CISO Daily Update - August 21, 2024
NEW DEVELOPMENTS
Cybercriminals Siphon Credit Card Numbers From Oregon Zoo Website
Source: The Record
Cybercriminals infiltrated the Oregon Zoo's website and stole credit card information on over 100,000 individuals. Transactions were redirected from the zoo’s online ticketing service. The breach affected transactions from December 2023 to June 2024, exposing personal data, credit card numbers, CVV codes, and expiration dates. The zoo discovered the attack in June and has since notified affected individuals. This incident is part of a larger trend of payment-skimming attacks targeting e-commerce platforms–contributing to a surge in compromised card data sold on dark web marketplaces.
Columbus Officials Warn Victims, Witnesses After Ransomware Leak of Prosecutor Files
Source: The Record
Columbus officials warned crime victims and witnesses of potential threats after the Rhysida ransomware group leaked data stolen from the city's prosecutor’s office. Following a July 18 attack, the leak exposed sensitive information and raised concerns about the safety of individuals escaping abusive or dangerous situations. Despite initial claims that citizen data was secure, Columbus Mayor Andrew Ginther acknowledged that personal information was compromised. The city is collaborating with the FBI on recovery efforts.
Carespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 Patients
Source: Security Week
Carespring Healthcare Management disclosed a data breach that affected nearly 77,000 patients? and exposed personal and medical information including names, dates of birth, social security numbers, medical details, and health insurance data. The breach was discovered in October 2023 but investigated for nine months. The ongoing investigation has linked the breach to ransomware groups with Carespring's data appearing on multiple leak sites.
Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach
Source: Infosecurity Magazine
The New Jewish Home, a non-profit healthcare organization serving senior citizens, notified over 104,000 individuals of a significant ransomware breach that occurred earlier this year. The breach was discovered in January 2024–potentially exposing sensitive information such as names, social security numbers, and medical records. Although there is no evidence of fraudulent use, the organization is offering affected individuals complimentary credit monitoring and identity protection services. The ransomware group ALPHV/BlackCat claimed responsibility for the breach, though the organization has not confirmed this.
FBI Investigation Confirms that Iran Hackers Behind Trump Campaign Hack
Source: Cyber Security News
In collaboration with ODNI and CISA, the FBI confirmed that Iranian hackers were behind a recent cyberattack on former President Donald Trump’s campaign. This attack is part of Iran's broader strategy to exploit societal tensions and influence electoral outcomes–reflecting similar tactics used in previous elections by both Iran and Russia. The intelligence community has observed increasingly aggressive Iranian cyber activities targeting presidential campaigns from both major political parties. The FBI is actively working to track these threats and enhance cybersecurity measures to protect the integrity of the electoral process.
Digital Wallets Can Allow Purchases With Stolen Credit Cards
Source: The Register
Researchers identified vulnerabilities in major digital wallets like Apple Pay, Google Pay, and PayPal, which could allow stolen or canceled credit cards to be used for unauthorized transactions. The flaws involve downgrading authentication checks and weak token refresh policies. Attackers can exploit these issues by adding stolen card details to a digital wallet using basic authentication methods, which can then be used even if the card is subsequently canceled. The researchers reported these vulnerabilities in April 2023, and while some fixes are underway, others remain unaddressed.
VULNERABILITIES TO WATCH
Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites
Source: Cyber Security News
A critical vulnerability (CVE-2024-5932) in the GiveWP WordPress plugin, used by over 100,000 sites, allows unauthenticated attackers to perform Remote Code Execution (RCE) due to unauthenticated PHP Object Injection. This flaw has a CVSS score of 10.0, and affects all versions up to 3.14.1. The vulnerability arises from improper input sanitization–enabling attackers to inject malicious PHP objects via the 'give_title' parameter. StellarWP released a patch (version 3.14.2) on August 7, 2024. WordPress site administrators are urged to update immediately to prevent potential exploitation.
领英推荐
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
Source: The Hacker News
CISA added a critical Jenkins vulnerability (CVE-2024-23897) to its Known Exploited Vulnerabilities catalog due to exploitation in ransomware attacks. This path traversal flaw, with a CVSS score of 9.8, allows unauthenticated attackers to read arbitrary files and potentially execute code. Disclosed in January 2024, it was addressed in Jenkins versions 2.442 and LTS 2.426.3 by disabling the command parser feature. Recent attacks attributed to the IntelBroker and RansomExx groups have exploited this flaw, impacting companies like BORN Group and Brontoo Technology Solutions. Federal agencies are required to apply fixes by September 9, 2024.
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus
Source: Security Week
F5's August 2024 security notification addresses nine vulnerabilities in BIG-IP and NGINX Plus, including four high-severity flaws: CVE-2024-39809, which allows unauthorized access after logout; CVE-2024-39778, causing denial-of-service; CVE-2024-39792, leading to performance degradation with the MQTT filter module; and CVE-2024-41727, resulting in resource consumption issues on specific hardware. Patches are available for these issues, and F5 recommends applying updates or using mitigations such as restricting access or disabling problematic modules. No active exploitation has been reported.
Oracle Netsuite Misconfiguration Could Lead to Data Exposure
Source: Security Affairs
Researchers from AppOmni found that thousands of Oracle NetSuite e-stores are vulnerable due to misconfigured access controls on Custom Record Types (CRTs)--risking exposure of sensitive customer information like addresses and phone numbers. This issue stems from CRTs with "No Permission Required" settings, which allow unauthenticated users to access data through NetSuite’s APIs. Although methods to discover CRT names have been addressed, administrators should tighten access controls, limit public access to sensitive data, and possibly take affected sites offline to prevent further leaks. Recommendations include changing access types and default settings to enhance security.
SPECIAL REPORTS
Organizations Turn to Biometrics to Counter Deepfakes
Source: Help Net Security??
As deepfake threats rise, with nearly half of organizations encountering them, many are turning to biometrics to counter these risks. A global survey by iProov reveals that 75% of solutions to combat deepfakes involve biometric technologies such as facial and fingerprint recognition. While organizations recognize the potential of AI in both creating and combating threats, there's concern that not enough is being done to address deepfakes, which pose significant risks including financial fraud. The study also highlights regional differences in the perception and impact of deepfakes.
Cybercriminals Exploit File Sharing Services to Advance Phishing Attacks
Source: Help Net Security
Cybercriminals are increasingly exploiting popular file-sharing services to carry out sophisticated phishing attacks. These attacks involve posing as trusted colleagues or legitimate file-hosting platforms such as Dropbox or Docusign to trick victims into revealing sensitive information or downloading malware. Over the past year, such attacks have surged by 350%, with many utilizing legitimate domains to avoid detection. The finance industry is particularly targeted, followed by the construction and real estate sectors. The report also highlights the continued rise of business email compromise (BEC) and vendor email compromise (VEC) attacks.
Data for Sale: 75% of US House Members Exposed by People Search Sites
Source: Cybernews
A report by Incogni reveals that the personal information of 75% of US House members is being sold on people search sites, exposing at least 329 representatives. These sites offer extensive details such as home addresses, phone numbers, and property records, making it easier for potential attackers to target them. While some states like Texas and California have laws protecting personal data, they often require individuals to opt out. The exposure is widespread, with certain states having all their representatives listed on these sites.
Finding value in this newsletter? Like or share this post on LinkedIn