Microsoft Azure Issues Due to Spikes in Traffic?
Microsoft users had trouble accessing Azure on June 12, which the company linked to spikes in network traffic. It used load balancing to restore service.
However, Cybersecurity Dive reports that Microsoft has been investigating possible DDoS attacks from the group Anonymous Sudan, which claimed responsibility for outages to OneDrive and Microsoft 365.
Action Items:
- Check Microsoft service health if you can’t access your services. Problems may be due to scheduled maintenance.
- Follow Microsoft Zero Trust guidance to safeguard critical data.
- Review your backup policies to ensure that you have a plan in place for continual access to Teams, Outlook, and other data.
Fortinet Releases Security Updates
Fortinet released updates aimed at correcting a heap-based overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. These vulnerabilities could allow an attacker to take control of a system.
Action Items:
- Upgrade to a new ForitOS or FortiProxy version as recommended by Fortinet
- Review information from Fortinet that provides details on how the FortiOS vulnerability may have been exploited in attacks.
Ransomware: Just How Bad Is It?
Veeam released its 2023 Global Ransomware Trends report based on findings from 3,000 cyberattacks. The report states that 85 percent of organizations have been victimized by ransomware in the past 12 months. That’s a 12 percent increase over 2022.
Additionally, 21 percent of organizations have discovered that ransomware is excluded from their security insurance, and 74 percent saw their premiums increase. Also, about 40 percent of companies have a do-not-pay policy, but 80 percent have paid ransom.
Action Items:
- Educate your clients and your team on cybersecurity best practices.
- Backup data, including immutable or air-gapped backups that can help restore data quickly without paying a ransom.
Insights from the Verizon 2023 DBIR
One of the key findings from the Verizon 2023 Data Breach Investigations Report is that a whopping 74 percent of data breaches involve the human element, including social engineering, errors, or misuse. Additionally, 50 percent of social engineering attacks are pretexting – sharing stories to gain a victim’s trust — about double last year’s occurrence.
Action Items:
- Learn more about the threats to specific sectors in the SMB report and the public sector report.
- Watch the DBIR webinar Applying the Findings that can help you strengthen your cybersecurity strategy.
Industrial Control System Advisories
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued new alerts for industrial control systems. Attackers can exploit these vulnerabilities to steal data and take over equipment control. Review these alerts and take action on behalf of your clients and your business.
 Action Items:
- ICSA-23-159-01 Atlas Copco Power Focus 6000
- ISCA-23-159-02 Sensormatic Electronics Illustra Pro Gen 4
New CVEs Released in June
More than 20 common vulnerabilities and exposures (CVEs) were published from June 1 to June 9, 2023. Several deal with Chamilo v. 1.11, which may give students arbitrary access and allow them to alter another student’s note, contains a cross-site scripting vulnerability, and has an additional issue that allows attackers to execute server-side request forgery (SSRF).
Additionally, the Percona Monitoring and Management (PMM) server 2.x before 2.37.1 does not properly formalize and sanitize URL paths to reject path transversal attempts. This allows remote users to access restricted API routes.
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. This vulnerability can allow an attacker to execute code on a host by copying data that will be executed as code.
Also, an SQL injection vulnerability was discovered in the MOVEit Transfer web application that could allow attackers to access the database. CISA reports it’s been exploited by the CL0P Ransomware gang.
Action Items:
- See the entire list of new CVEs – and explore previously published CVEs at CVE Details.
- Don’t be a statistic: the average time to fix severe vulnerabilities is 256 days. Address new vulnerabilities as quickly as possible.
