CISO Daily Update - August 1, 2024
NEW DEVELOPMENTS
DDoS Attack Triggers New Microsoft Global Outage
Source: Infosecurity Magazine?
A Distributed Denial-of-Service (DDoS) attack caused a 10-hour global outage of Microsoft services on July 30, 2024, including Outlook and Azure. Microsoft admitted that an error in its DDoS protection measures exacerbated the attack's impact. The outage affected numerous organizations, including banks and utility services. Microsoft plans to release a Preliminary Post Incident Review within 72 hours to provide further details.?
Ransomware Attack on Major US Blood Center Prompts Hundreds of Hospitals to Implement Shortage Protocols
Source: The Record
A ransomware attack disrupted operations at OneBlood, one of the largest U.S. blood centers–reducing capacity and activating critical shortage protocols at over 250 hospitals. The attack severely impacted its ability to collect, test, and distribute blood. OneBlood is working with cybersecurity experts and authorities to address the breach and assess potential impacts on donor data.
CrowdStrike Faces Lawsuits From Customers, Investors
Source: Security Week
CrowdStrike faces lawsuits from investors and customers following a faulty update that caused global outages on July 19, affecting 8.5 million Windows devices. The incident hit sectors like aviation and healthcare, resulting in significant financial losses with Delta estimated to have lost $500 million. A class action lawsuit from investors alleges misleading statements about product updates and potential risks. Despite these legal challenges, CrowdStrike may be shielded from major financial impact due to liability limits in software licenses and existing insurance.
Phishing Attack Steals Donations from Trump Voters Using Fake Website
Source: Hackread
A phishing campaign targeting Trump supporters is soliciting fake cryptocurrency donations via deceptive websites mimicking legitimate platforms. Israeli cybersecurity firm Veriti traced some activity back to China, with scammers exploiting cryptocurrencies' novelty and perceived security. The campaign has been active since May 21, 2024, and is designed to look like official donation pages. Users are advised to verify URLs, research the legitimacy of donation sites, and be wary of unsolicited emails and urgent appeals to avoid falling victim to this scam.
Fraud Ring Pushes 600+ Fake Web Shops via Facebook Ads
Source: Bleeping Computer
A fraud campaign dubbed "ERIAKOS" promotes over 600 fake web shops through Facebook ads–aimed at stealing personal and financial information from visitors. These sites feature significant discounts on popular products and are only accessible via mobile devices to evade detection. Recorded Future traced the operation to China, with the campaign continuously generating new ads for freshly created sites. The ads often include fake user testimonials to enhance credibility. Although Facebook occasionally blocks these ads, the short-lived nature of the domains helps maintain the campaign's effectiveness. Users are advised to research thoroughly before purchasing on unfamiliar sites to avoid scams.
Meta to Pay Texas $1.4bn for Unlawful Biometric Data Capture
Source: Infosecurity Magazine
Meta agreed to pay Texas $1.4 billion for unlawfully capturing the biometric data of millions of Texans without consent–marking the largest privacy settlement in US history. The lawsuit was initiated in 2022. It accused Meta of violating the Texas Capture or Use of Biometric Identifier (CUBI) Act and The Deceptive Trade Practices Act through its Tag Suggestions feature on Facebook. Meta will stop the data capture practice and make payments over five years while also considering future investments in Texas.
领英推荐
DigiCert Revoking Many Certificates Due to Verification Issue
Source: Security Week
DigiCert is revoking numerous TLS certificates due to a domain validation issue where some certificates did not include an underscore prefix in CNAME records as required. This problem affects about 0.4% of domain validations and could disrupt websites, apps, and services. DigiCert has instructed impacted customers to replace their certificates within 24 hours, and CISA has advised checking accounts for non-compliant certificates to prevent disruptions.
VULNERABILITIES TO WATCH
Multiple SMTP Servers Vulnerable to Spoofing Attacks, Let Hackers Bypass Authentication
Source: Cyber Security News
Vulnerabilities CVE-2024-7208 and CVE-2024-7209 in multiple hosted, outbound SMTP servers allow attackers to spoof email identities by bypassing DMARC, SPF, and DKIM policies. This can lead to widespread email impersonation and significant reputational and financial damage. The vulnerabilities stem from weaknesses in SMTP protocol authentication and verification mechanisms. Organizations should implement stricter verification measures, ensure consistent sender identity checks, and use independent DKIM facilities to safeguard email communications. Swift action is needed to maintain email integrity and security.
20,275 VMware ESXi Vulnerable Instances Exposed, Microsoft Warns of Massive Exploitation
Source: Cyber Security News
A critical vulnerability in VMware ESXi hypervisors (CVE-2024-37085) has exposed 20,275 instances to potential ransomware attacks. With a CVSS score of 6.8, this authentication bypass flaw allows attackers with sufficient Active Directory permissions to gain complete administrative control over domain-joined ESXi hypervisors. Multiple ransomware groups, including Storm-0506 and Octo Tempest, have actively exploited this vulnerability, leading to system encryption and disruption of hosted virtual machines. Microsoft advises enforcing multifactor authentication, isolating privileged accounts, and enhancing the security posture of critical assets to protect against these ransomware attacks targeting VMware ESXi systems.
Chrome 127 Improves Cookie Protection on Windows
Source: Security Week
Google’s Chrome 127 update enhances cookie protection on Windows by introducing Application-Bound Encryption, which ties browser data encryption to specific apps to prevent unauthorized access. This update also addresses three vulnerabilities: a critical issue in Dawn (CVE-2024-6990) and two high-severity bugs in WebTransport and Dawn (CVE-2024-7255, CVE-2024-7256). While there’s no evidence of these vulnerabilities being exploited, users are advised to update their browsers to improve security.
Credential Disclosure in LastPass
Source: Certitude
Certitude identified a vulnerability in the LastPass browser plugin susceptible to a clickjacking attack that could expose user credentials on unencrypted HTTP pages. The attack involved intercepting traffic and tricking users into manually selecting credentials, which attackers could harvest. Despite reporting the issue to LastPass in October 2022 and resubmitting it in March 2023, LastPass rejected the issue citing program terms. The vulnerability has since been fixed.
SPECIAL REPORTS
U.S. Customs and Border Protection Issues Guide for Travelers on Facial Recognition Opt-Out
Source: The Cyber Express
The United States Customs and Border Protection (CBP) issued a guide outlining how travelers can opt out of facial recognition technology at ports of entry. While CBP promotes the technology's fast processing and safety benefits, noting that it has processed over 540 million people and prevented 2,000 deceptive entries, it recognizes that some US residents may prefer not to participate. The booklet outlines alternate processing alternatives for local and international travelers, often including manual document inspection by CBP personnel. This approach balances the agency's demand for improved security measures and respect for individual privacy rights. CBP emphasizes that participation is optional and that privacy standards are followed, including restricted data retention for US individuals.
Finding value in this newsletter? Like or share this post on LinkedIn