CISO Daily Update - November 21, 2024
NEW DEVELOPMENTS
Fintech Giant Finastra Confirms It’s Investigating a Data Breach
Source: TechCrunch
Leading financial software provider Finastra is investigating a data breach involving its internally hosted Secure File Transfer Platform (SFTP). Disclosed on November 7, the breach reportedly exposed 400GB of data including client files and internal documents–with initial evidence pointing to compromised credentials as the entry point. The company is working to identify affected customers and assess the scope of impacted data while ensuring communication with clients. Investigations into the incident's root cause and scope are ongoing.
Ford Blames Third-Party Supplier for Data Breach
Source: Security Week
Ford confirmed that recent claims of a data breach involving 44,000 customer records are unfounded, stating that its systems and customer data were not compromised. An investigation revealed that the leaked information, which included publicly available dealer business addresses, originated from a third-party supplier. Ford emphasized that the matter had been resolved and that the leaked data did not contain sensitive or private information.
US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data
Source: Hackread
A social network for U.S. and U.K. military personnel Forces Penpals exposed the sensitive data of over 1.1 million users due to a misconfigured server. The leaked information includes images, full names, mailing addresses, social security numbers (SSNs), National Insurance Numbers, and proof of service documents. The company attributed the breach to a coding error that left a directory publicly accessible and has since secured the database. It remains unclear whether malicious actors accessed the exposed data.?
Healthcare Org Equinox Notifies 21K Patients and Staff of Data Theft
Source: The Register
New York-based health services organization Equinox notified over 21,000 clients and employees of a data breach on April 29, 2024. The breach exposed sensitive information, including names, addresses, social security numbers, health insurance details, and medical data. The LockBit ransomware group claimed responsibility for stealing 49GB of data. In response, Equinox secured its systems, enlisted cybersecurity experts, and launched an investigation to address the incident.
TSA Not Monitoring Transportation Sector Efforts to Stop Ransomware, Watchdog Says
Source: The Record
The U.S. Government Accountability Office (GAO)? criticized the TSA for failing to address four of six cybersecurity recommendations since 2018. The TSA has yet to align its security directives with National Institute of Standards and Technology (NIST) ransomware practices, assess sector-wide adoption of cybersecurity measures, or develop a plan for securing internet-connected devices. Industry leaders also expressed concerns about TSA's proposed rule requiring sensitive cybersecurity data submission, citing potential security vulnerabilities. The TSA acknowledged challenges.
VULNERABILITIES TO WATCH
Apple Urgently Patches Actively Exploited Zero-Days
Source: Darkreading?
Apple released security updates to address two actively exploited zero-day vulnerabilities affecting iOS, iPadOS, macOS, visionOS, and the Safari web browser. The first vulnerability, CVE-2024-44308, is a flaw in JavaScriptCore that could lead to arbitrary code execution. The second, CVE-2024-44309, is a cookie management issue in WebKit that could result in cross-site scripting (XSS) attacks when processing malicious web content. Both vulnerabilities were discovered by Clément Lecigne and Beno?t Sevens of Google's Threat Analysis Group (TAG). Apple addressed these issues by implementing better checks and improved state management. Users should update their devices to iOS 18.1.1, macOS Sequoia 15.1.1, and iOS 17.7.2 to mitigate potential risks.?
Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package
Source: The Hacker News
The Qualys Threat Research Unit disclosed multiple vulnerabilities in the 'needrestart' package, installed by default in Ubuntu Server since version 21.04, allowing local attackers to gain root privileges. Including CVE-2024-48990, CVE-2024-48991, and others, exploit environment variables and race conditions, enabling arbitrary code execution. Identified in 2014, these vulnerabilities have now been addressed with patches in needrestart version 3.8. Users are urged to update immediately with a temporary workaround available by disabling interpreter scanners in the configuration file.
Trend Micro Deep Security Vulnerability Let Attackers Execute Remote Code
Source: Cyber Security News
Trend Micro identified a critical security vulnerability in its Deep Security Agent for Windows, which could allow attackers to execute arbitrary code on affected systems. This vulnerability, tracked as CVE-2024-51503 with a CVSS score of 8.0, enables attackers to escalate privileges and inject malicious code remotely within a domain. Administrators are strongly advised to update to Deep Security Agent version 20.0.1-21510 for Windows.
Atlassian Sourcetree For Mac & Windows Flaw Let Attackers Execute Remote Code
Source: Cyber Security News
CVE-2024-21697, a critical vulnerability in Atlassian's Sourcetree for Mac and Windows allows unauthenticated remote code execution. The flaw, affecting versions 4.2.8 and 3.4.19 respectively,? could enable attackers to take full control of targeted systems. Atlassian released patches for Mac version 4.2.9, and Windows version 3.4.20 and urges immediate updates to mitigate the risk. Users must update promptly and follow best security practices to protect their systems. No active exploitation was reported.
CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks
Source: GB Hackers
CISA issued an urgent advisory regarding a critical vulnerability in Progress Kemp LoadMaster, a widely used load balancing and application delivery solution. Identified as CVE-2024-1212, this OS command injection flaw allows remote, unauthenticated attackers to execute arbitrary commands on affected systems, potentially leading to full system compromise. Discontinuing the use of the product is recommended until a solution is implemented and fixes are available.
SPECIAL REPORTS
Overreliance on GenAI to Develop Software Compromises Security
Source: Help Net Security?
Overreliance on Generative AI (GenAI) in software development can compromise security. Legit Security found that 96% of security and software development professionals report their companies use GenAI-based solutions for building or delivering applications. However, 84% of security professionals are concerned about using code assistants, citing unknown and potentially malicious code as their primary concern. Additionally, 85% of developers and 75% of security professionals have security concerns over relying too much on GenAI solutions to develop software. Organizations should implement robust security measures, maintain human oversight, and ensure transparency in AI-generated code.
60% of Emails with QR Codes Classified as Spam or Malicious
Source: Infosecurity Magazine
Researchers have identified a significant rise in phishing attacks utilizing QR codes, a tactic known as "quishing." These attacks involve embedding malicious QR codes in emails. When scanned, they direct users to fraudulent websites that steal personal information or deploy malware. This method allows attackers to bypass traditional security measures that may not scrutinize QR codes as rigorously as standard URLs. Users are advised to verify the legitimacy of such communications and avoid scanning QR codes from untrusted sources to mitigate potential security risks.
OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs
Source: Infosecurity Magazine
The OWASP Top 10 for LLMs 2025 highlights growing risks in generative AI, with "Sensitive Information Disclosure" now the second-most critical threat–up from sixth in 2023. This involves unintentional exposure of private data during AI interactions. "Supply Chain Vulnerabilities" rose to third, reflecting risks like poisoned models and tainted datasets. New additions include "System Prompt Leakage," where sensitive prompts guide model behavior but may be exploited, and "Vector and Embedding Weaknesses," tied to Retrieval-Augmented Generation methods. Despite these risks, OWASP notes rapid advancements in AI security tools, offering developers better options to mitigate vulnerabilities in generative AI systems.
One Deepfake Digital Identity Attack Strikes Every Five Minutes
Source: Infosecurity Magazine
Deepfake identity attacks are escalating, with Entrust reporting an average of one attack every five minutes in 2024. Deepfakes now represent 24% of fraudulent attempts to bypass motion-based biometric checks, a common authentication method by banks and service providers. These sophisticated attacks leverage AI tools to manipulate video or photo feeds, bypassing Know Your Customer (KYC) verifications and enabling account hijacking or fraudulent account creation. Entrust also warns of deepfake misuse in scams, fake endorsements, and disinformation campaigns. Businesses are urged to adapt security strategies proactively to counter these fast-evolving threats.
Attackers Wield Password-Spray Attacks to Zero-In on Targets, Research Finds
Source: Cybersecurity Dive
According to Trellix, password-spraying attacks targeting sectors like education, energy, and transportation are surging in North America and Europe. These attacks exploit weak passwords across cloud-based systems like Microsoft 365 and Google Workspace. Notable incidents include a Russia-linked group accessing Microsoft executive emails undetected for months. Trellix urges organizations to enforce multifactor authentication and strong password policies but warns attackers evolving with social engineering and AI-driven methods to bypass defenses.
Finding value in this newsletter? Like or share this post on LinkedIn
CISO | Cybersecurity | CISM | Leadership | Digital Writer
1 天前Great share as usual. You inputs are valuable to the cyber community. Thanks Marcos Christodonte II
Cyber Risk Quantification Specialist I Helping organizations act on cyber risks with actionable data & threat intelligence
1 天前wow! thanks for the updates Marcos!