CISA | OSG: Bits, Bytes and Packets

Category Archives: CISA

CISA: Weakness in Chirp Systems may pose problems for “smart lock” homes.

April 15, 2024 – 2:49 pm
Posted in Android, Attacks, CISA, Cyber security, Endpoint Security, HAck, Skimming, Smartphones, Vulnerability
Tagged API, APK, Chirp Systems, CVSS Score: 9.1, key fob, krebsonsecurity.com, low attack complexity, plain text, Realpage, Smart Lock
Leave a Comment

https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak

U.S. Federal Agencies and other countries release advisory that Russian Foreign Intelligence Service (SVR) is exploiting vulnerability in Jetbrains TeamCity globally

December 13, 2023 – 5:50 pm
Posted in Attacks, CISA, Community, Computers and Internet, Cyber security, HAck, Insider threat, Malware, Supply Chain, Supply Chain Attack, Technology, Vulnerability
Tagged APT 29, Authentication bypass, Cozy Bear, CVE-2023-42793, Dukes, IOCs, JetBrains, Nobelium, TeamCity
Leave a Comment

According to CISA, FBI, NSA, Polish Military Counterintelligence, CERT Polska, and UK’s National Cyber Security Centre, Russian actors known by names including APT 29 are and have been exploiting servers hosting JetBrains TeamCity software since at least September, 2023. This software is used for software compilations, including building, testing and releasing software. The potential impact is pretty large, including supply chain operations (think Solarwinds). The article details IOCs

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Click to access aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf

Joint advisory

https://nvd.nist.gov/vuln/detail/cve-2023-42793

Ivanti Connect Secure/Pulse Secure

December 9, 2023 – 5:05 pm
Posted in Attacks, Business Continuity, CISA, Computers and Internet, Cyber security, Exploit Warning, Patch Available, Technology, VPN, Vulnerability Management
Tagged Bleepingcomputer.com, Ivanti, Ivanti Connect Secure, Pulse Secure
Leave a Comment

If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.

Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US

Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=

Zero-Day in Progress MOVEit file transfer software allows SQL Injection attack to gain access, create files, and data exfiltration

June 2, 2023 – 9:21 am
Posted in Attacks, Breaking, CISA, Computers and Internet, Cyber security, Exploit Warning, HAck, IOCs available, Patch Available, Privacy Alert, Technology, Vulnerability, Vulnerability Management, Zero Day
Tagged Bleeping Computer, File Transfer, human.aspx, human2.aspx, huntress.com, MOVEit, MOVEit Transfer SaaS, MySQL, PII, Privilege escalation, Progress Software, RCE, SQL Injection, Unauthorized Access, Webshell, wwwroot folder, X-siLock-Comment
Leave a Comment

There are ~2,500 MOVEit servers available on the internet as of 6/1/2023. This is still developing. There are plenty of sources out there and it looks like these attacks started as resent as 5/27/2023.

https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response

https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/

https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/