CISO Daily Update - June 26, 2024
NEW DEVELOPMENTS
Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information
Source: Security Week
Neiman Marcus disclosed a data breach affecting 64,000 individuals after detecting unauthorized access to a cloud database platform between April and May 2024. Personal data compromised includes names, contact information, and gift card details–PINs were not exposed. In what appeared to be an exaggerated claim, a cyber threat actor alleged to have stolen data on 180 million Neiman Marcus customers. However, Neiman Marcus confirmed that only 64K individuals are being notified. The incident is linked to the Snowflake incidents impacting other organizations.
CISA Confirms Hackers May Have Accessed Data From Chemical Facilities During January Incident
Source: The Record
CISA confirmed that hackers accessed the Chemical Security Assessment Tool (CSAT) during a January cyberattack via exploiting an Ivanti IT product vulnerability. Although data was encrypted and keys protected, potential unauthorized access to sensitive industrial information includes site security plans and chemical details. While no evidence of data theft was found, impacted participants in the Chemical Facility Anti-Terrorism Standards program were urged to reset passwords. In coordination with DHS, CISA classified the incident as a major security event under FISMA.
Creditors’ Service Provider Leaked Millions of Records With Lawsuit History
Source: Cybernews
WebRecon, a company specializing in litigation risk management for creditors, inadvertently exposed over 150 million records through a misconfigured MongoDB database. The leak included sensitive details such as names, ZIP codes, hashed social security numbers, and lawsuit history. This oversight highlights the impact of misconfigurations that could lead to significant data protection and compliance risks.
Several Plugins Compromised in WordPress Supply Chain Attack
Source: Security Week?
A recent WordPress supply chain attack compromised five popular plugins, injecting malicious code that creates unauthorized admin accounts. The attack was discovered on June 21, and affects Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks plugins–potentially impacting over 30,000 websites. The malware not only creates rogue admin accounts but also injects SEO spam into affected sites. WordPress has closed the compromised plugins, and users are urged to update Social Warfare to version 4.4.7.3 or remove the other affected plugins immediately. Site owners should conduct thorough security audits and check for suspicious admin accounts and unusual activity.
New Attack Technique Exploits Microsoft Management Console Files
Source: The Hacker News
A new attack technique dubbed GrimResource exploits specially crafted management saved console (MSC) files to achieve full code execution through Microsoft Management Console (MMC) while evading typical security defenses. Identified by Elastic Security Labs, this method leverages an XSS flaw in the apds. dll library, allowing attackers to execute arbitrary JavaScript code when a malicious MSC file is opened in MMC. This technique circumvents traditional security measures and can be combined with DotNetToJScript to further enhance its capabilities–potentially leading to unauthorized access, system compromise, and deployment of malware like Cobalt Strike.
领英推荐
UK and US Cops Band Together to Tackle Qilin’s Ransomware Shakedowns
Source: The Register
UK and US law enforcement agencies are collaborating to combat Qilin, a ransomware gang responsible for recent attacks on global healthcare providers including Synnovis serving NHS hospitals in London. Despite demands for a £39 million ransom, which went unpaid, Qilin proceeded to leak sensitive patient data on the dark web. The National Crime Agency (NCA) and other international partners are actively investigating, aiming to mitigate the impact and trace the perpetrators whose operations are suspected to originate in Russia but involve global affiliates.
VULNERABILITIES TO WATCH
Chrome 126 Update Patches Memory Safety Bugs
Source: Security Week
Google's latest Chrome update (version 126) tackles four critical memory safety vulnerabilities, enhancing browser security for users across platforms. The update fixes use-after-free bugs in the Dawn and Swiftshader components, discovered by external researchers who received a bug bounty for their findings. These flaws, if exploited, could lead to code execution, data corruption, or system crashes. While no in-the-wild attacks have been reported, users should update immediately to protect against potential threats. Google's ongoing efforts to combat memory safety issues in Chrome include improved protections and a gradual shift to the Rust programming language for enhanced security.
Recent Zyxel NAS Vulnerability Exploited by Botnet
Source: Security Week
A critical severity vulnerability (CVE-2024-29973) in discontinued Zyxel NAS devices, allowing remote code execution via crafted HTTP POST requests, is being actively exploited by a Mirai-like botnet. Despite Zyxel releasing patches in early June, the affected NAS326 and NAS542 products are no longer supported. Users are urged to apply available patches immediately or consider replacing these devices with supported alternatives due to ongoing exploitation risks by threat actors.
Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher
Source: Security Week?
Researcher demonstrated a method to deliver malware, including ransomware like CovidLock, to Meta's Quest 3 VR headset without enabling developer mode. By leveraging Meta's use of a restricted version of Android Open Source Project (AOSP), the researcher found a pathway to sideload APKs via Meta's App Lab, which grants access to Android's file manager. This method bypasses typical security controls and highlights the vulnerability of VR headsets to social engineering attacks.
SPECIAL REPORTS
Cloud Breaches Impact Nearly Half of Organizations
Source: Infosecurity Magazine
According to the Thales 2024 Cloud Security Study, nearly half of organizations (44%) have experienced a cloud data breach. Human error and misconfigurations are the leading cause, accounting for 31% of incidents. Exploitation of known vulnerabilities saw a significant increase, contributing to 28% of breaches. The report also highlights a growing attack surface, with SaaS applications, cloud storage, and cloud management infrastructure as primary targets. Despite these challenges, many organizations struggle with encrypting their cloud data and managing compliance amidst increasing cloud complexity.
Finding value in this newsletter? Like or share this post on LinkedIn
In light of the recent cybersecurity incidents affecting various sectors, including the Neiman Marcus data breach and the WordPress supply chain attack, it's crucial for organizations, especially in sensitive industries like patent law, to bolster their data protection strategies. Implementing robust cybersecurity measures and conducting regular audits can mitigate risks associated with third-party data leaks and ransomware threats. Stay informed and proactive to safeguard client data effectively. Learn more about enhancing cybersecurity for your practice to protect sensitive information effectively. For more insights on optimizing data protection for patent law firms, you can visit PowerPatent's resources here: PowerPatent.