CISO Daily Update - August 2, 2024
NEW DEVELOPMENTS
FBI Warns of Scammers Posing as Crypto Exchange Employees
Source: Bleeping Computer
The FBI issued a warning about scammers impersonating cryptocurrency exchange employees to steal funds from victims. These fraudsters contact potential targets via phone or messages, often creating urgency by claiming account security issues. They aim to trick victims into revealing sensitive information like login credentials, which they then use to access and drain cryptocurrency accounts. To protect themselves, the FBI advises cryptocurrency investors to independently verify the identity of anyone claiming to represent an exchange, avoid responding to unsolicited messages, and never provide login information over the phone. The agency recommends contacting exchanges through official channels if concerns arise and warns against clicking on suspicious links or downloading attachments. This alert follows several recent FBI warnings about various cryptocurrency-related scams.
Pharma Giant Cencora Says Personal Health Data Leaked During February Cyber Incident
Source: The Record
Pharmaceutical giant Cencora confirmed a February cyberattack led to the leak of personal health data from a patient support services subsidiary. An investigation revealed more data was exfiltrated than initially understood. Despite the breach, the company's operations and financial outlook remain unaffected. While the exact number of affected individuals is unknown, Cencora has started notifying victims and regulators. It remains unclear if the incident involved ransomware, though a recent report cited a $75M ransom payment by a Fortune 50 company early in 2024. Cencora was one of the few Fortune 50 companies that reported a cyber event in early 2024.
Employees at Dell, AT&T, Verizon, Capital One, and Other Companies Exposed via Popular Office App
Source: Cybernews
A data leak from office app provider Simpli exposed the credentials of employees from approximately 900 companies and organizations–including Dell, Verizon, AT&T, and Capital One, and government entities such as the Department of Energy. The leak stems from a publicly accessible web directory containing Simpli's website and app database backups. It exposed 10,000 employees' email addresses and hashed passwords, which may be cracked and pose a greater risk if the passwords are reused to access corporate applications/systems.?
DDoS Attacks May Target Election Infrastructure, FBI Warns
Source: Cybernews
The FBI and CISA warn that Distributed Denial of Service (DDoS) attacks may target election infrastructure, potentially disrupting public access to election-related information, but not affecting the security or integrity of the voting process itself. While these attacks could hinder access to voter look-up tools and unofficial election reporting, they do not compromise ballot casting or vote tabulation. Officials have safeguards and response plans in place. Voters should rely on official sources for information and report any suspicious activity or service disruptions to authorities.
Mining Giant Fresnillo Confirms Cyber Security Incident: Operations Continue Normally
Source: The Cyber Express
The largest primary silver and leading gold producer in Mexico Fresnillo plc confirmed a cybersecurity incident involving unauthorized access to its IT systems and data. Despite the breach, the company reports that all business operations continue normally with no material operational or financial impact observed. Fresnillo is investigating the matter in collaboration with cybersecurity experts to understand and address the breach. The company remains committed to transparency and will update stakeholders as more information becomes available.
Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny
Source: Darkreading
Senators Ron Wyden and Edward Markey urged the FTC to investigate automakers like General Motors, Honda, and Hyundai for allegedly sharing driver data without informed consent. The senators argue that these companies obscured their data-sharing practices with third-party data brokers, which resold driver information for profit. The issue highlights broader privacy concerns in the smart car industry where vehicles collect extensive personal data. The lack of comprehensive U.S. privacy laws exacerbates the problem, leading to inconsistent regulations across states. The FTC's ability to drive change may be limited, with stronger impacts potentially coming from EU regulations and consumer advocacy.
领英推荐
Tech Support Scam Ring Leader Gets 7 Years in Prison, $6M Fine
Source: Bleeping Computer
Vinoth Ponmaran, leader of a tech support fraud scheme targeting elderly victims, was sentenced to seven years in prison and fined over $6.1 million. The scam operated from March 2015 to July 2018 and used fake malware alerts to trick 6,500 victims into paying for nonexistent technical support. Ponmaran managed an India-based call center and recruited US-based accomplices to launder proceeds. Co-conspirators Romana Leyva and Ariful Haque were previously sentenced in 2022.
VULNERABILITIES TO WATCH
Homebrew Security Audit Finds 25 Vulnerabilities
Source: Security Week
A recent Trail of Bits audit found 25 vulnerabilities in Homebrew, a popular package manager for macOS and Linux, including issues like path traversals and weak cryptography. While none of the flaws were critical, they could have allowed attackers to load executable code, modify builds, and potentially control CI/CD workflows. Homebrew has resolved 16 issues, addressed three more, and acknowledged six.
Bitdefender Vulnerability Let Attackers Trigger SSRF Attack
Source: Cyber Security News
A critical vulnerability (CVE-2024-6980, CVSS score of 9.2) in Bitdefender's GravityZone Update Server could enable server-side request forgery (SSRF) attacks. This flaw affects versions before 6.38.1-5 and allows attackers to access sensitive internal resources to bypass security controls and gather confidential information. Bitdefender released an automatic update to fix this issue. Users should upgrade to version 6.38.1-5 or later, enable automatic updates, and assess their systems for potential exposure.
Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique
Source: The Hacker News
A critical vulnerability dubbed "Sitting Ducks" is putting over a million domains at risk of hijacking. This attack exploits weaknesses in the Domain Name System (DNS) configuration, allowing malicious actors to take control of domains without accessing the owner's accounts. The technique was first documented in 2016 but is still largely unresolved. It has been used to hijack an estimated 35,000 domains since 2018. Russian-nexus cybercriminals are actively exploiting this vulnerability to stealthily take over domains for malicious purposes such as malware distribution and spam campaigns. The attack stems from incorrect configurations between domain registrars and authoritative DNS providers.
SPECIAL REPORTS
Airlines Are Flying Blind on Third-Party Risks
Source: Help Net Security
Airlines are increasingly vulnerable to third-party cyber risks, spotlighted by recent revelations about Boeing’s supply chain. With new regulatory mandates, such as those from the US TSA and the EU, the industry must enhance its cybersecurity strategies. Despite an average "B" rating in cybersecurity, significant gaps heighten risk–especially among aviation-specific software vendors. Ransomware remains a major threat, and the complex web of partnerships in aviation reinforces the need for robust security measures to prevent disasters.
BEC Attacks Surge 20% Annually Thanks to AI Tooling
Source: Infosecurity Magazine
Business email compromise (BEC) attacks surged by 20% annually, driven by AI tools generating scam messages, according to Vipre Security Group's Q2 2024 report. The firm processed 1.8 billion emails, detecting 226 million spam messages and nearly 17 million malicious URLs, with 49% of blocked spam being BEC attacks. AI-generated BEC attacks accounted for 40% of these, with CEOs, HR, and IT as primary targets. The manufacturing sector was hit hardest, followed by retail and real estate. Enhanced AI-driven defenses and workforce education are essential to combat this growing threat.
Finding value in this newsletter? Like or share this post on LinkedIn
IT Specialist, Software Manager at National Institute of Neurological Disorders and Stroke (NINDS)
7 个月Insightful!