CISO Daily Update - June 6, 2024
NEW DEVELOPMENTS
FBI Warns of Rise in Work-From-Home Scams
Source: Infosecurity Magazine
The FBI warns about a surge in work-from-home scams where fraudsters impersonate legitimate businesses, promising easy tasks and convoluted payment structures–often requiring cryptocurrency payments to access earnings. Victims are lured through unsolicited calls or messages and find themselves unable to withdraw supposed earnings displayed on fake interfaces. Red flags include demands for cryptocurrency, simplistic job descriptions, and no reference checks. The FBI advises caution with unsolicited job offers and to avoid sending money to unfamiliar entities or sharing personal information.
Microsoft Paid Tenable a Bug Bounty for an Azure Flaw It Says Doesn’t Need a Fix, Just Better Documentation
Source: The Register
Microsoft faced scrutiny over an Azure vulnerability that allowed potential abuse of Service Tags–leading to a dispute with Tenable over whether it required a fix. Tenable found that Service Tags, meant to group IP addresses for network access control, could be exploited by rogue users for cross-tenant attacks. While Microsoft initially categorized it as an "elevation of privilege flaw" and paid a bug bounty, it later decided against patching–instead, opting for improved documentation. This decision sparked debate over the issue's severity and the adequacy of existing security measures. Microsoft emphasized a multi-layered security approach and urged users to review and enhance their configurations to mitigate risks.?
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
Source: The Hacker News
TikTok confirmed a zero-click account takeover exploit that allowed threat actors to compromise high-profile brand and celebrity accounts via malicious direct messages. The attack allowed complete account takeover without the user needing to click a link or open an attachment (i.e., no user interaction required). Though the issue impacted a "very small" number of users, TikTok promptly mitigated the attack vector and is working to restore access for affected accounts. This latest security matter compounds ongoing concerns over TikTok's data privacy and potential national security risks stemming from its Chinese ownership. Several nations have either banned the app entirely or restricted usage on government devices.
Nationwide Call Disruptions Trigger FCC Investigation into Major U.S. Wireless Carriers
Source: The Cyber Express
Nationwide call disruptions affecting major U.S. wireless carriers like AT&T, Verizon, and T-Mobile triggered an investigation by the Federal Communications Commission (FCC). Users across multiple states reported an inability to complete calls to other networks–prompting carriers to look into the widespread issue potentially linked to a cyberattack. While AT&T announced that they resolved the problem preventing cross-carrier calls, the root cause remains undisclosed. Following recent AT&T data breaches exposing the personal details of millions of customers, this incident reignites concerns over security vulnerabilities plaguing the telecommunications sector. As the FCC probes the matter, carriers continue to face scrutiny over their ability to safeguard critical communication infrastructure against escalating cyber threats.
Accidental or Not, Another Google Leak Exposes Multiple Privacy Breaches
Source: Cybernews
After a second leak in a week exposed multiple privacy breaches, Google is under scrutiny again. An internal database was leaked anonymously to 404 Media, revealing that between 2013 and 2018, Google employees logged numerous privacy and security incidents. Many issues were accidental, such as an audio feature recording children's voices, Waze leaking users' addresses, and Street View storing license plates. However, the leak also showed that a contractor used administrative privileges to leak Nintendo's information on YouTube. This news follows another leak suggesting Google’s Search Division may manipulate website rankings, contradicting its public claims, and amid backlash over inaccuracies in its new AI Overview feature.
Linux Version of TargetCompany Ransomware Focuses on VMware ESXi
Source: Bleeping Computer
Researchers identified a new Linux variant of the TargetCompany ransomware targeting VMware ESXi environments using custom shell scripts. This ransomware has been active since June 2021 and previously focused on database attacks in regions like Taiwan and South Korea. The new variant ensures administrative privileges are in place and then exfiltrates data to multiple servers before encrypting VM-related files. A ransom note is then left, and traces are deleted to hinder investigations. Trend Micro attributes these attacks to an affiliate named "vampire" and recommends enabling multifactor authentication, maintaining backups, and updating systems to mitigate risks.
领英推荐
VULNERABILITIES TO WATCH
Zyxel Addressed Three RCEs in End-of-Life NAS Devices
Source: Security Affairs
Zyxel Networks urgently released security patches to address three critical remote code execution vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974) in its end-of-life NAS326 and NAS542 network-attached storage devices. These vulnerabilities could allow unauthenticated attackers to inject malicious commands and execute arbitrary code by exploiting flaws in CGI programs. Additionally, two privilege escalation vulnerabilities (CVE-2024-29975, CVE-2024-29976) impacting the same devices were disclosed, enabling authenticated attackers to gain elevated root privileges. Despite reaching end-of-support, due to their severities Zyxel proactively patched the RCEs for customers under extended contracts–though the privilege escalation issues remain unaddressed in these legacy NAS products.
Cisco Webex Meetings Meeting Flaw Let Attackers Gain Unauthorized Access
Source: Cyber Security News
Cisco revealed a significant security flaw in its Webex Meetings platform, affecting certain customers hosted in its Frankfurt data center. Discovered in early May 2024, the vulnerability allowed unauthorized access to meeting information and metadata. Cisco promptly addressed the issue with a fix deployed worldwide as of May 28, 2024. While no further unauthorized access attempts have been detected, Cisco advises users to remain vigilant and follow security recommendations provided for Webex Meeting hosts and administrators. The company reaffirms its commitment to maintaining the security of its platform and encourages users to engage with official support channels for updates and assistance.
PoC Exploit Released for Linux Kernel Privilege Escalation Vulnerability
Source: Cyber Security News
A Proof-of-Concept (PoC) exploit has emerged for CVE-2023-3390, a critical privilege escalation flaw in the Linux kernel's Netfilter subsystem. The vulnerability stems from an integer overflow issue in the nft_validate_register_store function, allowing attackers to gain elevated privileges. Released by SSD Secure Disclosure on June 5, 2024, the PoC reinforces the urgency for patching as it simplifies exploitation. The widespread use of Linux across various environments amplifies the risk, prompting swift patching efforts from the Linux community. System administrators are urged to apply patches asap and follow security best practices to mitigate the threat of exploitation and uphold system integrity.
SPECIAL REPORTS
5 Takeaways From the White House Cybersecurity Workforce Discussion
Source: Security Intelligence
The Office of the National Cyber Director (ONCD) hosted a discussion on the critical need for a robust cybersecurity workforce across various sectors. First, cybersecurity needs to extend beyond tech sectors to every industry. Second, skills-based hiring can fill many of the half million unfilled roles by focusing on competencies rather than degrees–opening doors for underrepresented groups. Third, partnerships are beneficial, like those providing hands-on experience through live security operations centers. Fourth, sustaining long-term careers requires clear career mapping to retain talent. Finally, the cybersecurity talent shortage is a national security concern, highlighting the importance of increasing workforce numbers to protect infrastructure.
#Infosec2024: Organizations Urged to Adopt Safeguards Before AI Adoption
Source: Infosecurity Magazine?
At Infosecurity Europe 2024, experts stressed the urgent need for robust safeguards before integrating generative AI tools in workplaces due to significant security risks–including prompt injection attacks and biased outputs. They highlighted the hidden use of AI in many SaaS tools, advocating a risk-based security approach and emphasizing the importance of understanding and controlling data flows within AI systems. Leaders also noted that comprehensive data classification and access control are essential to prevent data breaches and ensure safe AI deployment.
Finding value in this newsletter? Like or share this post on LinkedIn