CISO Daily Update - April 11, 2024
CISO Daily Update

CISO Daily Update - April 11, 2024

NEW DEVELOPMENTS

AT&T Now Says Data Breach Impacted 51 Million Customers

Source: Bleeping Computer

AT&T contacted 51 million past and current customers of a data incident in which their personal information was exposed on a hacking forum. AT&T first denied ownership of the exposed data, but later recognized it. Although the leak affected nearly 70 million individuals, AT&T confirmed that 51,226,382 customers were affected. Names, email addresses, phone numbers, social security numbers, and other information were exposed beginning in June 2019. AT&T has not disclosed how the data was taken or why confirmation took nearly five years.

Article Link


X Fixes URL Blunder That Could Enable Convincing Social Media Phishing Campaigns

Source: The Register

In a security lapse, the social media platform X (formerly Twitter) implemented a flawed rule that automatically changed any mention of "Twitter" in URLs to "X," even in potentially malicious links. For example, “NetfliTwitter[.]com” would automatically change to “Netflix[.]com” on the platform. As such, this issue would allow bad actors to create convincing phishing campaigns by displaying legitimate-looking URLs that redirect users to malicious sites. The issue went unresolved for several hours before being fixed.

Article Link


Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Source: The Hacker News

Threat actors are exploiting GitHub's search functionality to trick developers into downloading malicious repositories that contain malware. They create fake repositories with popular names and topics, and use techniques like automated updates and fake stars to boost search rankings and deceive users. The malware is designed to download next-stage payloads from a remote URL, and in some cases, it can divert cryptocurrency transactions to attacker-owned wallets. Developers should exercise caution when downloading source code from open-source repositories and not solely rely on reputation as a metric for trustworthiness.

Article Link


Malicious PowerShell Script Pushing Malware Looks AI-Written

Source: Bleeping Computer

A recent cybersecurity incident involving the distribution of the Rhadamanthys information stealer in Germany highlights the emergence of AI-generated malicious PowerShell scripts. Researchers at Proofpoint identified a threat actor targeting numerous organizations with a malicious PowerShell script likely created with AI assistance. The script is distributed via phishing emails, impersonates the Metro cash-and-carry brand, and executes the Rhadamanthys payload in memory to bypass traditional detection methods.

Article Link


Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data

Source: Darkreading

A sophisticated phishing campaign is targeting Windows users with malicious invoice emails. These emails contain SVG file attachments that unleash a multi-layered attack when opened. Obfuscated scripts and tools like ScrubCrypt and BatCloak cloak the attackers' activities, allowing them to bypass detection and deploy the data-stealing malware VenomRAT. This malware grants remote access to attackers to steal sensitive information and potentially download additional malicious plugins for further malicious activities.

Article Link


Telegram Dismisses Claims of ‘High-risk’ RCE Bug in its Desktop Application

Source: The Cyber Express

Telegram dismissed claims of a 'high-risk' remote code execution (RCE) vulnerability in its desktop application–refuting allegations made by CertiK, a blockchain security firm. Despite CertiK's warnings regarding potential exploitation through specifically crafted media files, Telegram asserts that the video proof of the alleged vulnerability is likely a hoax. The company encourages users to report any vulnerabilities through its bug-bounty program, offering rewards ranging from $100 to $100,000.

Article Link


Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Source: The Hacker News

Threat actors discovered a new method to distribute the Raspberry Robin malware–spreading it through malicious Windows Script Files (WSFs) since March 2024. These malicious WSF files function as downloaders to retrieve the main DLL payload but first perform anti-analysis checks and configure Microsoft Defender exclusions to evade detection. This latest campaign demonstrates the evolving tactics of Raspberry Robin which has expanded from USB-based distribution to also delivering other payloads like SocGholish, Cobalt Strike, and ransomware variants.

Article Link


Researchers Resurrect Spectre v2 Attack Against Intel CPUs

Source: Security Week

Researchers from the VUSec cybersecurity group at VU Amsterdam developed a new variation of the Spectre v2 attack that can target the latest-generation Intel CPUs–including the Linux kernel. The attack, dubbed "Branch History Injection (BHI)," bypasses existing hardware and software mitigations by leveraging newly discovered kernel-level "gadgets" that can be exploited. The researchers created a "InSpectre Gadget" tool that automatically identifies exploitable gadgets. Additionally, the VUSec cybersecurity group demonstrated the attack's ability to leak sensitive data like root password hashes at a rate of 3.5 Kb/sec. In response, Intel updated its guidance on mitigation methods, though future processors are expected to address the BHI attack in hardware.

Article Link


VULNERABILITIES TO WATCH

Multiple Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code

Source: Cyber Security News

Fortinet fixed many vulnerabilities in FortiOS and FortiProxy, including administrator cookie leakage, arbitrary code execution, and sensitive information exposure. These vulnerabilities are identified as CVE-2023-41677, CVE-2023-48784, and CVE-2024-23662s. Severity varies from medium to high, with potential implications including unauthorized data access and arbitrary code execution. Users are encouraged to upgrade to the most recent versions to mitigate these risks.

Article Link


Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

Source: The Hacker News

A critical vulnerability named "BatBadBut" in the Rust standard library exposes Windows systems to command injection attacks–a critical risk with a 10.0 CVSS score. This flaw (CVE-2024-24576) affects versions of Rust prior to 1.77.2 and arises when batch files are invoked with untrusted arguments. Attackers can exploit this vulnerability to execute arbitrary shell commands by bypassing the escaping mechanism in the Rust standard library. Implementing best practices for command execution on Windows such as restricting access to batch files and validating input is critical in preventing potential attacks.

Article Link


SPECIAL REPORTS

Top MITRE ATT&CK Techniques and How to Defend Against Them

Source: Darkreading

Command and scripting interpreters (T1059) and phishing (T1566) dominate the field of MITRE ATT&CK techniques–as highlighted by D3 Security's analysis of over 75,000 recent cybersecurity incidents. Malicious scripts constitute the most common attack method and were utilized in 52.22% of incidents–commonly written in PowerShell and Python. Phishing, encompassing general and spear-phishing, follows at 15.44%. Defenders can focus on mitigating these threats by implementing thorough incident response plans, education and awareness campaigns, multifactor authentication (MFA), and vigilant security monitoring.

Article Link


Women Experience Exclusion Twice as Often as Men in Cybersecurity

Source: Infosecurity Magazine

A new report by Women in Cybersecurity (WiCyS) and DEI firm Aleria found that women in cybersecurity experience exclusion at a rate twice as high as men across various categories–including respect, career growth, access, and recognition. The main sources of exclusion were leadership and direct managers, with women citing a "glass ceiling" in their careers around the 6-10 year mark. However, companies that partner with WiCyS showed 49% fewer instances of exclusion and 64% higher employee satisfaction, highlighting the tangible business benefits of addressing these disparities through inclusive policies. The report reinforces the need to create more equitable and supportive work environments for women in the male-dominated cybersecurity industry.

Article Link


What’s Going On With the National Vulnerability Database?

Source: Cybersecurity Dive

The National Vulnerability Database (NVD), the federal government's repository for cybersecurity vulnerability data, is struggling to keep up with the rapidly increasing number of software and hardware flaws being disclosed. As such, a growing backlog is affecting security professionals, researchers, and vendors who rely on the authoritative NVD data. Faced with a record-breaking 33,000 vulnerability disclosures in 2022, a 318% increase since 2005, the National Institute of Standards and Technology has had to scale back NVD operations and prioritize only the most severe or actively exploited flaws–resulting in less comprehensive coverage and problems downstream as the cybersecurity community deals with the NVD's temporary slowdown and long-term sustainability challenges.

Article Link

要查看或添加评论,请登录

Marcos Christodonte II的更多文章

  • Rethinking Enterprise Cybersecurity Strategies in an Era of Change

    Rethinking Enterprise Cybersecurity Strategies in an Era of Change

    As businesses race to embrace AI, evolve their business models, and navigate the complexities of digital…

    2 条评论
  • CISO Daily Update - December 19, 2024

    CISO Daily Update - December 19, 2024

    NEW DEVELOPMENTS Hacker Leaks Cisco Data Source: Security Week IntelBroker leaked 2.9 GB of data allegedly stolen from…

    3 条评论
  • CISO Daily Update - December 18, 2024

    CISO Daily Update - December 18, 2024

    NEW: Watch the replay of my keynote on Leveraged Cybersecurity: Staying Ahead of (Not Behind) the Pace of Change:…

  • CISO Daily Update - December 16, 2024

    CISO Daily Update - December 16, 2024

    NEW DEVELOPMENTS Rhode Island Says Personal Data Likely Breached in Social Services Cyberattack Source: TechCrunch A…

    1 条评论
  • CISO Daily Update - December 13, 2024

    CISO Daily Update - December 13, 2024

    NEW DEVELOPMENTS US Bitcoin ATM Operator Byte Federal Suffered a Data Breach Source: Security Affairs US Bitcoin ATM…

  • CISO Daily Update - December 12, 2024

    CISO Daily Update - December 12, 2024

    NEW DEVELOPMENTS Security Arteries Burst: 446K Exposed in Vein Treatment Center Breach Source: Cybernews The Center for…

  • CISO Daily Update - December 11, 2024

    CISO Daily Update - December 11, 2024

    NEW DEVELOPMENTS Breach of Booking Giant Sabre Exposes Tens of Thousands Source: Cybernews A ransomware attack on…

    1 条评论
  • CISO Daily Update - December 10, 2024

    CISO Daily Update - December 10, 2024

    NEW DEVELOPMENTS One Email to Expose Them All: Single User Breach Exposes Data of 11K Children Source: Cybernews A…

  • CISO Daily Update - December 9, 2024

    CISO Daily Update - December 9, 2024

    NEW DEVELOPMENTS Anna Jaques Hospital Ransomware Breach Exposed Data of 300K Patients Source: Bleeping Computer Anna…

  • CISO Daily Update - December 6, 2024

    CISO Daily Update - December 6, 2024

    NEW DEVELOPMENTS Researchers Uncover 4-Month Cyberattack on U.S.

社区洞察

其他会员也浏览了