CISO Daily Update - November 4, 2024
NEW DEVELOPMENTS
LA Housing Authority Confirms Breach Claimed by Cactus Ransomware
Source: Bleeping Computer
The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack on its IT network, attributed to the Cactus ransomware group. HACLA provides affordable housing and assistance programs to low-income families, children, and seniors in Los Angeles. The organization has engaged external forensic specialists to investigate and respond to the incident. While HACLA's systems remain operational, the extent of data exposure or theft has not been disclosed. The Cactus ransomware gang claims to have stolen 891 GB of data, including PII, database backups, and financial documents.
California Court Suffering From Tech Outages After Cyberattack
Source: The Record
The San Joaquin County Superior Court in California is grappling with extensive technology outages following a cyberattack last week. The incident disrupted all digital services, including phone and fax lines, e-filing platforms, credit card payment processing, and juror reporting websites. Some jurors scheduled for this week have been excused. The court has engaged cybersecurity experts to investigate and remediate the issue but has not provided a timeline for restoring services. No group has claimed responsibility for the attack.?
US Election 2024 – FBI Warning About Fake Election Videos
Source: Security Affairs
U.S. intelligence agencies have identified Russian operatives as the creators of a fabricated video falsely depicting Haitian immigrants voting illegally in Georgia. This disinformation aims to undermine the integrity of the U.S. electoral process and sow discord among Americans. The FBI, Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency have issued warnings about such foreign interference. Georgia's Secretary of State, Brad Raffensperger, labeled the video as "obviously fake" and urged social media platforms to remove it. Authorities anticipate further Russian disinformation efforts leading up to and following Election Day.?
LastPass Warns of Fake Support Centers Trying to Steal Customer Data
Source: Bleeping Computer
LastPass alerted users to a scam involving fraudulent customer support numbers posted in 5-star reviews of its Chrome extension. These reviews direct users to call a fake support line, where scammers impersonate LastPass representatives and guide callers to a malicious website to download remote support software. This tactic aims to gain unauthorized access to users' computers and sensitive information. LastPass emphasizes that it does not offer phone-based support and advises users to seek assistance exclusively through official channels.
DDoS Attacks Service Provider Websites Seized by Authorities
Source: Cyber Security News
In a coordinated international effort, authorities have dismantled a major DDoS-for-hire service platform, arresting two suspects and seizing online platforms used for cyberattacks. The operation, named "PowerOFF," involved agencies from Germany, the United States, and other countries–targeting a criminal network that facilitated paid Distributed Denial of Service (DDoS) attacks. This takedown follows a similar action in December 2022, where authorities dismantled 48 DDoS services. These services allowed clients to overwhelm targeted websites and networks to cause significant disruptions.
ChatGPT-4o Can Be Used for Autonomous Voice-Based Scams
Source: Bleeping Computer
Researchers from the University of Illinois Urbana-Champaign have demonstrated how OpenAI’s ChatGPT-4o, equipped with real-time voice capabilities, can be exploited for autonomous financial scams. By bypassing ChatGPT-4o's safeguards, they simulated scams involving bank transfers, gift card exfiltration, crypto transfers, and credential theft–achieving success rates of 20-60%. The AI navigated websites, handled two-factor authentication, and imitated IRS agents. While OpenAI has improved its latest model o1 with stronger defenses, the research emphasizes the potential for abuse in voice-enabled AI tools. The researchers note low costs per scam attempt with some costing as little as $0.75.
VULNERABILITIES TO WATCH
Microsoft SharePoint RCE Bug Exploited to Breach Corporate Network
Source: Bleeping Computer
A critical remote code execution (RCE) vulnerability in Microsoft SharePoint (CVE-2024-38094) was exploited to infiltrate corporate networks. Despite Microsoft's patch release in July 2024, attackers have leveraged this flaw to gain unauthorized access, move laterally, and compromise entire domains. CISA added this vulnerability to its Known Exploited Vulnerability Catalog.
领英推荐
Critical Auth Bugs Expose Smart Factory Gear to Cyberattack
Source: Darkreading
Critical security vulnerabilities in factory automation software from Mitsubishi Electric and Rockwell Automation expose smart factories to significant cyber threats–including remote code execution (RCE), denial-of-service (DoS), and authentication bypass. CISA issued a warning detailing these issues, with vulnerabilities like Mitsubishi’s CVE-2023-6943 and Rockwell’s CVE-2024-10386, each carrying a high CVSS score of 9.8. These flaws could enable attackers to manipulate databases, bypass authentication, or disrupt industrial processes. Both manufacturers have provided patches and urge immediate implementation as cyberattacks on industrial control systems (ICS) by state actors increase–particularly from Russia and China.
Azure AI Vulnerabilities Allowed Attacks to Bypass Moderation Safeguards
Source: Hackread
Researchers from Mindgard discovered critical vulnerabilities in Microsoft’s Azure AI Content Safety Service, allowing attackers to bypass moderation safeguards and insert harmful content. These vulnerabilities were disclosed to Microsoft in March 2024 and mitigated by October. Impacted guardrails include AI Text Moderation and Prompt Shield, which protect AI models from harmful content injection. Mindgard identified two main techniques for bypassing these safeguards: character injection, where attackers alter text with special symbols to evade moderation, and adversarial machine learning (AML), which manipulates data to mislead AI predictions.?
Okta AD/LDAP Authentication Vulnerability Allows Unauthorized Access
Source: Cyber Security News
Okta addressed a critical vulnerability in its Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) Delegated Authentication system that allowed unauthorized access. The flaw (CVE-2024-0981) stemmed from using the Bcrypt algorithm to generate cache keys for authentication. Under specific conditions, such as high traffic or agent downtime, users could authenticate using only a username–bypassing password verification. Okta resolved the issue by switching to the PBKDF2 algorithm and recommends that administrators review logs from the past three months to detect potential exploitation.
Hikvision Network Camera Flaw Let Attackers Intercept Dynamic DNS Credentials
Source: Cyber Security News
A critical vulnerability in Hikvision network cameras has exposed thousands of devices to potential unauthorized access due to cleartext transmission of Dynamic DNS (DDNS) credentials over HTTP rather than HTTPS. Affected models, which include popular DS-2CD and IPC series cameras, are widely used in sensitive and critical infrastructure locations across 100 countries. Attackers can exploit this flaw through man-in-the-middle attacks to capture DDNS credentials, gain access to video feeds, and manipulate camera connections. Hikvision addressed this with new firmware updates, enforcing HTTPS for DDNS communication, and strongly advises users to update firmware, enforce strong passwords, isolate camera networks, and monitor for access attempts.
SPECIAL REPORTS
50% of Financial Orgs Have High-Severity Security Flaws in Their Apps
Source: Help Net Security?
A recent Veracode report reveals that 76% of financial services organizations carry security debt—flaws remaining unfixed for over a year—with 50% harboring critical vulnerabilities. Despite 40% of financial sector applications having security debt, slightly better than the 42% cross-industry average, the sector accumulates more severe issues. Notably, 84% of security debt affects first-party code, while 78.6% of critical debt stems from third-party dependencies. The report calls for financial institutions to address the first-party and third-party code vulnerabilities to mitigate risks and comply with evolving cybersecurity regulations.
Executives Worry Over Aging IT Systems
Source: Cybersecurity Dive
A recent Kyndryl report highlights that while 90% of executives believe their company's technology is top-tier, nearly two-thirds are concerned about outdated systems. Data shows that 44% of mission-critical IT infrastructure is nearing or has reached end-of-life status. This aging technology, often referred to as technical debt, poses significant risks to operations and security. Michael Bradshaw, Kyndryl's SVP and global practice leader for applications, data, and AI, emphasizes the challenge of identifying these issues without comprehensive IT asset management. He likens the process to an "archaeological dig," where problems remain hidden until they cause disruptions. The report calls for balancing investments in new technologies with the maintenance and upgrading of existing systems to ensure operational resilience and security.
AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks
Source: Darkreading
AU10TIX's Q3 2024 Global Identity Fraud Report reveals a significant surge in automated bot attacks targeting social media platforms, escalating from 3% in Q1 to 28% in Q3. This increase is linked to the upcoming U.S. presidential election, with fraudsters employing AI-driven impersonation bots and deepfake technologies to create synthetic selfies that can bypass verification systems. The report calls for advanced detection methods, such as analyzing behavior at the traffic level, to combat these sophisticated fraud tactics.
Finding value in this newsletter? Like or share this post on LinkedIn