CISO Daily Update - August 27, 2024
NEW DEVELOPMENTS
Seattle-Tacoma Airport It Systems Down Due to a Cyberattack
Source: Bleeping Computer
Seattle-Tacoma International Airport (SEA-TAC) experienced significant IT system outages over the weekend, likely due to a cyberattack, disrupting reservation check-ins and causing flight delays. The Port of Seattle isolated critical systems to contain the damage and is working with authorities to restore operations. Passengers are advised to check in online, use carry-on luggage, and verify gate details directly with airlines as the airport's website remains down. The FBI is investigating the incident, but no group has claimed responsibility yet.
2 TB of Sensitive “ServiceBridge” Records Exposed in Cloud Misconfiguration
Source: Hackread
A misconfigured cloud server exposed over 31 million sensitive records, totaling 2.68 TB of data, from the field service management platform ServiceBridge. The data included personal information like names, addresses, email addresses, phone numbers, partial credit card details, and HIPAA-related documents. The exposed records date back to 2012 and belong to a wide range of businesses and individuals, including medical providers and schools. After cybersecurity researcher Jeremiah Fowler discovered the exposure, ServiceBridge restricted access to the database, but the duration of the exposure remains unclear.
Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data
Source: Security Week
Patelco Credit Union confirmed a data breach affecting 726,000 customers and employees after the RansomHub ransomware group accessed and stole personal data from its systems. The breach occurred between May 23 and June 29, 2024, and exposed sensitive information including names, social security numbers, driver's license numbers, and email addresses. Although initially believed to impact 500,000 individuals, the number was later updated. The stolen data is currently being auctioned by the ransomware group after failed negotiations.
500k Impacted by Texas Dow Employees Credit Union Data Breach
Source: Security Week
Texas Dow Employees Credit Union (TDECU) notified over 500,000 members that their personal information was compromised in the MOVEit hack orchestrated by the Cl0p ransomware group. The breach exploited a zero-day vulnerability in the MOVEit Transfer software (CVE-2023-34362) and exposed sensitive data, including social security numbers, bank and credit card details, and driver's license numbers. The incident only impacted files transferred via MOVEit, and TDECU's network security remains intact.
AMD Internal Data Reportedly Offered for Sale
Source: The Register
Cybercriminal groups IntelBroker and EnergyWeaponUser claim to have breached AMD's internal communications and are offering the stolen data for sale on BreachForums. The data reportedly includes user credentials, case numbers, and internal communications from a mix of sources. This marks the second alleged theft from AMD in three months, with IntelBroker also claiming responsibility for a previous breach in June involving sensitive AMD data. The veracity of these claims is uncertain, and AMD has yet to comment on the situation. This incident adds to IntelBroker's growing list of high-profile cyberattacks.
Researchers Warn of Text Scams That Send Drivers Fake Bills for Highway Tolls
Source: The Record
Researchers at Symantec identified a surge in highway toll text scams across multiple U.S. states, including Illinois, Florida, North Carolina, and Washington. Cybercriminals are sending malicious SMS messages that mimic state electronic toll collection systems, tricking recipients into paying fake charges through fraudulent websites. These scams are not only stealing money but also collecting sensitive personal and financial information. The fake websites are designed to appear legitimate, even including CAPTCHAs and targeting specific mobile browsers and geolocations to avoid detection. The FBI has reported over 2,000 smishing cases since March, prompting warnings from state governments.
VULNERABILITIES TO WATCH
SonicWall Warns of Critical Access Control Flaw in SonicOS
Source: Bleeping Computer
SonicWall identified a critical access control vulnerability in its SonicOS, specifically affecting Gen 5, Gen 6, and Gen 7 firewall devices. This flaw (CVE-2024-40766) has a CVSS severity score of 9.3 and could allow attackers to gain unauthorized access to resources or crash the firewall. SonicWall advises updating to the latest firmware versions to mitigate the risk. For those unable to apply updates immediately, it's recommended to restrict management access to trusted sources or disable WAN management access from the internet.?
领英推荐
Hillstone WAF Flaw Allows Dangerous Command Injection Attacks
Source: Cyber Press
Popular web application firewall Hillstone WAF was found vulnerable to command injection attacks. This critical flaw allows attackers to execute malicious code on the underlying system, potentially leading to unauthorized access, data theft, and system disruption. Hillstone released a patch to address the vulnerability, and users are advised to update their WAF software immediately.
Critical Flaws in Traccar GPS System Expose Users to Remote Attack
Source: The Hacker News
Two critical vulnerabilities in the Traccar GPS tracking system, CVE-2024-24809 (CVSS 8.5) and CVE-2024-31214 (CVSS 9.7), were disclosed. These path traversal flaws could allow unauthenticated attackers to execute remote code by exploiting the system's default configurations when guest registration is enabled. The vulnerabilities relate to how Traccar handles device image uploads, potentially allowing attackers to overwrite files on the system and execute malicious code. Traccar versions 5.1 to 5.12 are affected, but the issues have been mitigated in Traccar 6, released in April 2024, which disables self-registration by default.
Google Tags a Tenth Chrome Zero-Day as Exploited This Year
Source: Bleeping Computer
Google patched the tenth zero-day vulnerability exploited in the wild this year (CVE-2024-7965), which is a high-severity flaw in Chrome's V8 JavaScript engine. This vulnerability could allow remote attackers to exploit heap corruption via crafted HTML pages. The update follows another recent patch for a similar V8 vulnerability (CVE-2024-7971). Both zero-days were addressed in Chrome version 128.0.6613.84/.85, now available for Windows, macOS, and Linux. Google has restricted further details until most users have applied the updates.
SPECIAL REPORTS
NSA Releases Guide to Combat Living Off the Land Attacks
Source: Infosecurity Magazine
The NSA released a guide to combat Living Off the Land (LOTL) attacks, focusing on best practices for event logging and threat detection across various environments, including cloud services, enterprise networks, mobile devices, and operational technology (OT) networks. The guide was developed in collaboration with international cybersecurity agencies and emphasizes four key factors: creating an enterprise-approved logging policy, ensuring centralized log access and correlation, securing log storage and integrity, and developing a detection strategy for relevant threats. The guide also cites the Volt Typhoon campaign as a case study of how LOTL techniques are used to target critical infrastructure.
Adversaries Love Bots, Short-Lived IP Addresses, Out-of-Band Domains
Source: Help Net Security
The Fastly Threat Insights Report reveals a surge in cyberattacks, with 91% targeting multiple customers through mass scanning–up from 69% in 2023. Bots account for 36% of internet traffic, while attackers increasingly use short-lived IP addresses and out-of-band domains to exploit vulnerabilities and evade detection. High-tech industries remain the most targeted, though the focus has shifted slightly. The report emphasizes the need for proactive security measures to anticipate and counter these evolving threats.
GenAI Buzz Fading Among Senior Executives
Source: Help Net Security?
The Deloitte report, "The State of Generative AI in the Enterprise: Now decides Next," reveals a shift in GenAI adoption among senior executives. While 67% of organizations are increasing their investment in GenAI, enthusiasm among top executives is waning, with interest declining by 11 percentage points for senior executives and 8 points for boards since Q1 2024. Challenges such as data quality, investment costs, and regulatory concerns are prominent, with 75% of organizations enhancing data management investments. Effective measurement and integration of GenAI into business functions are crucial for maintaining executive support and realizing its potential benefits.
Finding value in this newsletter? Like or share this post on LinkedIn