Fake Proof of Concept for Zero Day Exploits used to Deliver Malware

?? Edwin Kwan, Sydney, Australia ↗
Fake zero-day PoC exploits on GitHub push Windows, Linux malware

The Third SQL Vulnerability Related to Moveit Clop Ransomware Campaign Disclosed

?? Olimpiu Pop, Transylvania, Romania ↗
Third MOVEit Transfer Vulnerability Disclosed by Progress Software
Exclusive: US government agencies hit in global cyberattack
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
Brand-New Security Bugs Affect All MOVEit Transfer Versions
MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) – Progress Community

Barracuda hack is the Chinese

?? Katy Craig, San Diego, California ↗
Barracuda: Customers Must Replace Impacted Email Security Devices ‘Immediately’ | CRN
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant
Chinese spies breached hundreds of public, private networks, security firm says – ABC News

Pokie Huang:

It’s 5:05 on Monday, June 19th, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Olimpiu Pop in Transylvania, Romania, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri. 

Let’s get to it. 

Edwin Kwan: 

This is Edwin Kwan from Sydney Australia. 

When fixing zero day vulnerabilities, you might download a proof of concept script to determine if the vulnerability has been properly addressed. You might do a web search to find the proof of concept and most probably downloaded the program from a GitHub repository.

Beware of who you’re downloading from, as hackers are impersonating cybersecurity researchers on Twitter and GitHub, and publishing fake proof of concept scripts that are actually infected with malware. 

One such example is a fake cybersecurity company named “High Sierra Cyber Security”. Their repositories appear legit as the GitHub maintainers for those repositories are impersonating real security researchers from respected cyber organizations.

 The malware isn’t hosted on the repository, but instead it is downloaded when the script is run. The script targets both windows and Linux machines, so be careful when downloading scripts from unknown repositories as impersonation is always possible. 

 It is imperative that all code be scrutinized for malicious behavior.

Olimpiu Pop: 

It’s impressive how some people work, even if they don’t have to. During the long US Memorial Day weekend, several cyber attacks were targeted against hundreds of organizations. The campaign was built on the zero-day vulnerability in the MOVEit secure file transfer platform. Last week they started exhorting companies by listing their names on a data leak site, threatening to start making it public if ransom was not paid.

This comes as Progress Software, the company building MOVEit, released news related to a third vulnerability. The issue is another SQL injection that could potentially allow unauthenticated attackers to gain access to MOVEit database. 

Representatives of the crime group stated that they are financially motivated and any government related data is quickly deleted.

Nevertheless, quite a few US federal agencies are affected, including the Department of Energy. The Executive Assistant Director of CISA, the US Cybersecurity and Infrastructure Agency, declared that is providing support to several federal organizations that have experience in intrusions affecting the MOVEit applications.

Also, according to him, they are working urgently to understand impacts and ensure timely remediation. Hopefully they’ll manage to find one in a timely manner. 

In the resources section of 505updates.com, you can find all the needed information, including CVE numbers and leaks detailing the exploits.

Olimpiu Pop reported from Transylvania, Romania.

Katy Craig: 

Remember that Barracuda hack that happened last month? It was so bad, Barracuda recommended replacing the appliances instead of patching them. Now we’ve got some tea to spill. 

This is Katie Craig in San Diego, California. 

It turns out suspected state backed Chinese hackers went all in on this one. They used a sneaky security hole in Barracuda’s email security appliance to infiltrate hundreds of organizations worldwide. And get this, nearly one third of them were government agencies. 

We now know who’s behind it. According to Mandiant, the cybersecurity firm on the case, this cyber espionage extravaganza was allegedly orchestrated by a group tied to the People’s Republic of China. Barracuda Networks, the company behind the compromised email security appliance, has been on top of things recommending a complete replacement of affected devices since they first discovered the hack. It’s great to see them taking responsibility and addressing the issue head on. 

Let’s not forget that cyber espionage is a game played by many. The US government has been pointing fingers at China, accusing them of being the top cyber espionage threat. Of course, China isn’t one to back down. They’ve accused the US of hacking into their universities and companies, too.

In today’s world, they’d be stupid not to. 

This is Katie Craig. Stay safe out there.

Pokie Huang:

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Olimpiu Pop, Katy Craig for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.