Ivanti Connect Secure/Pulse Secure

If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.

Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US

Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=

60 Credit Unions affected by ransomware in likely supply chain attack

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

Related Articles

https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html

https://abc7.com/ransomware-attack-in-us-credit-union-outages-trellance-cyberattack-ncua/14133374/

https://www.msn.com/en-us/money/other/60-us-credit-unions-offline-after-ransomware-infects-backend-cloud-outfit/ar-AA1kRVhA

The city of Long Beach California suffers a cybersecurity event and shuts down IT systems to contain.

https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/

It’s still not just you… Outlook.com suffering outages again today. Microsoft says the issues are “technical”. Hacktivist group takes claim.

https://www.bleepingcomputer.com/news/microsoft/outlookcom-hit-by-outages-as-hacktivists-claim-ddos-attacks/

Vulnerability in cPanel leaves widespread exposure

https://www.cyber.gov.au/about-us/alerts/widespread-exposure-vulnerability-cPanel

https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/

If you haven’t patched GoAnywhere Managed File Transfer (MFT) do it right now (Though it might be too late).

https://www.securityweek.com/goanywhere-zero-day-attack-hits-major-orgs/

LastPass completes investigations into their most recent breaches and shares findings. You can read them below but we’ll detail them in coming days about necessary actions

https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/

Booking.com (function(d, sc, u) { var s = d.createElement(sc), p = d.getElementsByTagName(sc)[0]; s.type = ‘text/javascript’; s.async = true; s.src = u + ‘?v=’ + (+new Date()); p.parentNode.insertBefore(s,p); })(document, ‘script’, ‘//cf.bstatic.com/static/affiliate_base/js/flexiproduct.js’);

CISA released a script to recover VMWare ESXi servers impacted by ESXiArgs ransomware

https://www.bleepingcomputer.com/news/security/cisa-releases-recovery-script-for-esxiargs-ransomware-victims/

The recover script
https://github.com/cisagov/ESXiArgs-Recover/blob/main/recover.sh

HHS warns hospitals about ROYAL Ransomware attacks

Click to access royal-ransomware-analyst-note.pdf

CISA: Vulnerabilities in Veeam Backup and Replication are being exploited

https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.html