Welcome to Security Sunday – Week 39, our weekly recap of IT security (September 25 – October 1, 2023).

We’re collecting notable incident and vulnerability reports from the past week.

The University of Defense was attacked by hackers. 750 GB of staff and teacher data was leaked, including financial statements.

The University of Defence in Brno was attacked on Wednesday by the hacker group Monti. The list of allegedly stolen files includes, among other things, files from the e-mail server named after individual staff members and teachers at the university. Also to be included are minutes of meetings, operational documents, financial statements, invoices or alerts of security incidents on the University network.

The stolen information, according to the published list, goes back as far as a decade and may include the names of former students who may be on active duty today.

The hackers have already announced that if they do not agree on a ransom with the university, they will release 750 gigabytes of data during October.

Chinese hackers stole 60,000 US State Department emails

During a recent Senate staff briefing, U.S. State Department officials revealed that attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials located in East Asia, the Pacific, and Europe

In addition, the hackers managed to obtain a list containing all of the ministry’s email accounts

“Going forward, we must strengthen our defenses against these types of cyberattacks and intrusions, and we must take a hard look at the federal government’s reliance on a single contractor as a potential vulnerability,” Senator Eric Schmitt said in a statement.

In July, Microsoft revealed that starting on 15. In May 2023, attackers from the Chinese group Storm-0558 successfully compromised Outlook accounts associated with approximately 25 organizations. Among the organizations attacked are the U.S. Departments of State and Commerce. Microsoft has not disclosed specific details regarding the organisations, government agencies or countries affected by the email breach.

Sony investigates cyber attack while hackers fight over who is responsible

Sony has announced that it is investigating allegations of a cyber attack claimed by various hackers this week.

RansomedVC claims to have infiltrated Sony’s networks during the attack and stolen 260GB of data, which it is trying to sell for $2.5 million.

“We have successfully compromised all of Sony’s systems,” said the RansomedVC page, which included a small sample of the data.

However, the situation is complicated because another attacker named “MajorNelson” has claimed responsibility for the attack and has refuted RansomedVC’s claims.

“RansomedVC are scammers who are just trying to scam you and chase influence. Enjoy the leak.” – announced “MajorNelson”

In contrast to posting a small sample, MajorNelson has released a free 2.4 GB compressed archive containing 3.14 GB of uncompressed data that it claims belongs to Sony.

The attacker states that the dump contains:

  • “lots of logins to internal systems”
  • files related to SonarQube
  • Creators Cloud
  • Sony Certificates
  • Device emulator for license generation
  • and others.

Although the data shared by the attackers appears to belong to Sony, BleepingComputer, which reported on the attack, was unable to independently verify the veracity of the claims made by the two attackers.

Progress Software releases urgent fixes for several critical security vulnerabilities in WS_FTP

Progress Software, the maker of the MOVEit Transfer file sharing platform that has recently been exploited in widespread attacks and data theft, has warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.

The company says its WS_FTP Server secure file transfer software is used by thousands of IT teams worldwide.

Of all the WS_FTP Server security vulnerabilities patched this week, two of them were rated critical, with the one tracked as CVE-2023-40044 receiving a maximum severity rating of 10/10 and allowing unauthenticated attackers to execute remote commands after successfully exploiting a .NET deserialization vulnerability in the Ad Hoc Transfer module.

The second critical vulnerability (CVE-2023-42657) is a directory traversal vulnerability that allows attackers to perform file operations outside of the authorized WS_FTP folder path.

Attackers can exploit the vulnerability without user interaction.

“We recommend upgrading to the highest version, which is 8.8.2. Upgrading to the patched version using the full installer is the only way to fix this issue. You will experience a system crash while performing the upgrade.” Progress warned.

From 27. As of May, Progress is still dealing with the aftermath of a massive series of data theft attacks following the zero-day exploit of the MOVEit Transfer secure file transfer platform by the Cl0p ransomware gang. More than 2,100 organisations and more than 62 million people have been affected by the attacks, according to estimates shared by security firm Emsisoft on Monday.

Interested in cyber security? Check out the next episodes of our weekly magazine Security Sunday Series.