CyberWatch by Bureau Veritas: March 2024

VULNERABILITY

Ivanti ICS & IPS 

Two vulnerabilities that affect Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) have been disclosed. Together they allow an unauthenticated user to fully compromise a device. 

• Critical vulnerabilities in Ivanti Connect Secure: CVE-2023-46805 (8.2), CVE-2024-21887 (9.1) & CVE-2024-22024 (8.3)

👉 Read more

Fortinet and VMware

A critical vulnerability that affects Fortinet and VMware products has been reported.

• Critical patches released for new flaws in Cisco, Fortinet, VMware Products: CVE-2024-20252 & CVE-2024-20254 (9.6)

👉 Read more

Outlook Client

A critical vulnerability that impacts Microsoft’s Outlook Client has been reported.

• Critical vulnerabilities in Microsoft products: CVE-2024-21413 (9.8) & CVE-2024-21410 (9.8)

👉 Read more

ATTACK

GPS jamming in the Baltic Sea region

In late December 2023, a coordinated GPS jamming campaign, attributed to Russian electronic warfare operations, disrupted navigation systems in the Baltic Sea region. While the deployment of redundant navigation systems is ongoing, operational impacts were minimized due to organizational countermeasures including seafarer awareness in the affected areas. This situation underscored the importance of robust, multi-modal navigation infrastructure amid geopolitical tensions.

Read more:

👉 Russia's GPS jamming puts aviation, shipping at additional risk as well
👉 GPS-based devices in Baltic states disrupted as Russia jams signals
👉 As Baltics see spike in GPS jamming, NATO must respond
👉 Estonia also affected by end-of-year GPS systems jamming

Iranian spy ship targeted by US cyber operation 

Responding to drone strikes by Iran-aligned factions in Iraq, the US executed a cyber operation targeting Iranian naval vessels collecting intelligence in the Red Sea and Gulf of Aden. The objective was to disrupt the vessels’ transmission of tactical data to Yemen's Houthi insurgents who are implicated in attacks on marine traffic in the region. 

Read more:

👉 US conducted cyberattack on suspected Iranian spy ship, NBC News reports
👉 US Cyberattack Hit 2 Iranian Military Ships in Red Sea
👉 US Conducts Cyberattack Against Iranian Spy Ship Helping Houthis
👉 US Executed Cyberattack on Iranian Spy Ship in Indian Ocean: Officials

PUBLICATION

Volt Typhoon

Volt Typhoon has infiltrated critical infrastructure organizations in the United States, including communication, energy, transportation, water and wastewater systems. The cyberattacks have been said to be strategically positioned towards accessing operational technology assets for potential disruption. A detailed report has been created on the situation by US agencies.

👉 Read the CISA report

RANSOMWARE

Schneider Electric data breach

Schneider Electric, a prominent energy player, has suffered a cyberattack from Cactus ransomware, resulting in the theft of around 1.5 TB from its Sustainability Business division. The stolen data likely includes sensitive information related to customers’ power consumption, and the company’s industrial control and automation systems and its environmental compliance.

👉 Read more