CISO Daily Update - June 25, 2024
NEW DEVELOPMENTS
LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom
Source: Hackread
The LockBit ransomware gang claimed to have breached the US Federal Reserve, holding 33 terabytes of data for ransom and threatening to leak it publicly by June 25, 2024. The gang's dark web statement hints at possessing sensitive "American banking secrets" and expresses dissatisfaction with the current ransom negotiations. LockBit is known for high-profile breaches, but its claims are often disputed by the targeted entities. Despite infrastructure disruptions and the alleged exposure of their leader, the group has continued its criminal activities.?
Push Notification Fatigue Leads to LA County Health Department Data Breach
Source: Security Week
The Los Angeles County Department of Health Services (DHS) reported a data breach stemming from a push notification spamming attack that compromised an employee's Microsoft 365 account. The attack exploited multi-factor authentication (MFA) by flooding the user's device with numerous approval requests that eventually were approved, providing unauthorized access. Personal information potentially accessed includes names, addresses, social security numbers, and medical details. DHS responded by disabling the affected account, resetting devices, and offering identity monitoring services to affected individuals. It's unclear how many were impacted and if this incident is linked to a previous February 2024 breach affecting 6,085 individuals.
LivaNova USA Discloses Data Breach Impacting 130,000 Individuals
Source: Security Week
In October 2023, medical device manufacturer LivaNova USA suffered a data breach affecting 130,000 individuals' personal and medical information. The incident was discovered on November 19, and prompted LivaNova to take certain systems offline. The LockBit ransomware gang claimed responsibility alleging theft of 2.2 terabytes of data. Compromised information includes names, addresses, birth dates, social security numbers, and health data. LivaNova is offering affected individuals two years of free identity protection and credit monitoring. The company disclosed that unauthorized access began on October 26, nearly a month before detection. LivaNova has since resumed manufacturing in some affected locations and reported incurring $2.6 million in costs during Q4 2023 due to the breach.
Levi’s Data Breach: 72,000+ Customers’ Data Exposed
Source: Cyber Security News
Renowned American clothing company Levi Strauss & Co. disclosed a data breach affecting over 72,000 customers. Discovered on June 13, 2024, the breach is due to bots attempting logins using credentials compromised from other sources. In an abundance of caution, Levi deactivated some accounts and forced password resets. Data potentially exposed includes order history, email, physical address, and saved payment–including the last four, card type, and expiration date.?
Facial Recognition Startup Clearview AI Settles Privacy Suit
Source: Security Week
Facial recognition startup Clearview AI settled a lawsuit in Illinois alleging that its extensive collection of facial images violated privacy rights. The settlement, estimated to potentially exceed $50 million including attorneys' fees, offers plaintiffs a share in Clearview's future value instead of a direct payout. This agreement consolidates cases from across the U.S. against Clearview. While Clearview denies liability, critics argue the settlement fails to address ongoing concerns about biometric privacy and Clearview's operational practices–e.g., the company is known for compiling photos from social media and the internet into a database sold to various entities.?
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
Source: The Hacker News
Multiple threat actors, including cyber espionage groups, are exploiting the open-source Rafel remote access trojan (RAT) to target Android devices by disguising it as popular apps like Instagram and WhatsApp. Check Point's analysis reveals that this versatile tool enables various malicious activities, from data theft to device manipulation, and has been used in approximately 120 different campaigns across multiple countries. The malware primarily affects outdated Android versions and uses social engineering to gain intrusive permissions. Notably, Rafel RAT has been employed in diverse operations, including a ransomware attack likely originating from Iran.?
领英推荐
VULNERABILITIES TO WATCH
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Source: The Hacker News
Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in the Ollama AI infrastructure tool, tracked as CVE-2024-37032 and codenamed Probllama. This flaw, identified by cloud security firm Wiz, stems from insufficient input validation leading to a path traversal vulnerability that attackers can exploit by sending specially crafted HTTP requests to the Ollama API server. The vulnerability, addressed in version 0.1.34 released on May 7, 2024, allows attackers to overwrite arbitrary files and execute code remotely. The risk is particularly severe in Docker deployments, where the server runs with root privileges and is publicly accessible. The lack of authentication in Ollama exacerbates the issue, potentially enabling attackers to compromise AI models and servers.
Mailcow Patches Critical XSS and File Overwrite Flaws – Update NOW
Source: Hackread
Mailcow email servers have patched two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) in the latest 2024-04 update. These flaws, discovered by SonarCloud, include a Cross-Site Scripting (XSS) vulnerability via the exception handler and a path traversal flaw allowing arbitrary file overwrite. Together, they could enable attackers to execute malicious code remotely–taking full control of the server with a single email viewed by an admin.
EFF Issues New Warning After Discovery of Automated License Plate Reader Vulnerabilities
Source: Security Week
The Electronic Frontier Foundation (EFF) issued a warning following the discovery of severe flaws in automatic license plate readers (ALPRs). Law enforcement officers frequently deploy these high-speed cameras which gather license plate numbers as well as vehicle and person photos, date, time, and location data. CISA recently identified multiple critical vulnerabilities in Motorola Solutions' Vigilant ALPRs. These issues, which include weak authentication procedures and hardcoded passwords, might allow attackers to access sensitive data, install backdoors, and disable cameras. According to an EFF analysis, California has massive data collecting, with 1.6 billion scans in 2022 alone. The EFF has long denounced ALPRs as tools for mass monitoring.
ESET Security Products for Windows Vulnerable to Privilege Escalation
Source: Cyber Security News
Prominent cybersecurity firm ESET addressed a local privilege escalation vulnerability in its Windows security products, as reported by the Zero Day Initiative (ZDI). The flaw (CVE-2024-2003) could allow attackers to misuse ESET’s file operations during quarantine restore operations, potentially leading to arbitrary file creation and privilege escalation. This high-severity vulnerability, with a CVSS v3.1 score of 7.3, enables a logged-on user to exploit administrative file operations to create or overwrite arbitrary files. ESET responded by releasing a fix in the Antivirus and antispyware scanner module 1610, which was automatically distributed to customers along with detection engine updates starting April 10, 2024–full deployment completed April 22, 2024. No active exploits of this vulnerability have been observed.
SPECIAL REPORTS
1 Out of 3 Breaches Go Undetected
Source: Help Net Security?
A recent Gigamon survey reveals gaps in organizations' ability to detect and respond to cybersecurity breaches, with one in three breaches going undetected. Despite growing cloud complexity and the looming threat of AI-powered attacks, only 54% of organizations feel strongly prepared to respond to unauthorized access in hybrid cloud environments. Key findings show that 65% of respondents believe their existing solutions cannot effectively detect breaches, while 31% only became aware of breaches after receiving extortion threats or finding leaked data on the dark web. The study highlights critical blind spots in hybrid cloud visibility, with only 40% of respondents having visibility into East-West traffic. Encryption poses another challenge, as 76% of respondents trust encrypted traffic is secure, despite research suggesting 93% of malware attacks hide there. CISOs are particularly affected, with 70% believing their tools are ineffective in detecting breaches. To address these issues, 80% of respondents agree that achieving unified visibility into hybrid cloud infrastructure is crucial for preventing attacks and securely deploying AI technology.
Examining the US Government’s DDoS Protection Guidance Update
Source: Hackread
The updated DDoS protection guidance from CISA, MS-ISAC, and the FBI emphasizes strategies to mitigate volumetric, protocol-based, and application-based attacks through 15 steps including risk assessment, network monitoring, and DDoS mitigation services. While comprehensive, its voluntary nature and general approach may limit widespread adoption and effectiveness, particularly for resource-constrained organizations. A more enforceable framework with mandatory regulations and enhanced collaboration between public and private sectors could better address evolving DDoS threats and ensure consistent readiness across critical infrastructure.
Finding value in this newsletter? Like or share this post on LinkedIn