CISO Daily Update - July 11, 2024
NEW DEVELOPMENTS
Debt Collection Agency Says Data Breach Affected More Than 4 Million People
Source: The Record
A major data breach at Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based debt collection agency, potentially exposed the sensitive information of over 4 million individuals. Discovered in February, the breach's impact has updated significantly since initial reports in April. The unauthorized access occurred between February 14-26 and compromised a wide range of personal data including names, social security numbers, driver's license details, and sensitive medical information. FBCS has engaged forensic specialists to further investigate while implementing security improvements.
Unsecured Database Exposed 39 Million Sensitive Legal Records Online
Source: Hackread
An unsecured database belonging to California-based legal support services company Rapid Legal has exposed 38.6 million sensitive legal records online. Discovered by an independent cybersecurity researcher, the database contained court documents, service agreements, payment information, and PII–amounting to 38TB of data. An additional repository linked to Legal Connect held 89,745 records. Exposed files included names, addresses, partial credit card details, and merchant tokens.
33 Million Authy Users Exposed in Authentication App’s Own Security Nightmare
Source: Fox News
Twilio's Authy service suffered a security incident where hackers accessed data associated with 33 million phone numbers–prompting concerns about targeted phishing attacks and SIM swapping. Twilio confirmed the breach stemmed from an exploited, unauthenticated endpoint and emphasized that there is no evidence of further system breaches. Users are advised to update their Authy apps for security patches and remain vigilant against phishing attempts using compromised phone numbers.
Scammers Harness AI and Deepfakes to Sell Bogus ‘Miracle Cures’ on Meta Platforms
Source: The Record
Scammers are exploiting AI and deepfake technology on Meta platforms to promote fake "miracle cures" using celebrity and cloned expert endorsements to target specific demographics globally. Bitdefender Labs' research found over 1,000 deepfake videos and thousands of ads promoting bogus medical supplements. The campaigns use emotional manipulation and fake reviews and often lead to websites designed to deceive consumers. Despite moderation efforts, the scale and adaptability of these scams present challenges, with scammers quickly replacing banned pages to continue their fraudulent activities.
Project 2025 Makers Had Their Data Leaked by “Gay Furry Hackers”
Source: Cybernews
Attackers claiming to be from SiegedSec, a group identifying as "gay furry hackers," leaked data from the Heritage Foundation including user names, email addresses, and hashed passwords–affecting about 5,000 users. The leaked dump originated from late November 2022, and reportedly included outdated password encryption methods–increasing the potential for successful password-cracking attacks.?
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
Source: The Hacker News
A new ransomware group named EstateRansomware is exploiting a vulnerability (CVE-2023-27532, CVSS 7.5) in Veeam Backup & Replication software. Discovered by Group-IB, the group gains initial access via a Fortinet FortiGate firewall SSL VPN using a dormant account, "Acc1," and later establishes RDP connections to deploy a persistent backdoor ("svchost.exe") for further network access. They use the Veeam flaw to create a rogue user account ("VeeamBkp") and conduct network discovery and credential harvesting. The attack culminates in ransomware deployment after disabling Windows Defender.
领英推荐
VULNERABILITIES TO WATCH
Zero-Day Patched by Microsoft Has Been Exploited by Attackers for Over a Year (CVE-2024-38112)
Source: Help Net Security
Microsoft patched CVE-2024-38112, a spoofing vulnerability in the Windows MSHTML Platform that attackers exploited for over a year. This zero-day flaw allowed threat actors to use Windows Internet Shortcut files (.url) to trigger Internet Explorer (IE) to visit malicious URLs–bypassing the more secure Chrome or Edge browsers. By doing so, attackers could gain remote code execution on modern Windows 10/11 systems. Microsoft’s fix prevents .url files from triggering the MHTML: URI handler, and administrators are urged to apply the patch immediately. Users should also be cautious of .url files from untrusted sources.
What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform
Source: Darkreading
The NSA patched a cross-site request forgery (CSRF) vulnerability in its SkillTree training platform (CVE-2024-39326) which was identified by Contrast researchers. This flaw, scoring 4.4 CVSS, could allow attackers to manipulate online lesson content if they tricked an admin-level user into clicking a malicious link. The issue was fixed in a July 2 patch. CSRF vulnerabilities are often missed before production because they don't disrupt normal app functionality and stem from design issues in authentication and sessions rather than code bugs.
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
Source: Infosecurity Magazine
A critical zero-click RCE vulnerability (CVE-2024-38021) in Microsoft Outlook has been patched. Discovered by Morphisec, this flaw could lead to data breaches and unauthorized access without requiring authentication. For trusted senders, it’s zero-click; for untrusted, it needs one-click interaction. Morphisec urged Microsoft to reclassify it as "Critical" due to its high risk. The vulnerability was reported on April 21, confirmed on April 26, and patched on July 9, 2024. Users should update Outlook and Office apps, disable automatic email previews, and implement robust email security measures to mitigate risks.
Citrix Fixed Critical and High-Severity Bugs in Netscaler Product
Source: Security Affairs
Through security updates, Citrix addressed critical and high-severity vulnerabilities in its NetScaler product. These include improper authorization (CVE-2024-6235) and memory buffer restrictions (CVE-2024-6236) that could lead to information disclosure and denial of service, respectively. Fixes also cover privilege management flaws in the Workspace App and Virtual Delivery Agent for Windows (CVE-2024-6286 and CVE-2024-6151), potentially allowing local attackers to escalate privileges to the SYSTEM level. Citrix and CISA warn of exploitation risks, although specific attacks in the wild haven't been disclosed.
SPECIAL REPORTS
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
Source: Infosecurity Magazine
According to Cisco Talos, Ransomware groups are increasingly prioritizing defense evasion tactics to extend their dwell time in networks for data exfiltration. This shift aligns with the double-extortion model where attackers steal sensitive data and threaten its publication. After initial access, they disable security software, modify system settings, and use "living-off-the-land" techniques to blend in with normal operations. Prominent vulnerabilities like CVE-2020-1472, CVE-2018-13379, and CVE-2023-0669 are commonly exploited. To combat these threats, organizations should regularly update systems, enforce strong password policies and MFA, segment networks, monitor security events, and adopt a least-privilege approach.
Finding value in this newsletter? Like or share this post on LinkedIn