CISO Daily Update - November 15, 2024
NEW DEVELOPMENTS
Alltech Consulting Data Breach Exposes Over 216,000 Job Seekers’ Personal Information
Source: Daily Security Review
Alltech Consulting, a recruitment firm specializing in IT and engineering talent experienced a data breach that exposed the personal information of over 216,000 job seekers. Cybersecurity researcher Jeremiah Fowler uncovered this breach, which likely includes data such as names, contact details, resumes, and potentially financial information. Alltech Consulting has not issued a public statement regarding the incident.
DemandScience Data Breach 122M Unique Corporate Email Addresses Affected
Source: Cyber Press
In February 2024, B2B demand generation platform DemandScience experienced a data breach that exposed nearly 122 million unique corporate email addresses. The compromised information included email addresses, physical addresses, phone numbers, employers, job titles, names, and links to individuals' LinkedIn profiles. The data originated from a decommissioned legacy system approximately two years ago. Despite initial denials, DemandScience confirmed the breach.
URL-Login-Pass Breach, Hackers Claim Breach of 900M Fresh Login Credentials
Source: Cyber Press
Hackers have leaked 900 million login credentials, including URLs, usernames, and passwords, allegedly sourced from cloud services and Telegram. The breach allows attackers to easily target specific accounts–potentially exposing sensitive personal and business data. Users are urged to update passwords, enable multi-factor authentication, and monitor for unusual account activity to mitigate risks associated with this large-scale exposure.
LinkedIn Data Leak, Hackers Claim Breach of 50K Users’ Professional & Personal Data
Source: Cyber Press
LinkedIn reportedly experienced a data breach affecting 50,000 users, with hackers claiming to have accessed and leaked professional and personal information including job titles, locations, email addresses, and phone numbers. This data is reportedly circulating on dark web forums. Users are advised to update passwords, enable two-factor authentication, and monitor for suspicious activity.?
Microsoft Power Pages Leak Millions of Private Records
Source: Darkreading
Microsoft’s low-code website development platform Power Pages exposed millions of sensitive records due to poorly configured access controls. Researchers found that many sites built with Power Pages lack adequate protections, leaving data in Microsoft’s Dataverse database open to unauthorized access. The issue stems from administrators not fully implementing the platform’s security features such as site-level settings, table controls, and column masking. Organizations using Power Pages are advised to review and properly configure access controls to secure their data effectively.
Hacker Gets 10 Years in Prison for Extorting US Healthcare Provider
Source: Bleeping Computer
Robert Purbeck, a 45-year-old Idaho resident was sentenced to ten years in prison for hacking at least 19 U.S. organizations–stealing the personal data of over 132,000 individuals and engaging in multiple extortion attempts. Operating under aliases like "Lifelock" and "Studmaster," Purbeck purchased unauthorized access to servers of various entities including a Georgia medical clinic and police department. In July 2018, he demanded a ransom from a Florida orthodontist, threatening to sell stolen patient information and harassing the victims for over ten days.
Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
Source: The Hacker News
Cybersecurity experts identified a widespread attack technique called "Sitting Ducks," which hijacks approximately 70,000 legitimate domains for use in phishing and investment fraud schemes. This method exploits misconfigurations in domain name system (DNS) settings, allowing attackers to assume control of domains by leveraging incorrect authoritative name server delegations. The compromised domains, including those of well-known brands, non-profits, and government entities, are often used for short periods before being abandoned or claimed by other malicious actors. This rotational hijacking complicates detection and mitigation efforts. Proper DNS configurations and vigilant monitoring are recommended to prevent exploits.?
CISA and FBI: Chinese Hackers Compromised US Telecom Networks
Source: Hackread
CISA and the FBI have reported a cyberespionage campaign by Chinese state-backed hackers targeting U.S. telecom networks. These hackers gained unauthorized access to multiple providers, stealing customer call records and compromising private communications–especially those involving government and political figures. The attackers also accessed sensitive information related to U.S. law enforcement requests. CISA and the FBI are working with affected telecoms to address security gaps and urged to strengthen cybersecurity practices to protect against similar threats.
Two Men Charged For Hacking US Tax Preparation Firms
Source: Security Week
The U.S. Department of Justice charged Nigerian nationals Matthew Akande and Kehinde Oyetunji with hacking U.S. tax preparation firms to file fraudulent tax returns. From 2016 to 2021, the duo allegedly used the Warzone remote access trojan (RAT) in phishing emails to gain unauthorized access to sensitive client data. They reportedly filed over 1,000 false tax returns and sought above $8.1 million in refunds. Oyetunji pleaded guilty in 2022 and awaits sentencing, while Akande, recently arrested in the UK, faces extradition to the United States.
VULNERABILITIES TO WATCH
Windows 0-Day Exploited in Wild with Single Right Click
Source: GB Hackers
A recently identified zero-day vulnerability (CVE-2024-43451) contains exploits across various Windows versions. Discovered by ClearSky Cyber Security in June 2024, this flaw allows attackers to gain control of a system through simple actions like a single right-click on a malicious file. The exploit involves specially crafted URL files disguised as legitimate documents often distributed via phishing emails from compromised Ukrainian government servers. Upon interaction, these files connect to the attacker's server–enabling download of additional malware such as the SparkRAT remote access trojan. The Ukrainian Computer Emergency Response Team (CERT-UA) attributed these attacks to the Russian-linked threat actor UAC-0194. Microsoft addressed this vulnerability with a security patch released on November 12, 2024, and users are strongly advised to update their systems promptly to mitigate this threat.
GitLab Patches Critical Flaws Leads to Unauthorized Access to Kubernetes Cluster
Source: GB Hackers
GitLab issued critical security updates for its Community and Enterprise Editions, fixing multiple vulnerabilities that could lead to unauthorized Kubernetes access and other exploits. The updates, available in versions 17.5.2, 17.4.4, and 17.3.7, address high-severity issues like CVE-2024-9693, which allows unauthorized access to Kubernetes cluster agents. Other fixed vulnerabilities include a Device OAuth flow flaw (CVE-2024-7404), a denial-of-service issue from FogBugz import, stored cross-site scripting (XSS) in Analytics dashboards (CVE-2024-8648), an HTML injection-based XSS (CVE-2024-8180), and an API information disclosure (CVE-2024-10240). GitLab advises users to update to these versions promptly to reduce security risks.
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure
Source: Security Week
A recently disclosed command injection vulnerability (CVE-2024-10914) in legacy D-Link network-attached storage (NAS) devices is being actively exploited. The flaw allows unauthenticated remote attackers to execute arbitrary shell commands via specially crafted HTTP GET requests. D-Link identified 20 affected DNS-series NAS models, all of which have reached end-of-life status and will not receive security patches. Users are advised to replace these devices to mitigate potential risks.?
SPECIAL REPORTS
How Cybersecurity Failures Are Draining Business Budgets
Source: Help Net Security
A recent survey by Panaseer reveals that 61% of U.S. and UK organizations suffered breaches due to ineffective security controls–costing American businesses around $30 billion annually. Security leaders are under increased pressure, with 90% expected to provide stronger assurances on security controls. However, 57% lack reliable data, pushing 72% to purchase indemnity insurance as personal liability grows. While 75% feel heightened responsibility, only 55% trust the accuracy of data presented to boards. Limited resources for security insights have left 67% unable to assess the risks.?
National Cyber Director Calls for Streamlined Security Regulations
Source: Cybersecurity Dive
National Cyber Director Harry Coker Jr. emphasized the necessity for unified cybersecurity regulations to mitigate the increasing threats to U.S. critical infrastructure. In a recent address at Columbia University's Conference on Cyber Regulation and Harmonization, Coker advocated for collaboration among federal authorities, private sector entities, and critical infrastructure providers to enhance national cyber resilience. He highlighted the importance of balancing robust security standards with streamlined compliance processes–allowing organizations to focus more effectively on mitigating cyber risks.?
Finding value in this newsletter? Like or share this post on LinkedIn