CISO Daily Update - August 26, 2024
NEW DEVELOPMENTS
Halliburton Forced to Take Systems Offline to Contain Cyberattack
Source: The Record
Halliburton was targeted by a cyberattack that required the business to shut down some systems to contain the incident–disrupting activities at its Houston headquarters. In an SEC filing, Halliburton disclosed that attackers obtained access to certain parts of its networks and that the company is conducting an investigation with outside assistance. Employees were told not to connect to the internal network as a precaution. The attack is part of a larger trend against oil and gas corporations, which are regularly targeted because they are willing to pay ransoms.
U.S. Department of Justice Alleges Cybersecurity Failings By Georgia Tech
Source: The Cyber Express
The U.S. Department of Justice sued Georgia Tech and its research arm for failing to meet critical cybersecurity standards in Department of Defense contracts, potentially compromising national security. The lawsuit is backed by a whistleblower complaint, and alleges Georgia Tech did not develop a required system security plan until 2020 and falsely reported a cybersecurity compliance score to the DoD. The case is part of the Civil Cyber-Fraud Initiative.
Audit Finds Notable Security Gaps in FBI’s Storage Media Management
Source: Bleeping Computer
An audit conducted by the Department of Justice's Office of the Inspector General (OIG) revealed severe flaws in the FBI's handling of electronic storage media containing sensitive and classified information. Inadequate storage media monitoring and labeling, insufficient physical security during destruction, and gaps in internal controls were among the main findings. The OIG suggested better tracking methods, correct categorization labeling, and physical security. The FBI acknowledged these concerns and is developing a new protocol to address them–to include establishing protective storage cages and surveillance.
Qilin Ransomware Upgrades and Now Steals Google Chrome Credentials
Source: Hackread
The Qilin ransomware evolved to steal Google Chrome credentials, significantly expanding its attack capabilities. Researchers from Sophos discovered this tactic while investigating the Synnovis breach where Qilin harvested credentials stored in Chrome. Organizations are urged to enhance security by implementing multi-factor authentication, robust endpoint protection, regular data backups, and timely patching of all systems.
Microsoft to Host Security Summit After CrowdStrike Disaster
Source: Ars Technica
Following a major global IT outage caused by a faulty CrowdStrike update last month, Microsoft is planning a security summit to enhance Windows’ resilience to third-party software errors. The company is exploring ways to improve system stability, to include potentially restricting kernel access which could impact the functionality of third-party security products. Scheduled for September 10, the summit will involve government officials and cybersecurity firms to discuss measures for improving system security and resilience. Critics argue that such changes could disadvantage third-party vendors and alter Microsoft's competitive landscape.
American Radio Relay League Confirms $1 Million Ransom Payment
Source: Bleeping Computer
The American Radio Relay League (ARRL) confirmed paying a $1 million ransom to recover from a ransomware attack that occurred in May 2024. The attack affected 150 employees and caused ARRL took systems offline. Although the organization has not officially linked the attack to a specific group, reports suggest the Embargo ransomware gang was involved. The ransom payment, covered largely by insurance, was made to obtain a decryption tool. Most systems have been restored, with full recovery expected within two months.
领英推荐
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures
Source: The Hacker News
The founder of Telegram Pavel Durov was arrested in France due to concerns over the platform's lack of content moderation. Authorities allege that Telegram has become a haven for criminal activity, including drug trafficking, child pornography, and fraud.? Telegram, with over 950 million monthly active users, has been criticized for becoming a hub for cybercriminals.?
VULNERABILITIES TO WATCH
U.S. CISA Adds Versa Director Bug to Its Known Exploited Vulnerabilities Catalog
Source: Security Affairs
CISA added a Versa Director vulnerability (CVE-2024-39717) to its Known Exploited Vulnerabilities catalog, urging federal agencies to address it by September 13, 2024. This flaw, with a CVSS score of 6.6, allows authenticated administrators to upload malicious files via the “Change Favicon” feature in Versa Director’s GUI. Exploitation was confirmed in one instance where firewall guidelines were neglected. CISA emphasizes the importance of addressing this vulnerability to prevent potential attacks, recommending that private organizations also review and mitigate similar risks.
Dell Power Manager Vulnerability Allow Attackers Gain Unauthorized Access – Patch Now!
Source: Cyber Security News
Dell Technologies announced a high-severity vulnerability (CVE-2024-39576) in Dell Power Manager versions 3.15.0 and earlier. This Incorrect Privilege Assignment flaw allows low-privileged local attackers to execute code and escalate their privileges. Assigned a CVSS score of 8.8, the vulnerability requires immediate patching. Dell advises updating to version 3.16.0 or later as there are no current workarounds. All users of affected versions should update their software to mitigate potential risks.
SPECIAL REPORTS
Fraud Tactics and the Growing Prevalence of AI Scams
Source: Help Net Security?
The first half of 2024 saw a significant rise in AI-driven deepfake scams, particularly those using voice-cloning technology to impersonate people and organizations. Hiya flagged nearly 20 billion calls as suspected spam during this period, with spam rates exceeding 50% in some regions. The U.S. faced ongoing threats from Medicare and insurance scams, while France and Spain reported high levels of fraud with utility and mobile phone scams being particularly prevalent. Brazil had the highest spam call rate globally, with banking scams being the most common.
The Changing Dynamics of Ransomware as Law Enforcement Strikes
Source: Help Net Security?
Ransomware activity has begun to stabilize in 2024 following a peak in late 2023, with small and medium-sized businesses increasingly targeted. Despite law enforcement takedown successes, the long-term effects on ransomware operations are unclear as groups adapt and evolve. The ransomware-as-a-service (RaaS) model remains prominent, with new affiliates joining established brands due to trust issues from incidents like ALPHV’s exit scam. Additionally, ransomware actors are using edge service exploits and legitimate remote management tools more frequently.
Finding value in this newsletter? Like or share this post on LinkedIn