CISO Daily Update - July 16, 2024
CISO Daily Update

CISO Daily Update - July 16, 2024

NEW DEVELOPMENTS

AT&T Paid a $370,000 Ransom to Prevent Stolen Data From Being Leaked

Source: Security Affairs

AT&T paid a $370,000 ransom to prevent the leak of phone call and text message records for 110 million people. The breach was attributed to a hacker living in Turkey and involved data hosted on AT&T’s Snowflake database. The stolen data includes call logs and text interactions from 2022-2023 but excludes call content and personal details; the data was reportedly deleted following the ransom payment. This incident was part of a larger attack affecting over 150 companies with poorly secured Snowflake accounts. The hacker initially demanded $1 million but settled for less.??

Article Link


Data of Millions of mSpy Customers Leaked Online

Source: Security Week

A massive data breach at spyware company mSpy exposed over 310 GB of sensitive user information–including 2.4 million email addresses and personal data spanning a decade. Hacktivists leaked the data from mSpy's Zendesk support system, revealing customer details, support tickets, and attachments containing financial information and personal photos. The breach affected a wide range of users, including high-ranking military personnel, law enforcement, and even potential surveillance targets. The leak marks mSpy's third major data breach since 2015.?

Article Link


6 Million Records of Pinterest Database Leaked – What’s Inside!

Source: Cyber Press

A data breach affecting Pinterest exposed 6 million user records on popular data leak forums. The leaked database contains 60 million rows of data, including email addresses, usernames, user IDs, and IP addresses. Pinterest has not yet released an official statement, but cybersecurity experts urge users to take immediate protective actions such as changing passwords and enabling two-factor authentication.?

Article Link


Attackers Exploit URL Protections to Disguise Phishing Links

Source: Infosecurity Magazine

Cybercriminals are exploiting legitimate URL protection services to disguise phishing links. These attackers are using compromised accounts to rewrite phishing URLs–making them appear safe and bypassing traditional email security measures. This tactic is known as conversation hijacking and allows cybercriminals to impersonate account owners and infiltrate email communications for credential harvesting. The use of trusted URL protection services gives users a false sense of security and increases the risk of falling for these phishing scams.

Article Link


ZDI Shames Microsoft For – Yet Another – Coordinated Vulnerability Disclosure Snafu

Source: The Register

Microsoft faces criticism from Trend Micro's Zero Day Initiative (ZDI) for mishandling the disclosure of a zero-day exploit in MSHTML. ZDI claims they reported the vulnerability in May, but Microsoft patched it in July without crediting them–instead attributing the discovery to Check Point Research. ZDI warns that this trend could discourage researchers from reporting bugs to vendors, potentially putting end-users at risk. The problem extends beyond Microsoft and affects various software companies–emphasizing the need for improved transparency and collaboration in vulnerability disclosure and management across the industry.

Article Link


Facebook Ads for Windows Desktop Themes Push Info-Stealing Malware

Source: Bleeping Computer

Cybercriminals are using Facebook business pages and ads to distribute the SYS01 password-stealing malware through fake Windows desktop themes. Trustwave researchers found that these ads also push pirated software and games. Threat actors create new Facebook pages or hijack existing ones to deceive users. Clicking on these ads redirects users to sites hosting the malware that, once downloaded, steals browser cookies, saved credentials, and cryptocurrency wallets. The campaign is not confined to Facebook; similar tactics are used on LinkedIn and YouTube. Trustwave emphasizes the need for vigilance in social media usage.

Article Link

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

Source: The Hacker News

The CRYSTALRAY hacker group infected over 1,500 victims using an open-source network mapping tool. Their activities involve mass scanning, exploiting multiple vulnerabilities, and deploying backdoors to harvest and sell credentials, install cryptocurrency miners, and maintain persistence. Concentrated in the U.S., China, and several other countries, the attacks leverage tools like SSH-Snake for lateral movement and various open-source tools to scan for vulnerabilities in services like Apache ActiveMQ and Atlassian Confluence. The attackers use legitimate frameworks and reverse shell managers to control compromised environments and remove competing cryptocurrency miners.

Article Link


VULNERABILITIES TO WATCH

Juniper Junos Flaw Let Attackers Gain Full ‘Root’ Access

Source: Cyber Security News

A critical vulnerability in Juniper Junos OS Evolved allows attackers to gain full root access–significantly threatening business infrastructures and operations. Despite low-level permissions, attackers can exploit the CLI parsing mechanism. Juniper Networks released patches for versions 20.4R3-S7-EVO through 23.2R1-EVO to address the issue, urging organizations to update immediately to mitigate risks.

Article Link


WP Time Capsule Plugin Update Urged After Critical Security Flaw

Source: Infosecurity Magazine

Security researchers identified a critical vulnerability in the Backup and Staging by WP Time Capsule plugin, affecting versions 1.22.20 and below. This WordPress plugin is used by over 20,000 sites and had a flaw in its authentication mechanism that allowed unauthorized users administrative access. Discovered by Patchstack, the issue involved a logical error in the plugin's code that attackers could exploit via manipulated JSON-encoded POST data. The developers released version 1.22.20 to address the flaw, but a more effective fix was implemented in version 1.22.21 on July 12. Users are urged to update immediately to secure their sites.

Article Link


SPECIAL REPORTS

Pressure Mounts for C-Suite Executives to Implement GenAI Solutions

Source: Help Net Security

A recent survey reveals the complex landscape of GenAI adoption in the corporate world. While 87% of C-Suite executives feel pressured to implement GenAI solutions rapidly, 76% express excitement about its potential benefits. However, concerns persist about resource allocation and potential AI backlash. The survey highlights a preference for collaboration with trusted partners (60%) over in-house development (20%), emphasizing the importance of combining technology, AI, and human expertise. Key implementation risks include security, output accuracy, and data privacy. Despite challenges, GenAI's staying power is evident, with 75% of employees already using AI at work.

Article Link


Finding value in this newsletter? Like or share this post on LinkedIn

Jameeka Green Aaron, CISSP

Chief Information Security Officer| Board Member | Advocate | Ally

4 个月

Great update!

回复
Ryan Chapman

Threat Hunter | Host & Network Forensics | Malware Analysis | SANS Author (FOR528) & Instructor | CactusCon Crew | PluralSight Author

4 个月

I quite like these. Keep up the good work!

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了