[Some Interesting] Cloud ‘n Sec news: 1st July 22

What’s worth your reading time

Cloud

Azure

Azure Government Secret receives highest Information Categorization

This is great news for US-based government customers of Azure Cloud. The official announcement mentioned:

Azure Government Secret DoD IL6 PA was expanded to include more than 60 cloud services in authorization scope and highest level information categorization as High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x)

This is important news since:

Azure Government Secret is the first and only classified cloud service offering to have received the highest possible DoD IL6 PA at the High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x) information categorization.

Security

Industry

Microsoft Defender Vulnerability Management new feature

The official announcement can be found in the techcommunity.

Today, we are excited to announce that support and reporting on the availability of security updates for CVEs is now in public preview in Microsoft Defender Vulnerability Management.

The announcement highlights how this adds to product:

Before the introduction of this feature, CVEs missing security updates were not shown in the Defender Vulnerability Management portal. Once a customer enables this feature in public preview, these CVEs will be reported in the Inventory and Weaknesses pages.

source: Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public preview — Microsoft Tech Community

Exchange Server 2013 End of Support

Timely reminder to: drink water, exercise and that support of Exchange server 2013 is coming to an end soon.

Just a reminder that Exchange Server 2013 reaches End of Support on April 11, 2023. That’s a little more than 9 months from now.

Exchange Server 2013 End of Support Reminder — Microsoft Tech Community

2022 Common Weaknesses Enumeration (CWE) list available now

CWE, as described in the official document is:

Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.

MITRE has released a list of the top 25 common software vulnerabilities of the past year. They utilize a number of signals from other vulnerability resources, such as CVEs, CVSS and more to get to these results. CISA describes how the list is created:

The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

Definitely worth having in the back pocket for when discussing security with developers.

Threats

Black Basta Group information

Reports from early June indicated that members from the Conti Ransomware group had split up. Apparently, some of them and some others from rEvil have joined forces in a new group, called Black Basta.

Tech Republic reported:

Findings released today by XDR company Cybereason detail the activities of this new gang, along with ways that both companies and individuals can attempt to remain safe against the activities of this newly-formed group.

And

The ransomware employed by Black Basta is a new one, according to Cybereason, which uses double extortion techniques. The gang steals the files of a victim organization, and then threatens to publish the stolen files if the ransom demands are not met.

Lockbit ransomware gang launches Bug Bounty!?

Wonder if this should be under the “industry” section, unfortunately, that is…

Regardless, important to understand what threat actors are doing to improve their payloads and attacks… this is part of it. Bleeping computer reported:

With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.

“We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” reads the LockBit 3.0 bug bounty page.

LockBit is one of the most active ransomware operations, with its public-facing operator actively engaging with other threat actors and the cybersecurity community.

Due to its ongoing adoption of new tactics, technology, and payment methods, it is vital for security and network professionals to stay up to date on the evolution of the operation.

Attacks

AMD hacked?

There seem to be claims of about 450GB of data exfiltrated from AMD in an attack. Bleeping computer reported:

Semiconductor giant AMD says they are investigating a cyberattack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year.

RansomHouse is a data extortion group that breaches corporate networks, steals data, and then demands a ransom payment to not publicly leak the data or sell it to other threat actors.

For the past week, RansomHouse has been teasing on Telegram that they would be selling the data for a well-known three-letter company that starts with the letter A.

Yesterday, the extortion group added AMD to their data leak site, claiming to have stolen 450 GB of data.

Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo

Thank you for reading and leave your thoughts/comments!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andre Camillo

Andre Camillo

Cloud and Security technologies, Career, sometimes Music and Gaming easter eggs. Technical Specialist @Microsoft. Opinions are my own.