CISO Daily Update - July 16, 2024
NEW DEVELOPMENTS
AT&T Paid a $370,000 Ransom to Prevent Stolen Data From Being Leaked
Source: Security Affairs
AT&T paid a $370,000 ransom to prevent the leak of phone call and text message records for 110 million people. The breach was attributed to a hacker living in Turkey and involved data hosted on AT&T’s Snowflake database. The stolen data includes call logs and text interactions from 2022-2023 but excludes call content and personal details; the data was reportedly deleted following the ransom payment. This incident was part of a larger attack affecting over 150 companies with poorly secured Snowflake accounts. The hacker initially demanded $1 million but settled for less.??
Data of Millions of mSpy Customers Leaked Online
Source: Security Week
A massive data breach at spyware company mSpy exposed over 310 GB of sensitive user information–including 2.4 million email addresses and personal data spanning a decade. Hacktivists leaked the data from mSpy's Zendesk support system, revealing customer details, support tickets, and attachments containing financial information and personal photos. The breach affected a wide range of users, including high-ranking military personnel, law enforcement, and even potential surveillance targets. The leak marks mSpy's third major data breach since 2015.?
6 Million Records of Pinterest Database Leaked – What’s Inside!
Source: Cyber Press
A data breach affecting Pinterest exposed 6 million user records on popular data leak forums. The leaked database contains 60 million rows of data, including email addresses, usernames, user IDs, and IP addresses. Pinterest has not yet released an official statement, but cybersecurity experts urge users to take immediate protective actions such as changing passwords and enabling two-factor authentication.?
Attackers Exploit URL Protections to Disguise Phishing Links
Source: Infosecurity Magazine
Cybercriminals are exploiting legitimate URL protection services to disguise phishing links. These attackers are using compromised accounts to rewrite phishing URLs–making them appear safe and bypassing traditional email security measures. This tactic is known as conversation hijacking and allows cybercriminals to impersonate account owners and infiltrate email communications for credential harvesting. The use of trusted URL protection services gives users a false sense of security and increases the risk of falling for these phishing scams.
ZDI Shames Microsoft For – Yet Another – Coordinated Vulnerability Disclosure Snafu
Source: The Register
Microsoft faces criticism from Trend Micro's Zero Day Initiative (ZDI) for mishandling the disclosure of a zero-day exploit in MSHTML. ZDI claims they reported the vulnerability in May, but Microsoft patched it in July without crediting them–instead attributing the discovery to Check Point Research. ZDI warns that this trend could discourage researchers from reporting bugs to vendors, potentially putting end-users at risk. The problem extends beyond Microsoft and affects various software companies–emphasizing the need for improved transparency and collaboration in vulnerability disclosure and management across the industry.
领英推荐
Facebook Ads for Windows Desktop Themes Push Info-Stealing Malware
Source: Bleeping Computer
Cybercriminals are using Facebook business pages and ads to distribute the SYS01 password-stealing malware through fake Windows desktop themes. Trustwave researchers found that these ads also push pirated software and games. Threat actors create new Facebook pages or hijack existing ones to deceive users. Clicking on these ads redirects users to sites hosting the malware that, once downloaded, steals browser cookies, saved credentials, and cryptocurrency wallets. The campaign is not confined to Facebook; similar tactics are used on LinkedIn and YouTube. Trustwave emphasizes the need for vigilance in social media usage.
CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool
Source: The Hacker News
The CRYSTALRAY hacker group infected over 1,500 victims using an open-source network mapping tool. Their activities involve mass scanning, exploiting multiple vulnerabilities, and deploying backdoors to harvest and sell credentials, install cryptocurrency miners, and maintain persistence. Concentrated in the U.S., China, and several other countries, the attacks leverage tools like SSH-Snake for lateral movement and various open-source tools to scan for vulnerabilities in services like Apache ActiveMQ and Atlassian Confluence. The attackers use legitimate frameworks and reverse shell managers to control compromised environments and remove competing cryptocurrency miners.
VULNERABILITIES TO WATCH
Juniper Junos Flaw Let Attackers Gain Full ‘Root’ Access
Source: Cyber Security News
A critical vulnerability in Juniper Junos OS Evolved allows attackers to gain full root access–significantly threatening business infrastructures and operations. Despite low-level permissions, attackers can exploit the CLI parsing mechanism. Juniper Networks released patches for versions 20.4R3-S7-EVO through 23.2R1-EVO to address the issue, urging organizations to update immediately to mitigate risks.
WP Time Capsule Plugin Update Urged After Critical Security Flaw
Source: Infosecurity Magazine
Security researchers identified a critical vulnerability in the Backup and Staging by WP Time Capsule plugin, affecting versions 1.22.20 and below. This WordPress plugin is used by over 20,000 sites and had a flaw in its authentication mechanism that allowed unauthorized users administrative access. Discovered by Patchstack, the issue involved a logical error in the plugin's code that attackers could exploit via manipulated JSON-encoded POST data. The developers released version 1.22.20 to address the flaw, but a more effective fix was implemented in version 1.22.21 on July 12. Users are urged to update immediately to secure their sites.
SPECIAL REPORTS
Pressure Mounts for C-Suite Executives to Implement GenAI Solutions
Source: Help Net Security
A recent survey reveals the complex landscape of GenAI adoption in the corporate world. While 87% of C-Suite executives feel pressured to implement GenAI solutions rapidly, 76% express excitement about its potential benefits. However, concerns persist about resource allocation and potential AI backlash. The survey highlights a preference for collaboration with trusted partners (60%) over in-house development (20%), emphasizing the importance of combining technology, AI, and human expertise. Key implementation risks include security, output accuracy, and data privacy. Despite challenges, GenAI's staying power is evident, with 75% of employees already using AI at work.
Finding value in this newsletter? Like or share this post on LinkedIn
Chief Information Security Officer| Board Member | Advocate | Ally
4 个月Great update!
Threat Hunter | Host & Network Forensics | Malware Analysis | SANS Author (FOR528) & Instructor | CactusCon Crew | PluralSight Author
4 个月I quite like these. Keep up the good work!