LockBit Stumbles but Swaggers On: Is the Ransomware Titan Really Down for the Count?

Dodging the law like a cyber ninja, the LockBit gang claims to have Fulton County’s data, with Trump tea spilling potential. Yet, no leaks post-deadline—did they bluff or did cops trump their card? Infosec intrigue continues!

Hot Take:

Picture this: LockBit’s playing a game of cyber cat-and-mouse, but the cheese might just be a hologram. While they’re busy putting on a brave face and setting up new ransom countdowns, the feds may have snatched their loot right from under their digital noses. And in the world of vulnerabilities, it’s a relatively quiet week, but don’t snooze on those Cisco patches. As for Ivanti, their ‘All Clear’ sign might be more of a ‘Proceed with Caution.’ And let’s not forget, the next big cyber heist could be cloudier than Seattle’s weather forecast—keep those certs under lock and key!

Key Points:

  • LockBit ransomware gang’s still kicking after law enforcement disruptions, but their street cred’s on thin ice.
  • They claimed a ransom was paid by Fulton County, but officials say, “Nope, not us!”
  • Critical vulnerabilities in Cisco’s NX-OS get an 8.6 on the “Patch Me Now” scale.
  • Ivanti’s vulnerability band-aids might not stick, with CISA raising an eyebrow at their effectiveness.
  • “Silver SAML” vulnerability could be the cloud’s Pandora’s box for identity attacks—handle with care!
Cve id: CVE-2024-20321
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 02/28/2024
Cve description: A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.

Cve id: CVE-2024-20267
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 02/28/2024
Cve description: A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.

Need to know more?

LockBit's Game of Bluff

LockBit 2.0, the ransomware that's more relentless than a door-to-door salesman, has been claiming they've been paid off to keep quiet about some allegedly spicy data. But the only thing spicier than the data is the drama, as officials from Fulton County are shaking their heads faster than a teenager denies eating the last slice of pizza. Brett Callow, playing the role of cybersecurity's Sherlock Holmes, suggests that the so-called ransom payment is as real as a unicorn in Times Square.

Cisco's Code Crackers

Over in the land of critical vulnerabilities, Cisco's NX-OS might as well be swiss cheese with two flaws hitting an 8.6 on the Richter scale of "Uh-oh." If you're a fan of network stability and not-so-much of denial-of-service disco parties, you might want to get those patches installed before you become the unwilling host of an attacker's rave.

Ivanti's Integrity Interrogation

Then there's Ivanti, whose Integrity Checker Tool might need a checkup of its own. CISA's basically giving it the side-eye, suggesting it might not be the cybersecurity equivalent of a perfect health check as promised. Ivanti's standing by their tool like a stubborn DIY'er stands by their lopsided shelf—it'll hold up, probably. Maybe. CISA, being the voice of reason, is telling users to keep their guard up. After all, who wants to go down in history as the "I thought it was fine" IT department?

The Cloudy Forecast of Cybersecurity

Finally, let's talk about clouds, but not the fluffy white kind. The next big cyber calamity could be brewing in the cloud, with attackers potentially forging SAML tokens like fake IDs at a college bar. The so-called Silver SAML vulnerability is like the heist movie where the thief doesn't even need to break into the vault—they just replicate the key. Semperis is waving red flags like a matador at a bullfight, urging organizations to guard those precious certs because the potential for havoc is as high as a skyscraper.

Tags: Cisco NX-OS vulnerabilities, CVE-2024-20267, CVE-2024-20321, Ivanti Integrity Checker Tool, LockBit Ransomware, SAML token forging, Silver SAML vulnerability