CISO Daily Update - November 20, 2024

CISO Daily Update - November 20, 2024

NEW DEVELOPMENTS

Ransomware Gang Akira Leaks Unprecedented Number of Victims’ Data in One Day

Source: The Record

The Akira ransomware group published a volume of victim data on its darknet leak site–listing 35 organizations in a single day, with 32 confirmed as new victims. Akira has been active since March 2023–extorting $42 million from approximately 250 attacks. The group is known for targeting cloud services and business sectors primarily in the U.S. Cybersecurity researchers suggest the sudden surge may indicate aggressive expansion or previously delayed releases, but speculation persists about potential motivations. Most victims are in the business services sector with some based in Canada, Germany, and the U.K.

Article Link


Threat Actor Turns Thousands of IoT Devices Into Residential Proxies

Source: Security Week

The threat actor Water Barghest compromised over 20,000 IoT devices, monetizing them as residential proxies for threat actors seeking to anonymize their activities. Using automation and techniques like erasing log files and accepting cryptocurrency payments, Water Barghest infects devices with Ngioweb malware–exploiting vulnerabilities from brands like Cisco, Netgear, and Synology. Compromised devices are listed on proxy marketplaces within minutes–able to quickly generate revenue while evading detection. The group has been active since 2018.

Article Link


Helldown Ransomware Exploits Zyxel VPN Flaw to Breach Networks

Source: Bleeping Computer

The Helldown ransomware exploited a vulnerability in Zyxel firewalls (CVE-2024-42057) to breach corporate networks, steal data, and encrypt devices. Discovered in August 2024, Helldown primarily targets small and medium-sized firms in the U.S. and Europe using tactics like creating malicious accounts, exploiting IPSec VPN flaws for lateral movement, and disabling defenses based on the leaked LockBit 3 builder.?

Article Link


Spotify Abused to Promote Pirated Software and Game Cheats

Source: Bleeping Computer

Cybercriminals abuse Spotify playlists and podcasts to promote pirated software, game cheats, and scam links. By injecting targeted keywords and URLs into playlist titles and podcast descriptions, they exploit Spotify’s reputation and indexing by search engines like Google to boost visibility. Victims clicking these links risk encountering malware, adware, or fraudulent surveys. Spotify removed some flagged content, citing platform rules against malicious practices.

Article Link


Phobos Ransomware Administrator Faces US Cybercrime Charges

Source: Help Net Security

The U.S. Department of Justice charged 42-year-old Russian national Evgenii Ptitsyn with operating Phobos ransomware and extorting over $16 million from more than 1,000 victims globally. Extradited from South Korea, Ptitsyn appeared in a Maryland court on November 4. Since 2020, he allegedly sold ransomware access on the darknet–enabling affiliates to steal and encrypt data and demanding ransom under the threat of exposure. Ptitsyn faces 13 charges, including wire fraud and computer hacking, with penalties of up to 20 years per wire fraud count and 10 years for each hacking charge.

Article Link


VULNERABILITIES TO WATCH

VMware Virtual Machines Under Attack: Hackers Exploit Critical vCenter Server Flaw

Source: Cybernews

Broadcom warns about the active exploitation of two critical vulnerabilities in VMware vCenter Server, including a remote code execution flaw. These vulnerabilities allow attackers to execute arbitrary code on unpatched servers–posing significant risks to organizations relying on vCenter Server for virtual infrastructure management. Administrators are strongly advised to apply the latest security patches to mitigate potential threats.

Article Link


Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack

Source: Hackread

A critical vulnerability in Microsoft's Kerberos authentication protocol was identified for potentially exposing millions of servers to unauthorized access and remote code execution. CVE-2024-43639 with a CVSS score of 9.8, allows attackers to send crafted requests to vulnerable systems. Microsoft addressed this issue in its recent Patch Tuesday updates. Administrators are strongly advised to apply these patches promptly to safeguard their systems.

Article Link


D-Link Urges Users to Retire VPN Routers Impacted by Unfixed RCE Flaw

Source: Bleeping Computer

D-Link urges users to replace end-of-life VPN routers, including the DSR-150, DSR-150N, DSR-250, and DSR-250N models, after discovering a critical remote code execution (RCE) vulnerability that will not be patched. The flaw was reported by security researcher 'delsploit,' and affects firmware versions 3.13 to 3.17B901C. D-Link emphasizes that using these unsupported routers increases exposure to exploitation. Users are strongly advised to retire these devices and transition to newer, supported models to maintain network security.

Article Link


Vulnerable Jupyter Servers Targeted for Sports Piracy

Source: Security Week

Misconfigured JupyterLab and Jupyter Notebook servers are exploited to stream pirated sports content. Researchers at Aqua Security observed attackers accessing unsecured Jupyter servers, installing the FFmpeg tool, and redirecting live sports streams to their platforms. This unauthorized broadcasting generates advertising revenue for the attackers and results in financial losses for legitimate broadcasters. To mitigate such risks, it's crucial to properly configure Jupyter servers, implement strong authentication measures, and regularly monitor for unauthorized access.

Article Link


CISA Adds Progress Kemp LoadMaster, Palo Alto Networks Pan-Os, and Expedition Bugs to Its Known Exploited Vulnerabilities Catalog

Source: Security Affairs

CISA added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474. These flaws impact Progress Kemp LoadMaster and Palo Alto Networks PAN-OS and Expedition. CVE-2024-1212 enables unauthenticated attackers to execute system commands on Progress Kemp LoadMaster devices, while CVE-2024-0012 allows attackers to bypass authentication on PAN-OS management interfaces to gain administrative access. CVE-2024-9474 lets administrators escalate privileges to root on PAN-OS firewalls. Federal agencies must address these vulnerabilities by December 5, 2024, and private organizations are urged to review and mitigate these risks to secure their systems.

Article Link


Oracle Patches Exploited Agile PLM Vulnerability (CVE-2024-21287)

Source: Help Net Security

Oracle issued a security patch to address CVE-2024-21287, a critical vulnerability in the Oracle Agile PLM Framework actively targeted by attackers. This flaw affects version 9.3.6 of the Agile PLM Framework, specifically the Agile Software Development Kit and the Process Extension components. It allows unauthenticated remote attackers to access sensitive data over HTTP and HTTPS protocols. Oracle strongly advises users to apply the provided updates promptly to mitigate potential risks.

Article Link


SPECIAL REPORTS

Google Report Shows CISOs Must Embrace Change to Stay Secure

Source: Help Net Security

A Google report with Hypothesis Group highlights the inadequacy of traditional security measures against evolving threats. 96% of security leaders express confidence in managing their environments, and 63% admit security has weakened due to hybrid work models and generative AI adoption. The study reveals that 61% of companies now use more security tools than two years ago, but this has not reduced incidents or costs. Organizations with ten or more tools face higher incident rates and expenses than those with fewer tools.? Mid-sized enterprises are vulnerable due to outdated technologies and are increasingly open to cloud-native, unified security solutions. The report urges Chief Information Security Officers to consolidate tools and adopt secure-by-design strategies instead of incremental fixes.

Article Link


Ransomware Gangs on Recruitment Drive for Pen Testers

Source: Infosecuirty Magazine

Ransomware gangs are recruiting penetration testers to strengthen their attacks, as revealed in Cato Networks' Q3 2024 report. Job postings on the Russian Anonymous Marketplace (RAMP) seek experts to ensure ransomware deployment success. This trend shows the growing sophistication of ransomware-as-a-service (RaaS) operations with advanced tools like locker source code sold for $45,000–lowering the entry barrier for cybercriminals. Organizations must adopt robust security measures to counter these evolving threats.

Article Link


Companies Take Over Seven Months to Recover From Cyber Incidents

Source: Infosecurity Magazine

A Fastly report reveals organizations take an average of 7.34 months to fully recover from cybersecurity incidents–significantly longer than the 5.85 months predicted by IT decision-makers (ITDMs). Recovery activities include implementing stronger security measures (43%), offering employee training (41%), restoring backups (38%), stakeholder communication (34%), and forensic analysis (25%). Companies reducing cybersecurity investments face even longer recovery times, averaging 10.88 months. 86% of respondents have improved patch deployment processes following high-profile incidents.

Article Link


Finding value in this newsletter? Like or share this post on LinkedIn

Greg T.

Founder and CEO Cybersecurity Consulting & Recruitment

6 天前

Thanks for the comprehensive update, Marcos. The surge in ransomware attacks, especially targeting cloud services, is alarming. Emphasizing secure-by-design strategies for hybrid environments is essential for staying ahead of these threats. ??

Kip Boyle

Cyber Resilience Thought Leader | CEO, Cyber Risk Opportunities | Cybersecurity LinkedIn Learning Course Instructor | Co-host Cyber Risk Management Podcast | Amazon Best Selling Author | International Keynote Speaker

1 周

The story out of Infosecurity Magazine is particularly useful in my ongoing efforts to educate senior decision makers about the high levels of sophistication many cyber-attackers operate at: "Ransomware gangs are recruiting penetration testers to strengthen their attacks, as revealed in Cato Networks' Q3 2024 report." Thanks Marcos Christodonte II and Beth Maundrill and Cato Networks!

要查看或添加评论,请登录

Marcos Christodonte II的更多文章

  • CISO Daily Update - November 29, 2024

    CISO Daily Update - November 29, 2024

    NEW DEVELOPMENTS GoodSmile Data Breach: Customers Report Credit Card Theft After Security Compromise Source: Daily…

  • CISO Daily Update - November 28, 2024

    CISO Daily Update - November 28, 2024

    NEW DEVELOPMENTS RansomHub Gang Says It Broke Into Networks of Texas City, Minneapolis Agency Source: The Record The…

  • CISO Daily Update - November 27, 2024

    CISO Daily Update - November 27, 2024

    NEW DEVELOPMENTS Starbucks Shifts to Manual Processes After Contractor Ransomware Attack Source: Hackread A recent…

    1 条评论
  • CISO Daily Update - November 26, 2024

    CISO Daily Update - November 26, 2024

    NEW DEVELOPMENTS Hackers Allegedly Claiming Breach of DDOT Database Breach Source: Cyber Press Hackers claimed to…

    1 条评论
  • CISO Daily Update - November 25, 2024

    CISO Daily Update - November 25, 2024

    NEW DEVELOPMENTS Andrew Tate’s University Breach: 1 Million User Records and Chats Leaked Source: Hackread Andrew…

  • CISO Daily Update - November 22, 2024

    CISO Daily Update - November 22, 2024

    NEW DEVELOPMENTS 120 Million URL Login-Password Combinations Surfaced on Dark Web Platforms Source: Cyber Press A…

  • CISO Daily Update - November 21, 2024

    CISO Daily Update - November 21, 2024

    NEW DEVELOPMENTS Fintech Giant Finastra Confirms It’s Investigating a Data Breach Source: TechCrunch Leading financial…

    4 条评论
  • CISO Daily Update - November 19, 2024

    CISO Daily Update - November 19, 2024

    NEW DEVELOPMENTS AnnieMac Data Breach Impacts 171,000 People Source: Security Week AnnieMac Home Mortgage disclosed a…

  • CISO Daily Update - November 18, 2024

    CISO Daily Update - November 18, 2024

    NEW DEVELOPMENTS T-Mobile Confirms It Was Hacked in Recent Wave of Telecom Breaches Source: Bleeping Computer T-Mobile…

    1 条评论
  • CISO Daily Update - November 15, 2024

    CISO Daily Update - November 15, 2024

    NEW DEVELOPMENTS Alltech Consulting Data Breach Exposes Over 216,000 Job Seekers’ Personal Information Source: Daily…