CISO Daily Update - August 30, 2024

NEW DEVELOPMENTS

IT Engineer Charged For Attempting to Extort Former Employer

Source: Infosecurity Magazine

Daniel Rhyne, a 57-year-old IT engineer from Missouri, was detained and charged with wire fraud, deliberate damage to a protected computer, and extortion after he allegedly tried to blackmail his former employer–an industrial corporation in New Jersey. Between November 8 and November 25, 2023, Rhyne allegedly gained illegal access to the company's networks, changing passwords, deleting accounts, and locking down workstations and servers. He then threatened to shut down 40 servers per day if the ransom of €700,000 ($750,000) in Bitcoin was not paid. Investigators linked the breach to a virtual machine that Rhyne accessed. He may spend up to 35 years in prison and pay $750,000 in fines if found guilty.

Article Link

Hackers Calling Employees to Steal VPN Credentials from US Firms

Source: Hackread

A sophisticated phishing and vishing campaign is targeting over 130 US organizations, using social engineering tactics to steal VPN credentials. Attackers pose as IT support, convincing employees to visit fake VPN login pages via SMS links. Once credentials are entered, including MFA tokens, attackers gain access to the network and can deploy ransomware or steal sensitive data. Researchers at GuidePoint identified several related domain names and IP addresses. Organizations are advised to review VPN logs for suspicious activity and enhance employee cybersecurity awareness to combat these threats.

Article Link

Intel Officials Say They Anticipate More Hacking Attempts as US Election Nears

Source: The Record

Senior U.S. intelligence officials are confident they are better prepared to counter foreign cyberattacks on the 2024 election than in previous cycles, despite a recent breach of Donald Trump’s campaign by Iranian hackers. Gen. Timothy Haugh, head of U.S. Cyber Command and the NSA, highlighted the strong coordination between federal security agencies. CIA Deputy Director David Cohen noted significant improvements since the 2016 election, where the response was more "ad hoc."

Article Link

Telegram CEO Pavel Durov Charged in France for Facilitating Criminal Activities

Source: Security Affairs

French prosecutors charged Telegram CEO Pavel Durov with facilitating various criminal activities on the platform, including the spread of child sexual abuse material (CSAM), organized crime, drug trafficking, and fraud. Following his arrest, Durov spent over eighty hours in police custody before being formally charged on August 28 with twelve offenses–including refusing to provide information for lawful interceptions and complicity in administering an online platform for illicit transactions. He was placed under judicial supervision, required to pay a €5 million bail, and prohibited from leaving France. The charges stem from a judicial investigation in July 2024, focusing on Telegram's alleged lack of moderation, which allowed extremist and malicious activities to increase. Additionally, Durov faces charges related to the provision of cryptographic services that allegedly bypassed regulatory requirements.

Article Link

California Passes Landmark Bill Requiring Easier Data Sharing Opt Outs for Consumers

Source: The Record

California's legislature approved a bill that mandates internet browsers and mobile operating systems to provide an "opt-out preference signal," enabling consumers to easily prevent their data from being shared or sold for targeted advertising. This new feature will streamline the process, allowing users to send opt-out requests to all visited websites with a single click. Building on the California Consumer Privacy Act, the legislation seeks to improve consumer privacy by making opt-out procedures more accessible. If signed by Governor Gavin Newsom, the law could set a new standard for other states and potentially disrupt the online advertising industry.

Article Link

VULNERABILITIES TO WATCH

Unpatched CCTV Cameras Exploited to Spread Mirai Variant

Source: Infosecurity Magazine

Akamai researchers identified active exploitation of an unpatched command injection vulnerability (CVE-2024-7029) in AVTECH CCTV cameras, spreading a Mirai malware variant. This flaw is found in the brightness function of these cameras, which allows remote code execution and has been used in attacks since at least December 2023. The botnet campaign began actively spreading the Corona Mirai variant in March 2024, leveraging the vulnerability to download and run malicious code. Given the absence of a patch, Akamai advises decommissioning affected devices to mitigate the risk.

Article Link

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Source: The Hacker News

Russian state-backed hackers, identified as APT29 (aka Midnight Blizzard), have been exploiting now-patched vulnerabilities in Apple Safari and Google Chrome to deploy information-stealing malware in targeted cyberattacks. Between November 2023 and July 2024, these hackers utilized watering hole attacks on Mongolian government websites to deliver the malware–taking advantage of unpatched devices. The campaigns involved multiple vulnerabilities (CVE-2023-41993, CVE-2024-4671, and CVE-2024-5274), indicating a possible link to commercial surveillance vendors like Intellexa and NSO Group. The attacks primarily aimed to exfiltrate browser cookies and sensitive information from government officials.

Article Link

Proof-of-Concept Code Released for Zero-Click Critical Windows Vuln

Source: The Register

A critical Windows vulnerability (CVE-2024-38063), which scores 9.8 on the CVSS scale, has had its proof-of-concept code released. This flaw allows unauthenticated remote code execution via a specially crafted IPv6 packet. Microsoft patched the issue on August 13, but with the PoC code now available, unpatched systems are at increased risk of exploitation. Users should install the latest updates immediately, as the vulnerability affects Windows 10, Windows 11, and Windows Server systems. Disabling IPv6 is a temporary workaround but may not be feasible for many.

Article Link

Cisco NX-OS Software Vulnerability Let Attackers Trigger DoS Condition

Source: Cyber Security News

Cisco disclosed a critical vulnerability (CVE-2024-20270) in its NX-OS software, affecting the DHCPv6 relay agent feature in certain Nexus switch models. The flaw allows unauthenticated remote attackers to trigger a denial-of-service condition by exploiting improper handling of DHCPv6 RELAY-REPLY messages. Affected devices running vulnerable software versions can be forced to reload–disrupting network operations. Cisco released patches and strongly urges customers to upgrade immediately as no full workarounds exist. While the vulnerability was discovered during support case resolution, with no known public exploits, organizations using impacted Nexus switches should prioritize patching to prevent potential DoS attacks.

Article Link

Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking

Source: Darkreading

Attackers are actively exploiting a critical remote code execution (RCE) vulnerability (CVE-2023-22527) in Atlassian Confluence Data Center and Server environments for cryptojacking. Discovered in January and patched by Atlassian, this flaw is being used to hijack cloud resources for mining cryptocurrencies. Trend Micro identified two main attack vectors: one uses XMRig miners deployed via a public-facing application, while the other involves complex shell scripts and SSH access to spread mining across endpoints and evade detection. Administrators are urged to patch systems promptly, employ network segmentation, conduct regular security audits, and maintain a robust incident response plan to mitigate risks.

Article Link

SPECIAL REPORTS

Surge in New Scams as Pig Butchering Dominates

Source: Infosecurity Magazine

Online scammers are increasingly adapting to run shorter, more impactful scams to evade detection. In 2024, over 43% of cryptocurrency inflows from scams have gone to wallets newly active this year. The average lifespan of these scams has dropped to 42 days, down from 271 days in 2020, as fraudsters shift from elaborate Ponzi schemes to targeted campaigns like pig butchering. Pig butchering scams, which lure victims into fake investments via dating sites, remain highly lucrative, with some operations linked to Myanmar’s "KK Park" generating $100 million year-to-date.

Article Link

Cybersecurity Spending to Surge by 15% to $212 Bn in 2025

Source: The Cyber Express

Global cybersecurity spending is projected to reach $212 billion in 2025, marking a 15% increase from $183.9 billion in 2024. Escalating cyber threats, advancements in AI technology, and a global skills shortage in cybersecurity drive this surge. Key areas of growth include security software, with spending expected to hit $100.7 billion, and security services, which will see the fastest growth at $88.1 billion. Businesses are advised to assess security risks, develop comprehensive strategies, invest in layered security, and consider outsourcing to manage the growing demands and challenges in cybersecurity.

Article Link

Finding value in this newsletter? Like or share this post on LinkedIn