[Security News] Norwegian Government Suffers Zero-Day Attack From Critical Ivanti Vulnerability

norwegian government

July 2023

 

1. Norwegian government suffers zero-day attack from critical Ivanti vulnerability

Twelve Norwegian government ministries suffered a cyberattack on July 12, which was later confirmed to be caused by a critical vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) device management software, a popular tool used by organizations to set policies for mobile devices and applications.

The authentication bypass vulnerability (CVE-2023-35078) was assigned a CVSS score of 10 out of 10. The exploitation of the flaw could result in unauthorized access to specific API paths, which gives the intruder direct access to personal information such as names, phone numbers, and other mobile device information.

Ivanti issued patches for the vulnerability on July 24. CISA also added the flaw to its Known Exploited Vulnerabilities (KEV) catalogue, mandating all government agencies to patch the vulnerability by August 15.

The impacted Norwegian government agencies experienced a loss of mobile services during the attack. The Norwegian Security and Service Organization (DSS) said the attack did not affect the Prime Minister’s office, the Ministry of Defence, the Ministry of Justice, and the Ministry of Foreign Affairs.

Despite the severity of the vulnerability, the Norwegian government quickly responded to the attack and kept the news private until patches were released, preventing further exploitations in other industries and countries.

Sources: SC Media, Infosecurity, Bleeping Computer

 

2. Japan’s largest port halts operations for two days after ransomware attack

The Port of Nagoya suffered two days of complete outage after a ransomware attack hit in the early morning of July 4. As the largest and busiest port in Japan, the port handles about 10% of the country’s total trade volume and is used by Toyota to export most of its vehicles, making it a major part of the global supply chain.

The Nagoya Port Authority stated that all container operations across all terminals have been disrupted, leading to a complete halt in the handling of import and export shipments to and from trailers. Shipping companies were informed immediately.

It was later reported by the Japan Times that the culprit behind the attack was the Russian-affiliated LockBit 3.0 ransomware, and that the gang had made a ransom demand in exchange for the decryption key.

The port was closed for two days before operations finally resumed in the morning of July 6, making it the most severe cyberattack the port has ever suffered.

Cyberattacks against crucial transport hubs of the global supply chain have been on the rise, with ports and railways being some of the most preferred targets. It is crucial for the manufacturing and logistics sector to upgrade its IT infrastructure and cybersecurity measures to ensure secure and safe operations.

Sources: The Japan Times, The Asahi Shimbun, The Register

 

3. AMD Zen 2 vulnerability leads to sensitive data exposure on Ryzen CPUs

A new vulnerability was discovered in AMD’s Zen 2 processors, potentially enabling threat actors to steal sensitive data including passwords and encryption keys from a range of Zen 2 processors.

Discovered by Google security researcher Tavis Ormandy, the “Zenbleed” vulnerability (CVE-2023-20593) impacts all CPUs across the AMD Ryzen 3000, 4000U/H, 5000U, and 7020 series, as well as high-end lineups including Threadripper 3000 and EPYC server processors. The flaw was first reported to AMD on May 15 and published on July 24.

According to Cloudflare, Zenbleed does not require physical access to a user’s computer and can be remotely executed through Javascript on a webpage. A successful exploit could allow data to be exfiltrated at a rate of 30 kb per core per second. This is said to be fast enough to steal sensitive data from any software running on the system, including virtual machines, sandboxes, containers, and processes.

AMD released the expected timeline to patch the vulnerability. However, the majority of them have a target date of October 2023 at the earliest.

Sources: AMD, PCMag, The Verge

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security