CISO Daily Update - May 16, 2024
NEW DEVELOPMENTS
Ransomware Attack on Singing River Health System Impacted 895,000 People
Source: Security Affairs
The Singing River Health System (SRHS) disclosed that the August 2023 ransomware attack affected 895,204 individuals across its three hospitals and clinics in Mississippi. The breach potentially exposed sensitive data including names, birthdates, addresses, social security numbers, medical records, and health insurance information. In response, SRHS is offering 12 months of free credit monitoring and identity theft protection to impacted parties. The healthcare provider is further advising victims to mitigate the risk of fraud through credit monitoring, placing credit freezes, and reporting suspected identity theft to authorities.
FBI Seize BreachForums Hacking Forum Used to Leak Stolen Data
Source: Bleeping Computer
Following a recent data leak from a Europol portal, the FBI seized the notorious BreachForums hacking forum which is known for leaking and selling stolen corporate data,. The seizure involved taking control of the site's servers and domains, as well as its Telegram channel. Access to the site and Telegram channel enable law enforcement to gather further intelligence on member operations and potentially expose their identities. This action follows the arrest of the forum's administrators while other cybercriminals continued to use the site to trade contraband and stolen data.
PDF Exploitation Targets Foxit Reader Users
Source: Infosecurity Magazine
Cybersecurity researchers exposed a concerning PDF exploit trend targeting the 700 million users of Foxit Reader. Check Point uncovered campaigns using malicious PDFs that were shared via unconventional channels like Facebook. The attack method exploits a design flaw in Foxit's default options to trick users into running malicious commands. As most security solutions focus on security vulnerabilities and misconfigurations associated with the more popular Adobe Reader, flaws in Foxit Reader have low detection rates. Foxit acknowledged the vulnerability and plans to address it in their forthcoming version 2024.3 release.?
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs
Source: Darkreading
The FBI recently took legal actions against the members of Scattered Spider, the threat actor group responsible for high-profile attacks on MGM Resorts and Caesars Entertainment. Despite impending legal actions, the criminal group continues to target finance and insurance sectors, compromising at least 29 companies recently including Visa and PNC. The group employs lookalike domains and performs SIM swap attacks with efficiency. While the FBI's director plans charges under the Computer Fraud and Abuse Act, the young, predominantly US and UK-based members remain elusive. Former FBI agent Adam Marrè emphasizes that successful takedowns require meticulous attribution and cooperation from targeted organizations to provide critical evidence.
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Source: Hackread
Recent research has discovered a potential vulnerability in FIDO2 security, suggesting that man-in-the-middle (MITM) attacks could bypass its protections under specific conditions. While FIDO2 was designed to resist phishing and some MITM attacks by using physical security keys or biometrics, Silverfort's findings indicate that attackers might exploit weaknesses in SSO protocols to steal session tokens and impersonate users. This highlights the importance of robust authentication mechanisms and emphasizes the need for organizations to enable token binding to prevent token theft and MITM attacks. Experts stress that this vulnerability should prompt a re-examination of authentication techniques to ensure they are not reliant on insecure foundations.
Nissan Attack Exposes Sensitive Data of Thousands
Source: Cybernews
Nissan's North American subsidiary fell victim to a cyberattack–exposing sensitive data of over 53,000 employees, including names, social security numbers, and business information. The attack was discovered in November 2023 and involved a threat actor shutting down certain systems and demanding ransom–although no data encryption occurred. While most accessed data was business-related, some personal information of former and current employees was compromised. Nissan has taken steps to enhance security and is providing affected individuals with identity protection services. This incident follows a prior cyber incident affecting Nissan's Oceania businesses in December.
领英推荐
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
Source: The Hacker News
The Ebury botnet, a highly advanced malware targeting Linux servers, has compromised approximately 400,000 systems since its inception in 2009–with over 100,000 still affected as of late 2023. Primarily used for financial gain through activities such as spam distribution, web traffic redirection, and credential theft, Ebury also facilitates cryptocurrency theft and credit card skimming. This malware, part of a broader campaign known as Operation Windigo, infiltrates servers via methods like SSH credential theft and exploits in web panels, functioning as a backdoor and credential stealer. Despite the 2017 arrest of one key developer, the botnet continues to evolve with new obfuscation techniques and payloads.
VULNERABILITIES TO WATCH
Adobe Fixed Multiple Critical Flaws in Acrobat and Reader
Source: Security Affairs
As part of its Patch Tuesday updates, Adobe released patches for 35 security vulnerabilities–including 12 critical arbitrary code execution flaws in Acrobat and Reader. These vulnerabilities, such as Use After Free (CVE-2024-30284) and Out-of-Bounds Write (CVE-2024-30310), can lead to arbitrary code execution and impact versions 24.002.20736 and earlier, and 20.005.30574 and earlier on Windows and macOS. Researchers from Trend Micro Zero Day Initiative, Cisco Talos, Haboob SA, and Renmin University of China reported the issues. Additionally, Adobe addressed vulnerabilities in other products like Illustrator, Dreamweaver, and Substance 3D Painter.
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
Source: Darkreading
Researchers disclosed a zero-day vulnerability chain allowing unauthenticated remote code execution as root on certain D-Link DIR-X4860 routers. The exploit bypasses authentication in the HNAP protocol by leveraging flaws in password generation and lack of validation in handling virtual server settings. This enables executing commands with top privileges to completely compromise affected devices. Though notified multiple times, D-Link has not responded or issued patches, leaving users exposed until firmware updates are provided. Public disclosure after failed coordination aims to catalyze D-Link's remediation efforts and warn users about actively exploitable critical router flaws.
Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks
Source: Darkreading?
Researchers at Belgium's KU Leuven uncovered a significant flaw in the IEEE 802.11 Wi-Fi standard that enables attackers to deceive users into connecting to insecure networks. Assigned CVE-2023-52424, the flaw affects all Wi-Fi clients, potentially exposing users to traffic interception and manipulation. Exploiting this flaw involves tricking victims into connecting to a less secure network than intended and can neutralize VPN protections. Attackers exploit shared credential scenarios, such as separate 2.4 GHz and 5 GHz networks with identical authentication credentials. The researchers recommend updates to the Wi-Fi standard and improved beacon protection to mitigate these SSID confusion attacks.
SPECIAL REPORTS
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Source: Infosecurity Magazine
Trend Micro's recent report reveals a significant "credibility gap" for CISOs, with a third of them dismissed outright by their boards. The study, polling 2600 IT leaders, highlights that 79% of CISOs feel pressured to downplay cyber risks, with 43% considered "repetitive" or "nagging" and 42% seen as overly negative. This lack of engagement means cybersecurity is often viewed as an IT issue rather than a strategic business risk–leading to reactive rather than proactive measures. However, aligning cybersecurity with business strategy enhances credibility, increases budgets, and integrates CISOs into senior decision-making processes.
Core Security Measures to Strengthen Privacy and Data Protection Programs
Source: Help Net Security?
Organizations should embrace a "privacy by design" approach by embedding data protection into products and processes from the start. This proactive strategy enables efficiency in meeting compliance while unlocking strategic value from data governance. Core technical measures include understanding data footprints, enabling compliant data use, implementing consistent policies with enforcement controls, and continuous risk monitoring. Best practices involve developing repeatable processes, leveraging automation, fostering cross-functional collaboration, and building an organizational culture that prioritizes privacy. Comprehensive data privacy programs mitigate risks like non-compliance penalties, breaches, and consumer trust erosion while supporting innovation through ethical data utilization and AI enablement. Investing in mature privacy practices delivers competitive advantages in an era where data is a prized asset.