14.10.24 Threat Report

Casio Hit by Cyber Attack, Hackers Access Systems Without Permission

Casio Computer Co., Ltd., Japanese electronics company, has confirmed it suffered a serious cyber attack back in October 5, 2023. Hackers managed to break into the company’s network, causing a system failure that disrupted several of its services.

The breach has raised concerns about the safety of sensitive data and personal information. Casio first noticed the attack when its internal systems stopped working properly, which led to a quick investigation. After confirming the attack, the company notified the authorities and brought in cybersecurity experts to help.

Casio has since taken steps to block outside access to its systems and is working with law enforcement to find out who is responsible. The company has also contacted customers affected by the breach and offered support through dedicated help channels. Casio is committed to improving its security to stop future attacks. This includes reviewing how it manages its operations and tightening security across its network.

In an official statement, Casio apologised for the worry and trouble caused by the breach. The company promised to fix the issue and better protect customer data in the future. Casio also plans to strengthen its security measures and continue training its employees on cybersecurity.

Chrome Security Update: Fix for Type Confusion Vulnerabilities

Google has released a critical security update for its Chrome browser, fixing several vulnerabilities, including two serious type confusion flaws in the V8 JavaScript engine. The update brings Chrome to version 129.0.6668.100/.101 for Windows and Mac, and 129.0.6668.100 for Linux, and includes three security fixes reported by external researchers.

The most critical issues, identified as CVE-2024-9602 and CVE-2024-9603, are type confusion vulnerabilities in the V8 engine. If exploited, these flaws could allow hackers to execute arbitrary code on affected systems.

What is Type Confusion? Type confusion happens when a program incorrectly treats data as a different type than intended, leading to unexpected behaviour. This can occur in programming languages like PHP or Perl. If exploited, attackers can use type confusion to corrupt memory and run malicious code.

These high-severity vulnerabilities were reported by researchers Seunghyun Lee (@0x10n), @WeShotTheMoon, and @Nguyen Hoang Thach of Starlabs. Google has not yet shared full details about the flaws to prevent hackers from exploiting them before users update their browsers.

The update also includes other fixes discovered through Google’s internal audits and tools like AddressSanitizer and libFuzzer, which help identify security issues.

To update Chrome, users should go to the Help/About section in the menu, where the latest version will download automatically if available. After downloading, users must restart the browser for the updates to take effect.

With over 3.45 billion Chrome users worldwide, it’s crucial for everyone to update their browsers as soon as possible to avoid data breaches and other cybersecurity risks.

Microsoft Security Updates: 5 Zero-Day Flaws and 118 Vulnerabilities Fixed

In its latest Patch Tuesday release, Microsoft has addressed 118 vulnerabilities across its products, including Windows, Office, Azure, .NET, and Visual Studio. Among these, five are zero-day vulnerabilities, with two already being actively exploited by attackers.

Zero-Day Vulnerabilities

• CVE-2024-43573: A spoofing vulnerability in the Windows MSHTML platform. This flaw allows attackers to manipulate web content, potentially leading users to perform unauthorised actions. It has been connected to previous exploits targeting the MSHTML engine.
• CVE-2024-43572: A remote code execution (RCE) vulnerability in Microsoft Management Console (MMC). This vulnerability can be triggered by malicious MSC files, enabling attackers to run arbitrary code on the targeted system. Microsoft has mitigated this by blocking untrusted MSC files from being opened.

The other three zero-day vulnerabilities are:

• CVE-2024-6197: An RCE vulnerability in Curl, which could be exploited when connecting to malicious servers.
• CVE-2024-20659: A security feature bypass in Windows Hyper-V, potentially compromising virtual machines hosted on UEFI systems.
• CVE-2024-43583: An elevation of privilege vulnerability in Winlogon, which could give attackers SYSTEM-level access.

Other Notable Vulnerabilities

• CVE-2024-38179: An elevation of privilege vulnerability in Azure Stack HCI, which could allow unauthorised control over affected systems.
• CVE-2024-38149: A denial of service (DoS) vulnerability in BranchCache that could disrupt network services if exploited.

Vulnerability Breakdown

• 28 Elevation of Privilege vulnerabilities
• 43 Remote Code Execution vulnerabilities
• 26 Denial of Service vulnerabilities
• 7 Security Feature Bypass vulnerabilities
• 6 Information Disclosure vulnerabilities
• 7 Spoofing vulnerabilities

Microsoft has stressed the importance of applying these updates immediately, especially given the active exploitation of two zero-days. Organisations and users are urged to patch their systems quickly to protect against potential attacks.

For IT administrators, these updates highlight the need for continuous vigilance and timely patching. Regular updates and adherence to cybersecurity best practices are crucial to defend against evolving threats.

Marriott Agrees to $52 Million Settlement After Data Breaches

Marriott International, along with its subsidiary Starwood Hotels & Resorts, has agreed to a $52 million settlement and will implement stronger data security measures following multiple data breaches between 2014 and 2020. These incidents exposed the personal information of hundreds of millions of customers. The Federal Trade Commission (FTC) and state authorities accused Marriott of failing to protect its systems, leading to the theft of sensitive data such as payment card details, loyalty program numbers, and passport information.

The breaches involved several incidents. In 2014, hackers accessed Starwood's systems due to weak security measures like poor firewalls and the lack of multifactor authentication. This breach went unnoticed for over four years, during which attackers stole 339 million records. After Marriott acquired Starwood in 2015, the company conducted a security review but missed the ongoing breach. In 2020, Marriott itself experienced another breach, which affected over five million customer records.

As part of the FTC settlement, Marriott has agreed to improve its cybersecurity practices. This includes adding multifactor authentication, performing regular vulnerability checks, and tightening access controls to prevent future incidents. Marriott is also required to investigate suspicious activities within 24 hours and give customers the option to request the deletion of their personal data. The company will need to submit reports after security incidents and train employees to meet data protection standards.

The $52 million settlement holds Marriott accountable for its cybersecurity lapses, and the company has committed to improving its security measures to better protect customer information in the future.

Hackers Claim Star Health Insurance CISO Sold Customer Data

Hackers have accused, the Chief Information Security Officer (CISO) of Star Health Insurance, of selling them personal data belonging to over 31 million customers. The stolen information, which includes names, birth dates, addresses, phone numbers, PAN card details, and salaries, is being offered for sale at $150,000.

This data breach, one of the largest in India, has raised serious concerns about customer privacy and data security. The hacker, known as xenZen, allegedly shared sensitive information through Telegram chatbots, allowing users to access insurance policy details, claim information, and even medical records.

Reports suggest that xenZen claims to have obtained the data directly from their CISO and has set up a website to sell the information. The full dataset is priced at $150,000, with smaller batches of 100,000 records available for $10,000 each. To prove the data’s authenticity, the hacker posted over 500 sample records, including those of Indian government officials.

The accusations against the CISO are supported by screenshots of emails and a video showing alleged conversations between the hacker and the CISO. These emails reportedly reveal them offering illegal API access to the customer data in exchange for $150,000.

While Star Health Insurance has acknowledged the breach, it downplayed its impact, stating there was "no widespread compromise" and assuring customers that their data is secure. Earlier, the company filed lawsuits against Telegram and an unidentified hacker for leaking customer information.

This breach poses serious risks for the affected individuals, making them vulnerable to identity theft, financial fraud, phishing attacks, and other forms of cybercrime. As investigations continue, Star Health customers are advised to be cautious with emails, calls, or messages related to the company.