Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The MOVEIt data breach continues to impact a number of both private and government groups across the US and Europe by exposing confidential data. With breaches like this becoming increasingly common, it can be easy to blame advanced persistent threat (APT) groups and other malicious actors; however, there is a valuable lesson to learn from the MOVEit breach: it is essential to be proactive about these threats, Not doing so may lead to a breach.

In our final OT:ICEFALL report, Forescout Vedere Labs presents three new vulnerabilities and concludes the project after one year of research following the original disclosure. The OT:ICEFALL research, including 61 vulnerabilities affecting 13 vendors, has yielded three key insights into the current state of OT product security.

Kubernetes “crossed the adoption chasm” in 2021 after 5.6 million developers used it to orchestrate their containers, according to the Cloud Native Computing Federation (CNCF). The annual CNCF survey recorded that an impressive 96% of organizations were either contemplating or outright using Kubernetes. However, Kubernetes becomes more appealing to hackers and malefactors as it becomes more popular.

Progress has recently raised concerns about multiple vulnerabilities in their MOVEit Transfer secure managed file transfer solution. These vulnerabilities have been publicly disclosed within the past several weeks, and the most recent one was reported on June 15, 2023. Notably, the latest vulnerability is claimed to be a zero-day SQL injection vulnerability. If exploited by an attacker, these vulnerabilities can lead to unauthorized access to the MOVEit Transfer database.

New disclosures regarding the widespread exploitation of CVE-2023-34362, a new vulnerability affecting the MOVEit file transfer software, and the Cl0p ransomware group’s claim of responsibility for its widespread exploitation and the resulting data theft, have continued in the weeks since the vulnerability’s original publication.

In the past two weeks, three new vulnerabilities in the the MOVEit file transfer software have been discovered, including one over the weekend. The MOVEit file transfer software is used by around 1700 organizations worldwide. As in most cases when supply chain modules are being compromised, the impact is lethal as big companies such as the BBC and Zellis have been targeted.

Applications of machine learning have grown exponentially over the past few years and with it, the possibilities of malicious attacks targeting it through any vulnerabilities present.

Every news article about a threat group or attack floods the reader with classifications: nation-state groups, hacktivists, cyberterrorists, etc. But how can we define who is what? How can we differentiate between said categories? How should we deal with potential classification overlaps? Especially in the ever-evolving cyberwarfare realm, how can we approach these closely rooted phenomena?