CISO Daily Update - February 23, 2024
NEW DEVELOPMENTS
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data
Source: The Hacker News
The Federal Trade Commission (FTC) fined cybersecurity firm Avast $16.5 million for unlawfully selling consumers' browsing data. The study following Motherboard and PCMag's investigation in January 2020, revealed Avast's role in selling sensitive customer information obtained through its antivirus app without consent. Avast's subsidiary, Jumpshot, sells data on users' web searches, location history, and other browsing activity, revealing personal information such as religious convictions, health problems, and political affiliations. Avast's browser add-ons were deleted from major online browsers after a prior study identified them as spyware. Avast has since suspended Jumpshot's data collection activities and began winding down its operations.?
LockBit Takedown: Police Shut More Than 14,000 Accounts on Mega, Tutanota and Protonmail
Source: The Record
Law enforcement attempts to combat the LockBit ransomware service have closed over 14,000 accounts on third-party services utilized by affiliated criminals. According to LockBit's confiscated dark web domain, affected accounts included Mega, Tutanota, and Protonmail, used for exfiltration or infrastructure purposes. Affiliates–i.e., hackers using the LockBit platform, were discovered to operate these accounts with some tied to operations employing other ransomware versions. The United States Department of State has offered a $15 million reward for information that leads to the arrest or conviction of LockBit gang members or key leaders.
California AG Settles With DoorDash Over Selling Consumer Data Without Notice
Source: The Record
DoorDash and the California Attorney General have settled allegations that the delivery service sold customers' personal data without providing notification or the option to opt-out, violating the state's strict consumer privacy laws known as the California Consumer Privacy Act (CCPA). The corporation allegedly took part in marketing cooperatives, trading consumer personal information with other businesses to collectively build their client bases. The settlement requires DoorDash to pay a $375,000 civil penalty, examine vendor agreements to verify compliance with consumer privacy laws, and produce annual reports to the attorney general's office on the potential sale or sharing of consumer data.
Change Healthcare Cyber-Attack Leads to Prescription Delays
Source: Infosecurity Magazine
Prescription issuing delays have been caused by a cyberattack on Change Healthcare, a division of Optum and a member of UnitedHealth Group, and has impacted pharmacies and patients nationwide. Although the event is ongoing, indications suggest that a cybersecurity matter—possibly a ransomware attack—is to blame for the outage. Prioritizing cyber resilience and strong incident response plans is essential for healthcare companies to lessen the effects of cyberattacks and ensure the continuation of critical services.
Beware Of New AsukaStealer Steal Browser Passwords & Desktop Screens
Source: GB Hackers on Security
AsukaStealer, an updated version of ObserverStealer, has emerged as malware-as-a-service (MaaS), offering extensive features including its ability to collect browser data (cookies, passwords, extensions) from Chromium and Gecko engines, Discord tokens, FileZilla sessions, Telegram sessions, desktop screenshots, Steam Desktop Authenticator application data, and more. The malware's configuration is highly customizable, allowing for tailored targeting of browsers, crypto wallet files, extensions, Discord clients, and more. Researchers found files interacting with a specific IP address flagged by VirusTotal as ObserverStealer, indicating similarities in infrastructure and management between the two malware variants.
New SSH-Snake Malware Abuses SSH Credentials To Spread Itself In The Network
Source: Cyber Security News
SSH-Snake poses a serious threat to network security, actively used by threat actors to automate network traversal and map dependencies by leveraging SSH private keys. The malware employs a bash script that autonomously seeks SSH credentials on systems, replicating itself to spread further and aiding threat actors in ongoing operations. SSH-Snake is designed to self-modify, reducing its size for fileless operation by removing unnecessary functions, comments, and whitespace. It automates the laborious task of discovering SSH-connected systems, saving time and effort for threat actors by autonomously hunting various SSH private keys and scanning bash history for SSH-related commands.
LockBit Ransomware Secretly Building Next-Gen Encryptor Before Takedown
Source: Bleeping Computer
LockBit ransomware developers were in the process of creating a new version of their malware, tentatively named LockBit-NG-Dev or LockBit 4.0, before law enforcement dismantled their infrastructure. This next-generation encryptor, analyzed by cybersecurity company Trend Micro, shows advancements in multi-platform compatibility and encryption techniques, albeit lacking some features present in previous versions.
领英推荐
VULNERABILITIES TO WATCH
Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
Source: Hackread
A critical security vulnerability (CVE-2024-23204) in Apple Shortcuts has been identified by cybersecurity firm Bitdefender as allowing attackers to access sensitive data on macOS and iOS devices without user consent. This vulnerability, rated 7.5/10 in severity, enables attackers to exploit the Transparency, Consent, and Control (TCC) security framework by bypassing Apple's security measures. Users are urged to update their devices to macOS Sonoma 14.3, watchOS 10.3, iOS 17.3, and iPadOS 17.3 to mitigate the risk of exploitation.
Attackers Exploiting ConnectWise ScreenConnect Flaws, Fixes Available for All Users (CVE-2024-1709, CVE-2024-1708)
Source: Help Net Security
ConnectWise has identified and assigned CVE numbers (CVE-2024-1709 and CVE-2024-1708) to two critical vulnerabilities in ScreenConnect. Exploitation attempts have been confirmed, prompting users to patch their systems to version 23.9.10.8817 or higher. The vulnerabilities could lead to remote code execution and have already been exploited in the wild to deliver various malware, including LockBit ransomware.
Wyze Webcam Flaw Let Strangers See Into Some Users’ Homes
Source: Cyber Security News
A privacy nightmare has struck Wyze cameras once again, with dozens of users reporting the ability to view images from strangers' homes through their Wyze apps. According to reports from The Verge, numerous users discovered they could see images from unfamiliar homes through their Wyze apps, sparking serious security concerns. At least 12 users reported encountering thumbnails from cameras they didn't own. This recurrence, marking the fifth incident in under a year, raises concerns about the security of these widely used devices.
Apex Code Vulnerabilities Let Hackers Steal Salesforce Data
Source: GB Hackers on Security
Hackers are exploiting vulnerabilities in Apex code within Salesforce to gain unauthorized access to sensitive data and manipulate systems. Varonis Threat Labs identified vulnerabilities in Apex code across several Fortune 500 companies and government agencies, prompting high and critical severity warnings. Running Apex classes "without sharing" can lead to unrestricted data access and modification, raising risks of insecure data access and vulnerabilities like SOQL injection.
SPECIAL REPORTS
Insurers Use Claims Data to Recommend Cybersecurity Technologies
Source: Darkreading
Insurers are leveraging claims data to incentivize businesses to adopt cybersecurity technologies, with managed detection and response (MDR) services emerging as a key recommendation. Analysis of insurance claims data suggests that companies utilizing MDR providers experience a significant reduction in response time to cyber incidents and mitigate the severity of such incidents. Cyber insurance firm Coalition is considering offering premium discounts based on the deployment of MDR and other effective cybersecurity technologies, focusing on foundational security controls that demonstrably improve security posture.
The Old, Not the New: Basic Security Issues Still Biggest Threat to Enterprises
Source: Help Net Security
IBM's 2024 X-Force Threat Intelligence Index reveals that despite advancements in cybersecurity, basic security issues remain the biggest threat to enterprises. Cybercriminals increasingly exploit valid accounts and focus on obtaining users' identities, leading to significant challenges in detection and response. The report highlights the need for organizations to prioritize fundamental security measures and address vulnerabilities in critical infrastructure.
Helping tech CEOs and HR leaders fix leadership gaps, scale operations, and boost team accountability—without team turnover, leadership fatigue, or constant firefighting ?? Ask me about my Elite Performance Intensive
9 个月Wow, this update covers a lot of ground in the cybersecurity world!