states, is notifying over 26,000 people of a data breach that happened last June. Data copied included names and Social Security numbers;

–Green Diamond Resource Company, which logs forests in five states, is notifying almost 28,000 people about a data breach last June. Data copied includes names, Social Security numbers, financial account information, full-access credentials, and driver’s license numbers or state identification numbers.

Finally, cyber defenders may be interested in a background report released last week by several law enforcement agencies on the Akira ransomware gang. It includes a list of the gang’s tactics and indicators of compromise.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon