Headline
CISA, FBI Offer $10M for Cl0p Ransomware Gang Information
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
The Cybersecurity and Infrastructure Security Agency (CISA) has teamed up with the FBI to offer a $10 million reward to anyone that can offer intelligence on the Cl0p ransomware gang.
The group, a Russian gang that extorts its victims with threats of publishing private data, has racked up hundreds of victims, including agencies within the United States government itself, most recently exploiting various MOVEit vulnerabilities such as CVE-2023-35708, CVE-2023-34362, and CVE-2023-35036.
In a tweet posted by the US Department of State’s “Rewards for Justice” program, the feds announced the award, stating “Do you have info linking Cl0p ransomware gang or any other malicious cyber actors targeting US critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward.”
In addition, the image posted in the tweet reads, “Reward up to $10 million. For information on the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act. Send us your information on Signal, Telegram, WhatsApp, or via our Tor-based tip line below.”
Due to the nature of the cybercrime gang and the possibility of retaliation should anyone come forward with information regarding the group, all messaging systems that the US State Department suggests in the tweet are encrypted.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and&
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.
Categories: Threat Intelligence Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang. (Read more...) The post Ransomware review: July 2023 appeared first on Malwarebytes Labs.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.
These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.
Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 (15.0.3) and other specific fixed versions (stated below). The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. The specific weakness and impact details will be mentioned in a later update to this CVE Record. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The
The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.
By Waqas Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms. This is a post from HackRead.com Read the original post: UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: MOVEit Tags: Transfer Tags: CVE-2023-34362 Tags: BBC Tags: Zellis Tags: BA The first victims of the ongoing attacks on vulnerable MOVEit Transfer instances are coming forward. The Cl0p ransomware gang claims it is behind the attacks. (Read more...) The post Cl0p ransomware gang claims first victims of the MOVEit vulnerability appeared first on Malwarebytes Labs.
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to