CISO Daily Update - October 21, 2024
NEW DEVELOPMENTS
Internet Archive Breached Again Through Stolen Access Tokens
Source: Bleeping Computer
The Internet Archive suffered another security breach, this time due to exposed GitLab authentication tokens in its Zendesk email support platform. This breach compromised over 800,000 support tickets. Despite prior warnings, the organization failed to secure the tokens–allowing unauthorized access. This incident follows earlier incidents, such as a DDoS attack and the theft of 33 million users' data.?
Omni Family Health Data Breach Impacts 470,000 Individuals
Source: Security Week
California-based healthcare provider Omni Family Health reported a data breach affecting nearly 470,000 patients and employees. In August, the organization discovered that sensitive information, including names, social security numbers, medical records, and employees' financial details, had been posted on the dark web. The Hunters International ransomware gang is suspected of stealing and leaking 2.7TB of data during the attack.
Microsoft Lost Some Customers’ Cloud Security Logs
Source: Help Net Security
Microsoft recently lost several weeks of critical cloud security logs–affecting services like Azure Logic Apps, Microsoft Sentinel, and Microsoft Entra. The problem arose from a bug in Microsoft's internal monitoring agent during a bug fix rollout–causing incomplete logs starting on September 2, 2024. Despite a temporary workaround, some data remains irrecoverable, impacting security alerts and threat analysis. Previous criticisms over Chinese hackers breaching U.S. government email accounts had already prompted Microsoft to improve logging accessibility.
Cisco Investigating Cyber Security Incident, Takes DevHub Portal Offline
Source: Cyber Security News
Cisco is investigating a potential cybersecurity incident after IntelBroker allegedly gained unauthorized access to its DevHub portal using an exposed API token. While Cisco has not confirmed a system breach, it acknowledged that a few unauthorized files may have been publicly exposed. As a precaution, the company took the DevHub portal offline and is working with law enforcement to evaluate the situation. Cisco assured customers that no sensitive personal or financial data appears compromised but will notify them if any further issues arise.
23andMe Faces an Uncertain Future — So Does Your Genetic Data
Source: TechCrunch
23andMe, once a leading genetic testing company, faces an uncertain future after a major data breach that exposed the personal and genetic information of nearly 7 million users. The company has also experienced a 99% decline in value since 2021. Despite resisting third-party takeovers, concerns remain about the potential sale of customer data. Privacy advocates are urging users to delete their accounts to protect their genetic information since 23andMe operates outside of HIPAA regulations and relies on its own privacy policies–which could change if ownership shifts.
Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries
Source: Hackread
The Gorilla Botnet, based on the infamous Mirai, has infected over 300,000 devices in 100 countries. It installs persistent services, making it tough to remove from compromised systems. To counter this, organizations need to bolster their defenses by using firewalls to block suspicious traffic, deploy intrusion detection systems (IDS) to spot unusual activity and adopt cloud-based DDoS protection to reduce downtime from large-scale attacks. Strengthening these defenses is critical to containing this rapidly spreading global threat.
Microsoft Creates Fake Azure Tenants to Pull Phishers Into Honeypots
Source: Bleeping Computer
Microsoft is taking a proactive stance against phishing by setting up realistic Azure tenant honeypots to bait attackers and gather intelligence. These fake environments mimic legitimate activity, allowing Microsoft to study attackers' methods and disrupt phishing campaigns. By feeding credentials to around 5% of the 25,000 phishing sites it tracks daily, Microsoft collects data on attackers' IP addresses, behaviors, and techniques, slowing them down for up to 30 days. This approach helps attribute attacks to both financially motivated criminals and state-sponsored groups.
领英推荐
VULNERABILITIES TO WATCH
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Source: The Hacker News
Hackers are actively exploiting a cross-site scripting (XSS) vulnerability in Roundcube webmail (CVE-2024-37383) to steal login credentials through malicious JavaScript embedded in specially crafted emails. This flaw was used in a phishing attack targeting government organizations in the Commonwealth of Independent States (CIS). The attack tricks victims into opening emails that run JavaScript, allowing attackers to capture and exfiltrate login details to remote servers. Although Roundcube's usage is limited, its adoption by government entities makes it a prime target for cybercriminals. Strengthening security measures is essential to prevent future attacks.
Severe Flaws in E2EE Cloud Storage Platforms Used by Millions
Source: Bleeping Computer
Researchers from ETH Zurich discovered critical vulnerabilities in five popular end-to-end encrypted (E2EE) cloud storage platforms—Sync, pCloud, Icedrive, Seafile, and Tresorit—putting the data of over 22 million users at risk. These flaws enable attackers to tamper with files, inject malicious data, and manipulate encryption keys. While some vendors have started addressing these issues, Icedrive refused to act, and platforms like Sync and pCloud are still working on fixes. Tresorit showed fewer vulnerabilities but is planning further improvements.?
MacOS Safari 'HM Surf' Exploit Exposes Camera, Mic, Browser Data
Source: Darkreading?
A security flaw in Safari (CVE-2024-44133) gave attackers a way to exploit macOS devices and access sensitive data like browsing history, camera, and microphone without user consent. Microsoft researchers named this exploit "HM Surf," as it bypassed Apple's Transparency, Consent, and Control (TCC) security layer using Safari's special entitlements. Although Apple issued a fix in September 2024, there are signs that the AdLoad adware, known for hijacking browser traffic and harvesting data, may have already taken advantage of this vulnerability.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) Adds Veeam Backup and Replication Vulnerability to its Known Exploited Vulnerabilities Catalog
Source: Security Affairs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical Veeam Backup and Replication vulnerability (CVE-2024-40711, CVSS score 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw enables unauthenticated remote code execution and has been actively exploited by ransomware groups like Fog and Akira. Attackers have used compromised credentials and unsecured VPN gateways to infiltrate networks, create rogue accounts, and deploy ransomware. CISA has set a November 7, 2024, deadline for federal agencies to patch the vulnerability.
SPECIAL REPORTS
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches
Source: Darkreading
A recent survey shows that 75% of CISOs feel overwhelmed by the number of threat detection tools, yet they still struggle to effectively detect breaches. Despite global cybersecurity spending expected to reach $215 billion by the end of 2024, 44% of CISOs admitted to missing a breach within the past year. The main challenge is monitoring hybrid cloud environments and encrypted data-in-motion, where most malware hides. In response, CISOs are focusing on improving visibility into encrypted traffic and plan to optimize their current tools rather than expanding their toolsets in 2025.
Microsoft Named Most Imitated Brand in Phishing Attacks
Source: Infosecurity Magazine
Microsoft emerged as the most imitated brand in phishing attacks during Q3 2024, with 61% of phishing attempts using its branding, according to Check Point Research. Apple followed with 12%, while Google climbed to third with 7%. Alibaba made its debut in the top 10 at seventh, and Adobe returned to the list at eighth. Phishing schemes have grown more sophisticated, including fake Alibaba websites and WhatsApp-related scams seeking personal information. The tech industry remains the most targeted, followed by social networks and banking.
Zero-Day Exploits Swelled in 2023: Mandiant
Source: Cybersecurity Dive
In 2023, 70% of the 138 actively exploited vulnerabilities tracked by Mandiant were zero-day exploits–demonstrating a rising trend in attackers exploiting software flaws before vendors release patches. Mandiant's analysis revealed that Microsoft, Apple, and Google products were primary targets, but attacks have expanded to a wider array of vendors, increasing unpredictability for defenders. The ongoing use of unsafe memory code contributes significantly to zero-day vulnerabilities, with 75% of exploits linked to memory-safety issues. And the growing number of technologies and platforms is broadening attack surfaces–making it harder for defenders to keep pace.
Finding value in this newsletter? Like or share this post on LinkedIn
Cyber Resilience Thought Leader | CEO, Cyber Risk Opportunities | Cybersecurity LinkedIn Learning Course Instructor | Co-host Cyber Risk Management Podcast | Amazon Best Selling Author | International Keynote Speaker
5 个月Just yesterday on YouTube I watched a presentation by Ross Bevington, a principal security software engineer at Microsoft, at the BSides Exeter conference. He talked about how they're using honeypots to push back against phishers in M365. Super glad to see his preso show up in today's Update. ?? Thanks Marcos!!