FISA

  The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. BlackBerry's Threat Research and Intelligence team, which spotted the latest campaign in early June 2023, reports that Cuba now leverages CVE-2023-27532 to steal credentials from configuration files. The particular flaw impacts Veeam Backup & Replication (VBR) products, and an exploit for it has been available since March 2023. Previously, WithSecure reported that FIN7, a group with multiple confirmed affiliations with various ransomware operations, was actively exploiting CVE-2023-27532. Cuba attack details BlackBerry reports that Cuba's initial access vector appears to be compromised admin credentials via RDP, not involving brute forcing. Next, Cuba's signature custom downloader 'BugHatch' establishes communication with the C2 server and downloads DLL files or executes c

 Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.\ About CVE-2023-27532 The nature of CVE-2023-27532 has not been explained – Veeam only says that “the vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.” Obtaining encrypted credentials might ultimately allow attackers to gain access to the backup infrastructure hosts, the company noted. The email sent by the company to users notifying them of the flaw and the need to patch also did not offer much insight, but noted that “if you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can also block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.” The email created some confusion with customers, because i

 One of the most challenging aspects of cloud-hosted applications and data is achieving your desired outcome without being shocked by your bill  at the end of the month. Balancing the needs of your business and your proverbial checkbook is not an easy thing. In fact, an entire practice called FinOps – a portmanteau of finance and DevOps – was born just to address this, bringing together business and technical teams to collaborate on efficient and optimized spending, particularly in the cloud. One area where this is of particular importance is cloud backup. We’re dealing with copies of large data sets that are often stored for lengthy periods of time, and all of these consume pay-for-what-you-use compute, storage and networking resources. So, what are some best practices when it comes to cloud backup to meet required service level agreements (SLAs) like RTOs, RPOs and retention without breaking the bank? Right-Sizing All cloud providers offer a wide selection of instance/virtual machine