As we reported earlier this morning, telecommunications firms in the U.S. and other parts of the world have been persistently targeted by Chinese state-backed threat operation Salt Typhoon, also known as RedMike, in attacks exploiting the Cisco IOS XE privilege escalation bugs, tracked as CVE-2023-20198 and CVE-2023-2027, which could facilitate device takeovers, reports SC Media.
RedMike has already attempted to exploit over 1,000 vulnerable Cisco appliances worldwide, and the threat actor also sought to compromise universities in the U.S., Mexico, Argentina, Bangladesh, Indonesia, Thailand, Vietnam, and the Netherlands.
These actions indicate parallel cyberespionage and intelligence gathering efforts, an analysis from Recorded Future's Insikt Group showed.
In response, a Cisco spokesperson told MSSP Alert, "We are aware of new reports that claim Salt Typhoon threat actors are exploiting two known vulnerabilities in Cisco devices relating to IOS XE. To date, we have not been able to validate these claims, but continue to review available data. In 2023, we issued a security advisory disclosing these vulnerabilities along with guidance for customers to urgently apply the available software fix. We strongly advise customers to patch known vulnerabilities that have been disclosed and follow industry best practices for securing management protocols."
Advisories from Cisco and the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) also highlight the risks of improperly configured network devices and stress the importance of securing device management interfaces exposed to the public-facing internet.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. CyberArk acquires Zilla Security: Identity security firm CyberArk has acquired Boston-based Zilla Security, a cloud-native identity governance and administration startup, in a deal worth up to $175 million. The deal includes $165 million in cash and a $10 million earn-out contingent on performance milestones, the companies said in a statement. Zilla’s co-founders, CEO Deepak Taneja and Nitin Sonawane, along with their team, will join CyberArk. Zilla’s flagship products — Zilla Comply and Zilla Provisioning — will be integrated into CyberArk’s Identity Security Platform as standalone offerings.
2. Astaroth phishing kit targets popular authentication services: Hackread reports Microsoft, Gmail, Yahoo, and other authentication services' login credentials are being targeted by the newly emergent Astaroth phishing kit, which leverages an evilginx-style reverse proxy enabling man-in-the-middle attacks while evading two-factor authentication. Astaroth distributes malicious links that redirect to a seemingly legit site to gather login credentials, SlashNext found. Astaroth also offers bulletproof hosting, support and updates for users. The phishing kit can be purchased for $2,000 on Telegram.
3. TekStream launches shared SOC, cybersecurity workforce development training: TekStream, in partnership with AWS and Splunk, is launching a 'Whole-of-State' approach to cybersecurity workforce development. The shared Security Operations Center (SOC) model uses Splunk’s SIEM/SOAR technology as the foundation of the model and is powered by AWS’s cloud infrastructure services. The technical foundation is paired with TekStream’s expertise in automation and threat intelligence, and provides real-time threat monitoring and rapid incident response. The framework has already been adopted by institutions like the New Jersey Institute of Technology, Austin Independent School District and more.
4. Salvador Tech launches IR platform based on NVIDIA BlueField-3 DPUs: Cybersecurity resilience and incident response firm Salvador Tech this week introduced its Edge-Recovery Platform for Operational Technology (OT) and Industrial Control Systems (ICS). The platform is powered by NVIDIA BlueField-3 DPUs, and enables instant recovery from cyber incidents—reducing downtime from hours or days to just seconds, the company said. The platform also offers advanced malware and vulnerability detection.
5. BlackFog launches anti-data exfiltration solution for macOS: This week, BlackFog launched an anti-data exfiltration (ADX) solution for macOS, expanding protection beyond Windows, Android, and ChromeOS. The new ADX solution macOS edition offers coverage for all Apple devices running macOS Ventura or later.
