[Some Interesting] Cloud ‘n Sec news: 1st July 22
What’s worth your reading time
Azure Government Secret receives highest Information Categorization
This is great news for US-based government customers of Azure Cloud. The official announcement mentioned:
Azure Government Secret DoD IL6 PA was expanded to include more than 60 cloud services in authorization scope and highest level information categorization as High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x)
This is important news since:
Azure Government Secret is the first and only classified cloud service offering to have received the highest possible DoD IL6 PA at the High Confidentiality, High Integrity, and Customer-determined Availability (H-H-x) information categorization.
Microsoft Defender Vulnerability Management new feature
The official announcement can be found in the techcommunity.
Today, we are excited to announce that support and reporting on the availability of security updates for CVEs is now in public preview in Microsoft Defender Vulnerability Management.
The announcement highlights how this adds to product:
Before the introduction of this feature, CVEs missing security updates were not shown in the Defender Vulnerability Management portal. Once a customer enables this feature in public preview, these CVEs will be reported in the Inventory and Weaknesses pages.
Exchange Server 2013 End of Support
Timely reminder to: drink water, exercise and that support of Exchange server 2013 is coming to an end soon.
Just a reminder that Exchange Server 2013 reaches End of Support on April 11, 2023. That’s a little more than 9 months from now.
2022 Common Weaknesses Enumeration (CWE) list available now
Top 25 Most Dangerous Software Weaknesses list (CWE™ Top 25). This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
MITRE has released a list of the top 25 common software vulnerabilities of the past year. They utilize a number of signals from other vulnerability resources, such as CVEs, CVSS and more to get to these results. CISA describes how the list is created:
The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
Definitely worth having in the back pocket for when discussing security with developers.
Black Basta Group information
Reports from early June indicated that members from the Conti Ransomware group had split up. Apparently, some of them and some others from rEvil have joined forces in a new group, called Black Basta.
Findings released today by XDR company Cybereason detail the activities of this new gang, along with ways that both companies and individuals can attempt to remain safe against the activities of this newly-formed group.
The ransomware employed by Black Basta is a new one, according to Cybereason, which uses double extortion techniques. The gang steals the files of a victim organization, and then threatens to publish the stolen files if the ransom demands are not met.
Lockbit ransomware gang launches Bug Bounty!?
Wonder if this should be under the “industry” section, unfortunately, that is…
Regardless, important to understand what threat actors are doing to improve their payloads and attacks… this is part of it. Bleeping computer reported:
With the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million.
“We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million,” reads the LockBit 3.0 bug bounty page.
LockBit is one of the most active ransomware operations, with its public-facing operator actively engaging with other threat actors and the cybersecurity community.
Due to its ongoing adoption of new tactics, technology, and payment methods, it is vital for security and network professionals to stay up to date on the evolution of the operation.
There seem to be claims of about 450GB of data exfiltrated from AMD in an attack. Bleeping computer reported:
Semiconductor giant AMD says they are investigating a cyberattack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year.
RansomHouse is a data extortion group that breaches corporate networks, steals data, and then demands a ransom payment to not publicly leak the data or sell it to other threat actors.
For the past week, RansomHouse has been teasing on Telegram that they would be selling the data for a well-known three-letter company that starts with the letter A.
Yesterday, the extortion group added AMD to their data leak site, claiming to have stolen 450 GB of data.
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Thank you for reading and leave your thoughts/comments!