CISO Daily Update - August 19, 2024
NEW DEVELOPMENTS
Ransomware Attack on Flint Affecting City Services as FBI Investigates Incident
Source: The Record
Flint, Michigan is grappling with a ransomware attack that crippled government services including phone and computer systems. The city is forced to accept only cash or check payments for critical services like water and sewer. The FBI and state attorney general’s office are investigating, but there’s no timeline for restoring systems. Emergency services remain operational, but many other platforms are down. The city, which is still recovering from the 2014-2019 lead water crisis, has seen multiple cyberattacks recently similar to other Michigan municipalities. The IT department is assessing potential data theft, with no responsible ransomware group identified yet.
US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers
Source: Infosecurity Magazine
US lawmakers demand an investigation into Chinese-made Wi-Fi routers–particularly TP-Link–over hacking and espionage fears. Concerns stem from past incidents involving Chinese state-sponsored groups exploiting similar devices, combined with TP-Link's manufacturing in China and potential compliance with Chinese laws. Congress seeks a threat assessment and mitigation plan from the Department of Commerce by August 30.
Large-Scale Extortion Campaign Targets Publicly Accessible Environment Variable Files (.Env)
Source: Security Affairs
A large-scale extortion campaign targeted organizations by exploiting publicly accessible environment variable files (.env), containing sensitive credentials. Palo Alto's Unit 42 researchers discovered that attackers scanned over 230 million targets, compromising 110,000 domains and uncovering 90,000 unique variables with 7,000 linked to cloud services. Using access keys found in unsecured AWS Identity and Access Management (IAM) .env files, the attackers escalated privileges and gained full administrative control within victims' cloud environments. The campaign involved extensive automation, exploiting misconfigured servers rather than cloud provider vulnerabilities. Attackers did not encrypt the data but threatened to leak it if a ransom was not paid.
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda
Source: The Hacker News
OpenAI recently blocked a covert Iranian influence operation dubbed "Storm-2035," which used ChatGPT to generate content focused on the U.S. presidential election and other political issues. The operation targeted both progressive and conservative audiences through social media and fake news websites, though its posts saw little engagement. OpenAI quickly identified and banned the accounts involved. This action aligns with broader efforts by tech companies to counter foreign influence operations ahead of the U.S. elections.
National Public Data Confirms a Data Breach
Source: Security Affairs
Background check company National Public Data confirmed a significant data breach exposing the sensitive personal information of millions of individuals. The leaked data includes names, social security numbers, addresses, and phone numbers. The breach is believed to have occurred in late December 2023, with data exfiltration happening in April and summer 2024. A cybercriminal group offered the stolen database for sale on the dark web containing information on an estimated 2.9 billion people.
T-Mobile Fined $60 Million for Breaches of National Security Agreement
Source: The Cyber Express
T-Mobile's $60 million fine, levied by the Committee on Foreign Investment in the United States (CFIUS), marks a watershed moment in telecom security oversight. The penalty stems from the carrier's failure to safeguard sensitive data and promptly report breaches between August 2020 and June 2021 following its Sprint merger. This record-setting fine reinforces the government's intensifying focus on national security in corporate dealings.?
领英推荐
VULNERABILITIES TO WATCH
7-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk
Source: Hackread
A critical 7-year-old security flaw in the pre-installed Showcase[.]apk app on Google Pixel devices exposed millions of users to potential remote code execution. The app is intended to turn phones into demo devices and holds deep system privileges–enabling attackers to compromise devices via man-in-the-middle attacks and code injection. Despite being disabled by default, the vulnerability raised concerns due to Google's delayed response. Researchers warn that pre-installed apps like these pose significant security risks and complicate user trust.
ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks
Source: Hackread
The ArtiPACKED vulnerability, discovered by Palo Alto Networks’ Unit 42, exposes GitHub Actions workflows to token leaks by improperly handling artifacts including sensitive authentication tokens. GitHub Actions may inadvertently upload tokens through insecure default settings, accidental artifact uploads, or leaked environment variables, making them accessible to attackers. This flaw affects popular open-source projects from companies like Google, Microsoft, and AWS. To mitigate risks, developers must review directories, adjust settings, and minimize token permissions while monitoring for abnormal token usage patterns.
CISA Adds SolarWinds Web Help Desk Bug to Its Known Exploited Vulnerabilities Catalog
Source: Security Affairs
CISA added the SolarWinds Web Help Desk vulnerability (CVE-2024-28986) to its Known Exploited Vulnerabilities catalog. This Java deserialization flaw, with a CVSS score of 9.8, allows attackers to execute remote commands on affected hosts. SolarWinds issued a patch for the Web Help Desk solution, urging all users to upgrade to version 12.8.3 and apply the hotfix. Federal agencies must address this vulnerability by September 5, 2024, as mandated by Binding Operational Directive 22-01. Private organizations are also advised to review and address the vulnerability.
SPECIAL REPORTS
Business and Tech Consolidation Opens Doors for Cybercriminals
Source: Help Net Security
Cybercriminals have intensified their attacks in 2024–capitalizing on security gaps created by growing business and tech consolidation. The rise in mergers and acquisitions (M&A) and reliance on single suppliers for critical services has opened new vulnerabilities. Cyber incidents like those at Change Healthcare and CDK Global demonstrate the devastating downstream effects of interconnected systems. Ransomware remains the top cause of losses, with vendor-driven breaches accounting for a growing share. The manufacturing and construction sectors have seen the largest increases in claims.
Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats?
Source: Darkreading?
Political campaigns in the 2024 US election cycle are more aware of cybersecurity risks than in 2016, with more accessible tools and improved awareness. However, challenges remain, especially for smaller campaigns with limited budgets and fast-paced, short-term operations. Despite increased preparedness, campaigns continue to face significant cyber threats from nation-state actors like China, Russia, and Iran, as well as cybercriminals and hacktivists. Organizations like Defending Digital Campaigns (DDC) are helping by providing security services outside traditional campaign finance laws, but the ever-expanding attack surface—particularly with volunteer-driven operations—remains a critical concern.
Finding value in this newsletter? Like or share this post on LinkedIn
Strategic Information Security Executive |Speaker & Author | Driving Organizational Resilience | Former Law Enforcement | Servant Leader | Mentor I CISM,C|CISO, CDPSE,CLP
3 个月Great advice