CISO Daily Update - November 26, 2024
NEW DEVELOPMENTS
Hackers Allegedly Claiming Breach of DDOT Database Breach
Source: Cyber Press
Hackers claimed to breach the District Department of Transportation (DDOT) database—with reported transportation and personnel data on the dark web. The exact volume and specifics are unclear. The breach reportedly includes operational records and employee personal details. Public sector cybersecurity agencies like DDOT often manage critical infrastructure with limited security budgets. DDOT is investigating the claims.
New York Secures $11.3m from Insurance Firms in Data Breach Settlement
Source: Infosecurity Magazine
New York secured a $11.3 million settlement from GEICO and Travelers following data breaches that exposed the sensitive information of over 120,000 residents. Investigations revealed the companies' cybersecurity failures, including poor data security practices and lack of compliance with the New York State Department of Financial Services cybersecurity regulations. GEICO's breach stemmed from attacks exploiting vulnerabilities in its quoting tools, while Travelers' breach involved compromised agent credentials and the absence of multifactor authentication. GEICO will pay $9.75 million and Travelers $1.55 million. Both firms are committing to enhanced cybersecurity measures, including logging systems, threat response protocols, and comprehensive data security programs to protect consumers' private information.
Massive Credit Card Database Leaked on Hacking Forums
Source: Cyber Press
A massive data breach exposed a database of over 1.2 million credit card records on the dark web—including card numbers, expiration dates, CVV codes, and potentially personal details. Cybercriminals can exploit this information for fraud and identity theft, posing immediate and long-term risks to victims. The breach is likely due to poor encryption or a targeted attack on a financial institution. Experts urge affected cardholders to monitor accounts, enable alerts, and report suspicious activity.
Columbus Data Leak Has Exposed Half a Million Residents City Offers Limited Protection
Source: Daily Security Review
A significant data breach in Columbus potentially exposed the personal information of up to 500,000 residents. Despite the extensive scope of the breach, the city's response faced criticism for offering credit monitoring and identity theft protection services to only a limited number of individuals. This disparity raised concerns about the adequacy of the city's measures to safeguard affected residents.?
DOJ: Man Hacked Networks to Pitch Cybersecurity Services
Source: Bleeping Computer
A Kansas City man, Nicholas Michael Kloster was indicted for hacking into the networks of a gym chain and a nonprofit organization to promote his cybersecurity services. Kloster allegedly breached the systems, accessed sensitive areas like security cameras and router settings, and then emailed the victims offering to improve their cybersecurity. Charged with two counts of unauthorized computer access and one attempted breach, he faces up to five years in federal prison per count if convicted.
Microlise Confirms Data Breach as Ransomware Group Steps Forward
Source: Security Week
A UK-based vehicle tracking solutions provider Microlise confirmed a data breach following an October cyberattack. Disrupted services for clients such as DHL and Serco and affects tracking systems and panic alarms in vehicles. Microlise reported that customer systems data remained uncompromised but corporate data from its headquarters was stolen. The SafePay ransomware group claimed responsibility for the theft of 1.2 terabytes of data. Microlise notified international authorities and is collaborating with cybersecurity experts to restore services and enhance security measures.?
Microsoft 365 Outage Impacts Exchange Online, Teams, SharePoint
Source: Bleeping Computer
On November 25, 2024, Microsoft 365 experienced an outage affecting services such as Exchange Online, Microsoft Teams, and SharePoint Online. Users reported issues accessing these platforms, with problems extending to OneDrive, Purview, Copilot, and both web and desktop versions of Outlook. Microsoft acknowledged the disruption attributing it to a recent change. The company deployed a fix and continues to monitor the situation to ensure service stability.?
VULNERABILITIES TO WATCH
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking
Source: Security Week
Critical vulnerabilities in mySCADA's myPRO HMI/SCADA product potentially allow remote, unauthenticated attackers to compromise affected systems. These flaws include OS command injection, improper authentication, and path traversal issues. Exploitation could enable attackers to execute arbitrary commands with elevated privileges and access sensitive files. mySCADA addressed these vulnerabilities in myPRO Manager version 1.3 and myPRO Runtime version 9.2.1. Users are strongly advised to update to these versions to mitigate associated risks.
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
Source: Security Week
The Helldown ransomware group exploits a command injection vulnerability (CVE-2024-42057) in Zyxel firewalls to establish initial networks. The flaw allows unauthenticated remote OS command execution and affects devices configured in User-Based-PSK authentication mode with usernames exceeding 28 characters. Zyxel patched this and related vulnerabilities in firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices. Despite the fix, attackers have targeted older firmware versions (4.32 to 5.38) to create rogue user accounts and compromise systems via SSL VPN tunnels. Zyxel and cybersecurity experts urge immediate firmware upgrades or disabling remote access to unpatched devices to mitigate ongoing threats. Helldown ransomware exploited this flaw in multiple attacks.
Bing.com XSS Vulnerability Let Attackers Send Crafted Malicious Requests
Source: Cyber Security News
A critical cross-site scripting (XSS) vulnerability named "BingBang," allowed attackers to inject malicious scripts into Bing’s Content Management System (CMS)—compromising Office 365 tokens and exposing sensitive data, including emails, calendars, Teams messages, SharePoint documents, and OneDrive files. Attackers could also manipulate search results to facilitate phishing and misinformation campaigns. Microsoft resolved the issue by patching affected applications and improving Azure Active Directory (AAD) configurations. Administrators are urged to review application settings, enforce secure multi-tenant access configurations, and monitor activity logs for potential threats to prevent similar vulnerabilities.
Multiple Vulnerabilities In Veritas Enterprise Vault Let Attackers Execute Remote Code
Source: Cyber Security News
Multiple critical vulnerabilities identified in Veritas Enterprise Vault allow attackers to execute remote code. These flaws include a high-severity issue with a CVSSv3 score of 7.2 that could enable privileged attackers to escalate their privileges to the root policy, compromising the entire Vault instance. The vulnerability stems from mishandling entries in Vault’s in-memory entity cache, allowing manipulation of cached entity records through the identity API. Veritas released patched versions to address these vulnerabilities. Users are strongly advised to upgrade to the latest versions to mitigate potential risks.
Critical QNAP Vulnerability Let Attackers Execute Remote Code
Source: Cyber Security News
Two critical vulnerabilities CVE-2024-48860 and CVE-2024-48861 identified in QNAP’s QuRouter (version 2.4.x) allow remote command injection and potential unauthorized system control. These vulnerabilities could lead to data breaches and system compromise. QNAP addressed the issue by releasing firmware update 2.4.3.106 and urges users to apply it immediately to mitigate risks. Updating involves logging into the QuRouter, navigating to the firmware section, and installing the latest version. Regular updates and proactive security measures are essential to safeguard against evolving cyber threats, as highlighted by the contributions of Midnight Blue and PHP Hooligans in identifying these flaws.
SPECIAL REPORTS
IoT Device Traffic Up 18% as Malware Attacks Surge 400%
Source: Infosecurity Magzine
In 2024, Internet of Things (IoT) device traffic increased by 18%, accompanied by a 400% surge in malware attacks targeting these devices according to Zscaler's recent findings. Botnet malware families like Mirai and Gafgyt comprised 66% of the attack payloads. The manufacturing sector experienced over three times the weekly attacks compared to other industries for 54.5% of all malware attacks. Disruptions in manufacturing can significantly impact supply chains, defense, finance, and retail sectors. The United States remains a primary focus for malware developers due to its extensive digital infrastructure. Zscaler recommends monitoring IoT devices, implementing multi-factor authentication, educating employees on IoT risks, and enforcing zero-trust architecture with least-privileged access and network segmentation.
Advanced Cyber Threat Predictions for 2025
Source: Cyber Press
Advanced cyber threats in 2024 have surged with a 25% increase in advanced persistent threats and sophisticated attacks targeting cryptocurrency investors and critical infrastructure. Hacktivists driven by geopolitical conflicts are leveraging DDoS attacks and breaches while vulnerabilities in widely used software and hardware have enabled botnets and credential theft. Generative AI amplified phishing efficiency and managed file transfer systems remain a key target. 2025 predictions highlight rising risks from IoT device exploitation, deepfake impersonations, and malware developed in C++ and Go. Organizations must enhance cybersecurity defenses to address these evolving challenges.
Finding value in this newsletter? Like or share this post on LinkedIn
The recent DDOT data breach and multiple other incidents emphasize the urgent need for robust cybersecurity practices and continuous monitoring. Organizations must enhance their defenses, particularly concerning third-party vendors, to mitigate risks effectively Marcos Christodonte II