CISO Daily Update - May 7, 2024
NEW DEVELOPMENTS
City of Wichita Shuts Down IT Network After Ransomware Attack
Source: Bleeping Computer
The City of Wichita, Kansas was hit by a ransomware attack on Sunday that forced it to shut down portions of its network to prevent the malware from spreading. While details are still emerging, the city confirmed its IT systems were encrypted and it is assessing potential data theft. Critical services like police and fire departments have activated continuity of operations plans where necessary, but online payment systems are down as the city works with law enforcement on incident response.
Cyber Alliance Threatens Major U.S. Energy Firms: High Society and Cyber Army of Russia Collaborate
Source: The Cyber Express
A newly formed cyber threat alliance called High Society has declared affiliation with the notorious Cyber Army of Russia group and vows to target major U.S. energy firms like the Nuclear Energy Institute and Electric Power Research Institute. This alliance boasts a track record of disruptive attacks, with the Cyber Army of Russia infiltrating utility systems and High Society claiming a recent breach of an Italian engineering company. The collaboration signals an escalating cyber threat to critical infrastructure potentially driven by ideological motives, financial gain, and state-sponsored objectives.?
MedStar Health Breach: Hackers Accessed Emails & Files
Source: Cyber Security News
MedStar Health disclosed a data breach involving unauthorized access to three employees' email accounts, potentially affecting 183,000 patients' personal information. The breach occurred intermittently between January and October 2023, with exposed data including names, addresses, dates of birth, and health insurance details. While there's no confirmation of data exfiltration, MedStar Health notified affected patients and implemented additional security measures. This incident reflects a concerning trend in healthcare data security, with cyberattacks on the rise across the industry, including other high-profile breaches at organizations such as Change Healthcare, Health EC, and HCA Healthcare.
CISA Says ‘No More’ to Decades-Old Directory Traversal Bugs
Source: The Register?
CISA warns the software industry to address directory traversal vulnerabilities after recent high-profile exploits–emphasizing the risks posed by these 20-year-old bugs. Despite known mitigation strategies such as avoiding user input for file naming and limiting character types, these vulnerabilities persist and adversely affect critical infrastructure sectors like healthcare. CISA calls on software manufacturers to conduct formal testing and adopt secure-by-design practices to safeguard against exploitation. This effort aligns with CISA’s previous alerts targeting other security concerns such as the use of inherently insecure programming languages.
Beware Of Phishing Attacks Targeting AmericanExpress Card Users
Source: GBHackers On Security
Cybercriminals are targeting American Express cardholders with sophisticated phishing attempts to acquire sensitive personal and financial information. The scheme begins with forged emails that look like official American Express correspondence, requesting victims to initiate a fake "Personal Safe Key" setup process. The email includes a link to a bogus webpage where victims are asked to submit personal information such as their social security number, date of birth, and credit card information. To protect themselves against such scams, customers should verify sender email addresses, avoid clicking on questionable links, and contact companies directly if they get unexpected demands for personal information.
APT42 Hackers Posing As Event Organizers To Hijack Victim Network
Source: GB hackers On Security
An Iranian-linked group (APT42) is employing social engineering tactics to deceive NGOs, media, academia, legal firms, and activists to acquire access to their cloud environments. Their spear-phishing campaigns include posing as journalists and event organizers, and the use of custom backdoors to maintain access post-compromise. Their operations involve stealing credentials, particularly from US and UK targets, to gather strategic data of interest to Iran. Despite their efforts to evade detection using built-in tools, researchers discovered their tactics and shared indicators to aid organizations in threat detection efforts.?
领英推荐
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and ARM Macs
Source: The Hacker News
Cybersecurity researchers have uncovered a new macOS spyware named Cuckoo, capable of targeting both Intel and ARM-based Macs. The malware is distributed through websites offering applications for ripping music and leverages various techniques for persistence and privilege escalation, including fake password prompts. Cuckoo is designed to gather extensive information from infected systems, including hardware details, running processes, installed apps, and data from iCloud Keychain and various applications. Additionally, it masquerades as a legitimate applications with valid developer IDs. This discovery follows recent revelations of other macOS threats, including CloudChat and AdLoad variants.
VULNERABILITIES TO WATCH
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
Source: The Hacker News
A critical flaw in Tinyproxy (CVE-2023-49606) has over 50,000 hosts vulnerable to remote code execution. The bug, affecting versions 1.10.0 and 1.11.1, could be exploited by sending a specially crafted HTTP header that triggers memory corruption and potentially allows attackers to execute code remotely. Despite a report from Cisco Talos, the Tinyproxy maintainers were only made aware after a Debian package maintainer's notification in May 2024. With a proof-of-concept released, users are urged to update and avoid exposing Tinyproxy to the public internet.
NVIDIA ChatRTX for Windows Vulnerability Lets Attackers Escalate Privileges
Source: Cyber Security News
NVIDIA released a critical security update for its Windows ChatRTX application, addressing multiple vulnerabilities that could allow attackers to escalate privileges, tamper with data, and access sensitive information without authorization. The flaws tracked as CVE-2024-0096, CVE-2024-0097 (both high severity), and CVE-2024-0098 (medium severity), stem from improper privilege management, interprocess communication issues, and clear-text transmission of sensitive data, respectively. NVIDIA responded by issuing version 0.3 which remediates these vulnerabilities. All users are strongly urged to promptly update to the latest version to mitigate potential exploits that could compromise system integrity and user privacy.
SPECIAL REPORTS
Organizations Go Ahead With AI Despite Security Risks
Source: Help Net Security
Despite recognized security risks, organizations are rapidly adopting AI systems with 54% leveraging at least four AI applications and 79% increasing their AI budgets over the past year. However, 80% agree AI makes data security more challenging due to concerns like sensitive data exposure by large language models and AI-powered attacks, which 57% have already experienced. To mitigate risks, 83% are updating governance guidelines, conducting risk assessments (78%), monitoring AI outputs (72%), and implementing access controls (61%), though only 37% have a comprehensive AI compliance strategy. 85% are confident their security will keep pace with evolving AI.
#RSAC: 70% of Businesses Prioritize Innovation Over Security in Generative AI Projects
Source: Infosecurity Magazine
A new IBM report reveals a concerning trend where 70% of business executives prioritize innovation over security in their generative AI projects–with only 24% securing these initiatives despite 82% acknowledging secure and trustworthy AI is essential for success. This lack of upfront security controls opens organizations to emergent AI threats like model extraction, prompt injection attacks, and data poisoning. The findings call attention to comprehensive AI governance frameworks that incorporate threat modeling, secured training data workflows, identity management, compliance tracking, and employee usage policies to mitigate risks like "shadow AI" where data is inadvertently exposed to third-party generative AI tools. As regulatory scrutiny increases alongside rapid AI adoption, proactively building security into the AI lifecycle is critical for organizations to unlock transformative benefits while protecting against unique vulnerabilities.
The Era of Web DDoS Tsunamis and Strategies for Defense
Source: The Cyber Express
The cybersecurity landscape is facing an alarming rise in a new form of distributed denial-of-service (DDoS) attacks called Web DDoS Tsunamis. These multi-vector attacks combine network and application layer attacks to overwhelm websites and infrastructure with massive volumes of encrypted traffic appearing as legitimate requests. Real-world examples illustrate their disruptive impact with major banks, insurers, and telcos enduring relentless barrages exceeding millions of requests per second–far outpacing typical traffic levels. Defending against these sophisticated, evolving threats requires an adaptive, AI-driven security approach capable of inspecting encrypted traffic, distinguishing malicious requests, and mitigating attacks at scale without disrupting legitimate users. As state-backed groups increasingly weaponize these DDoS tsunamis, organizations must proactively upgrade their cyber defenses to withstand this formidable new wave of attacks.