CISO Daily Update - April 23, 2024
CISO Daily Update

CISO Daily Update - April 23, 2024

NEW DEVELOPMENTS

Hackers Offering Admin Access to 3000 Fortinet SSL-VPN

Source: Cyber Security News

Hackers claim to have admin access to over 3,000 Fortinet SSL-VPN devices used by organizations worldwide for secure remote network access. The breach was allegedly achieved by exploiting unpatched vulnerabilities–potentially exposing affected companies to data theft, ransomware attacks, and other malicious activities. Administrator access to the VPN devices is being sold on dark web markets; as such, impacted organizations must urgently audit their Fortinet appliances, apply the latest security updates, enhance monitoring for suspicious activity, and bolster employee training of the risk and response actions in a large-scale remote access compromise scenario.

Article Link


Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

Source: Security Week

A series of cyberattacks targeted the water systems of three small rural towns in the Texas Panhandle–one intrusion resulted in an overflow in Muleshoe before being contained. The attacks are attributed to a Russian hacktivist organization named CyberArmyofRussia_Reborn, suspected of having ties to Russian military hackers. This threat actor group previously claimed responsibility for attacks on US and Polish water infrastructure. These targets are attractive to threat actors given their criticality to the infrastructure sector, yet lack of resources or capacity to adopt rigorous cybersecurity practices.

Article Link


Research Shows How Attackers Can Abuse EDR Security Products

Source: Security Week

A SafeBreach security researcher demonstrated how vulnerabilities in Palo Alto Networks Cortex XDR could be exploited to transform it into a malicious tool for deploying ransomware–executing code with high privileges, and maintaining persistence on victim devices. By dissecting the inner workings of Cortex XDR, the researcher identified weaknesses that allowed bypassing file anti-tampering protections, injecting malicious code into security processes, and bypassing anti-tampering protections to load a vulnerable driver. While Palo Alto Networks addressed these issues several months ago, the findings reinforce the potential risks associated with compromising EDR solutions and the need for enhanced security measures to safeguard against such threats.?

Article Link


Microsoft: APT28 Hackers Exploit Windows Flaw Reported by NSA

Source: Bleeping Computer

Microsoft issued a warning about the Russian APT28 threat group exploiting a Windows Print Spooler vulnerability using a new hacking tool called GooseEgg. This tool targets the CVE-2022-38028 vulnerability reported by the NSA, allowing attackers to escalate privileges and execute commands with SYSTEM-level permissions. APT28 deploys GooseEgg to launch additional malicious tools, gain persistence on compromised systems, and execute remote code. The group has targeted government, education, and transportation organizations in Ukraine, Western Europe, and North America. APT28's history includes exploiting zero-days in Cisco routers and using hacked Ubiquiti EdgeRouters to evade detection. They were also implicated in the 2016 DNC hack and faced charges and sanctions for their cyber activities.

Article Link


Alleged Cyberattack on Bureau van Dijk: US Consumer Data Compromised

Source: The Cyber Express

The alleged cyberattack on Bureau van Dijk, a Moody's Analytics subsidiary, was attributed to the threat actor USDoD who claimed it would likely be their last attack. In a farewell post on BreachForums, USDoD bid goodbye to the community and federal agencies, citing personal reasons for stepping away. The attack targeted a US consumer database, comprising sensitive information such as names, emails, and contact details. Despite reaching out to Bureau van Dijk for verification, no official statement has been made. This incident adds to USDoD's history of cyberattacks, including breaches on defense contractor Thales and Airbus in previous years.

Article Link


ToddyCat APT Hackers Deploy Multiple Tools to Hijack Network Infrastructure

Source: Cyber Security News

Recent insights into the operations of the ToddyCat APT group reveal their advanced methods of hijacking network infrastructure to steal sensitive data from governmental organizations across the Asia-Pacific region. Employing sophisticated traffic tunneling and data extraction techniques, ToddyCat automates data harvesting to maintain persistent access to compromised systems. Utilizing tools like PsExec, Impacket, and SoftEther VPN, the group establishes secure tunnels for stealthy data exfiltration. Their toolkit also includes 'cuthead,' a .NET executable designed for document extraction. As ToddyCat evolves, organizations face significant challenges in defending against their sophisticated cyber espionage activities.

Article Link


Family-Owned Music Store Targeted: MEDUSA Ransomware Strikes Ted Brown Music

Source: The Cyber Express

The family-owned Ted Brown Music store has reportedly fallen victim to the MEDUSA ransomware group. A dark web post outlines the attack, detailing the store's history and disclosing 29.4 GB of leaked data. The threat actors demand ransom with escalating prices for delaying data publication or deleting it entirely. The Cyber Express has sought clarification from Ted Brown Music but has yet to receive an official response. This incident reflects the rising threat of cyberattacks in the music industry, with the MEDUSA group emerging as a notable ransomware entity.

Article Link


Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

Source: Infosecurity Magazine

Scammers are capitalizing on the popularity of Telegram and the Toncoin (TON) cryptocurrency through a sophisticated scheme uncovered by Kaspersky researchers. Since November 2023, unsuspecting users globally have been lured into an "exclusive earning program" promising quick riches. Victims are directed to unofficial Telegram bots, coerced into purchasing "boosters," and encouraged to recruit friends to amplify the scam's reach. With Telegram's reported 900 million monthly users, awareness and comprehensive security measures are important to avoid falling prey to such fraudulent schemes.

Article Link


VULNERABILITIES TO WATCH

Dependency Confusion Vulnerability Found in Apache Project

Source: Infosecurity Magazine

A recently discovered dependency confusion vulnerability within an archived Apache project reinforces the need for vigilance when managing third-party dependencies. This particular exploit, known as dependency hijacking, infiltrates vulnerable dependencies in open-source software of archived projects. This vulnerability could allow attackers to execute arbitrary code on the host machine, potentially resulting in remote code execution within a production environment. Apache promptly responded to the report, implementing suggested mitigations to prevent exploitation.

Article Link


Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

Source: The Hacker News

Researchers uncovered Windows flaws enabling threat actors to attain rootkit-like capabilities through the DOS-to-NT path conversion process. SafeBreach revealed that this issue allows unprivileged users to execute malicious actions without admin permissions–including hiding files and processes, affecting prefetch file analysis, and impersonating Microsoft executables. Microsoft addressed three security issues but has yet to fix an elevation of privilege deletion vulnerability. SafeBreach emphasized the significance of addressing known issues to prevent future vulnerabilities, impacting not just Windows but also other software vendors.

Article Link


GitLab Affected by GitHub-Style CDN Flaw Allowing Malware Hosting

Source: Bleeping Computer

A flaw in the way GitHub and GitLab handle files attached to code repositories allows threat actors to host malware on the platforms' content delivery networks (CDNs). By abusing the comment features to upload executables, attackers can create convincing lures–files hosted on CDN URLs under Microsoft, Google, NVIDIA, and other major tech firms' repos masquerading as legitimate software. Despite appearing associated with credible projects, the malicious files reside on the platforms' CDNs rather than the actual repositories. This issue exists on both GitHub and GitLab, enabling deceptive social engineering attacks to distribute malware under the guise of trusted software releases and updates.

Article Link


SPECIAL REPORTS

NSA Launches Guidance for Secure AI Deployment

Source: Infosecurity Magazine

The NSA in partnership with six other federal agencies issued new recommendations on secure AI deployment via its Artificial Intelligence Security Center (AISC). The guidance is divided into three categories: best practices for securing the deployment environment, continuous protection of the AI system, and secure AI operation and maintenance. The recommendations include managing deployment environment governance, verifying AI systems, imposing strict access rules, and establishing comprehensive logging and monitoring. These actions are intended to decrease risks, preserve intellectual property, models, and data, and mitigate potential vulnerabilities related to AI implementation.

Article Link


Zero-Trust Takes Over: 63% of Orgs Implementing Globally

Source: Darkreading?

Gartner's latest research reveals that 63% of organizations globally have integrated a zero-trust strategy into their operations. However, many of these strategies fall short of covering the entirety of an organization's environment. Gartner recommends recognizing the scope of zero-trust implementations, incorporating metrics for success and risk measurement, and considering audience communication. Despite challenges, proper planning and strategic alignment can enhance the effectiveness of zero-trust policies and minimize implementation delays.

Article Link


People Doubt Their Own Ability to Spot AI-Generated Deepfakes

Source: Help Net Security

Recent data from McAfee reveals that 23% of Americans have encountered political deepfakes that they later realized were fake–highlighting widespread concerns about the ability to discern real from AI-generated content. With the increased sophistication of AI technologies, many individuals struggle to distinguish between truth and deception, fueling fears of misinformation and disinformation, particularly in election-related contexts.?

Article Link

Leonard Carlucci

Senior Global HR Systems Analyst at Clinton Health Access Initiative, Inc. & High-EQ ENTP

7 个月

I’ve been looking forward to these updates each day

要查看或添加评论,请登录

社区洞察

其他会员也浏览了