CISO Daily Update - August 15, 2024
NEW DEVELOPMENTS
Enzo Biochem Ordered to Cough Up $4.5 Million Over Lousy Security That Led to Ransomware Disaster
Source: The Register
Enzo Biochem was fined $4.5 million by three state attorneys general after a 2023 ransomware attack exposed the data of over 2.4 million people. The investigation revealed poor cybersecurity practices, including shared user credentials, lack of multi-factor authentication, and unencrypted sensitive data. The fine will be split between New York, New Jersey, and Connecticut. In response, Enzo has implemented extensive security upgrades, including moving to secure storage, installing EDR systems, and enforcing MFA. The company also adopted a Zero Trust approach to prevent future major incidents.
More Hackers Want to Bite Apple: New Malware in High Demand
Source: Cybernews
With macOS gaining market share, cybercriminals are increasingly targeting Apple devices with infostealers and remote access trojans (RATs). Intel 471 reports that over 40 threat actors are actively seeking or developing malware for macOS, with a significant rise in underground sales of macOS-related exploits. Although ransomware on macOS is less common, the growing interest in Apple devices suggests that more sophisticated attacks, including malware-as-a-service offerings, will continue to increase as criminals see potential in exploiting vulnerabilities and infiltrating user systems.
DNC Credentials Compromised by 'IntelFetch' Telegram Bot
Source: Darkreading
The DNC is facing a new cybersecurity threat as credentials from its state branches were compromised by the Telegram-based bot "IntelFetch," exposing emails and passwords of delegates and party members. A report by ZeroFox noted that this did not appear to be a targeted attack, but the outcome presents risks of unauthorized access to sensitive DNC systems–echoing past incidents like the 2016 Russian APT28 hack. With the DNC convention set for Aug. 19-22, experts warn of foreign cyber threats targeting lower-level individuals to access more influential figures.
Media, Activists, Former USDiplomat Were on Russia-Aligned Phishing Campaigns’ Hit Lists
Source: The Record
Two Russia-aligned phishing campaigns, Coldriver and Coldwastrel, targeted human rights organizations, independent media, and a former U.S. diplomat to steal credentials rather than deploy malware. Coldriver previously targeted high-profile individuals and government entities, while Coldwastrel appears to be a newly identified threat actor with ties to the Russian regime. These personalized phishing attacks pose significant risks to the security of civil society members in Russia, Belarus, and the U.S., potentially leading to surveillance, legal repercussions, or even assassination.
Malware Payloads, Tactics Identified in Active AnyDesk and Microsoft Teams Social Engineering Campaign
Source: The Cyber Express
Security researchers uncovered a social engineering campaign using AnyDesk and Microsoft Teams to compromise systems. Attackers start with an email bomb, then convince victims via Teams to install AnyDesk–allowing them to control the victim’s computer. They deploy various payloads, including credential harvesters and malware like SystemBC and Golang HTTP beacons. Key recommendations include blocking unauthorized RMM solutions, conducting security training, updating systems regularly, and using reputable antimalware software.
Texas Sues GM for Selling Driver Data to Analytics, Insurance Companies
Source: The Register
Texas sued General Motors (GM) for allegedly collecting and selling driver data from 2015 onward without customer consent–violating Texas' privacy laws. GM allegedly sold data, including driving habits and GPS information, to data analytics firms like Verisk, which then licensed it to insurance companies. The lawsuit claims over 16 million customers were affected including 1.8 million Texans. GM has since discontinued some data-sharing services, but the legal battle continues as the company reviews the complaint and investigates further allegations.
Russian Who Sold 300,000 Stolen Credentials Gets 40 Months in Prison
Source: Bleeping Computer
Georgy Kavzharadze, a 27-year-old Russian, has been sentenced to 40 months in prison for selling over 300,000 stolen login credentials on the Slilpp marketplace–facilitating $1.2 million in fraudulent transactions. Kavzharadze listed over 626,100 credentials on the site and accepted Bitcoin for payments. The U.S. Department of Justice, along with international law enforcement, took down Slilpp in June 2021. This case is part of broader efforts to dismantle online markets for stolen credentials following other major takedowns like Genesis Market and BreachForums.
领英推荐
VULNERABILITIES TO WATCH
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days
Source: The Hacker News
Microsoft released patches for 90 security flaws including 10 critical zero-day vulnerabilities, six of which are actively exploited. Notable vulnerabilities include CVE-2024-38189 (Remote Code Execution) and CVE-2024-38193 (WinSock Privilege Escalation). CISA added these flaws to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by September 3, 2024. Other vendors, including Adobe, Apple, Cisco, and Google, also issued security updates in recent weeks to address various vulnerabilities across their products.
SolarWinds Fixes Critical RCE Bug Affecting All Web Help Desk Versions
Source: Bleeping Computer
SolarWinds issued a critical security hotfix for its Web Help Desk (WHD) software to address a remote code execution (RCE) vulnerability (CVE-2024-28986) caused by a Java deserialization flaw. While the vulnerability was initially reported as unauthenticated, SolarWinds could only reproduce it with authentication. With a severity score of 9.8, the flaw affects all versions except the latest, 12.8.3, once the hotfix is applied. Users should update and apply the patch promptly, following the provided instructions to mitigate potential risks.
Adobe Patches 72 Security Vulnerabilities Across Multiple Products
Source: Cyber Security News?
Adobe published fixes to address 72 security vulnerabilities across several products. These upgrades cover popular products including Adobe Illustrator, Photoshop, Acrobat Reader, and others. Users are encouraged to apply the updates as soon as possible to keep their systems secure.
Fortinet, Zoom Patch Multiple Vulnerabilities
Source: Security Week
Fortinet and Zoom issued patches for multiple vulnerabilities, including high-severity issues. Fortinet addressed flaws in FortiOS and other products that could allow unauthorized access and session reuse. Zoom fixed 15 vulnerabilities, including two critical ones affecting privilege escalation and information disclosure in its Workplace apps and Meeting SDKs. Users are advised to update their software to mitigate risks.
ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva
Source: Security Week
Siemens, Schneider Electric, Rockwell Automation, Aveva, and CISA have released ICS Patch Tuesday advisories addressing numerous vulnerabilities. Siemens patched around 50 flaws, including critical issues in SINEC NMS and other products. Schneider Electric and Aveva released advisories for high-severity vulnerabilities affecting SCADA systems, DoS vulnerabilities, and code execution issues. Rockwell Automation addressed arbitrary code execution and DoS flaws in several products. CISA’s advisories primarily cover vulnerabilities in Rockwell and Aveva products.
SPECIAL REPORTS
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals
Source: The Hacker News
DDoS attacks surged 46% in the first half of 2024, reaching 445,000 in Q2, with peak attack power-hitting 1.7 Tbps according to Gcore's report. The gaming and gambling industry remains the top target, accounting for 49% of attacks, followed by technology and financial services. Network-layer attacks primarily affect gaming and telecom, while application-layer attacks disrupt financial services and e-commerce. Most attacks are brief, but some can last hours, requiring robust and responsive mitigation strategies. The trend towards personalized, sophisticated attacks demands advanced defensive measures and international cooperation in cyber defense.
Finding value in this newsletter? Like or share this post on LinkedIn