CISO Daily Update - October 22, 2024
NEW DEVELOPMENTS
BlackSuit Ransomware Claims to Have Hacked Kansas City Hospice
Source: Cybernews
The BlackSuit ransomware gang claims to have hacked Kansas City Hospice, a nonprofit offering end-of-life care in the Kansas City area. The group listed the breach on October 19, though the hospice has not confirmed the attack. BlackSuit ransomware, believed to be a rebrand of Royal ransomware, has previously targeted critical infrastructure and demanded ransoms as high as $60 million. Founded in 1980, Kansas City Hospice serves thousands of patients and families annually.
Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”
Source: Hackread
A hacker claims to have accessed and is selling a "Top Secret US Space Force (USSF) Military Technology Archive" containing highly sensitive information on advanced military technologies. The data reportedly includes details on AI-controlled defense systems and quantum-based communication developments–potentially exposing critical insights into space-based weapon systems. Although the authenticity of the breach has not been verified, the hacker insists the data is legitimate. Hackread has contacted the Cybersecurity and Infrastructure Security Agency (CISA) for comment, but no official confirmation has been provided yet.
Kill Security Group Claims to Have Breached AskVet, Sensitive Data Leaked
Source: Cyber Press
Kill Security group claims to have breached AskVet, a leading U.S.-based online veterinary service. The stolen information includes names, contact details, addresses, email addresses, and pet medical histories such as diagnoses and treatments–which may be used in targeted phishing campaigns. The group has set a ransom deadline for October 27, 2024, though it's unclear if AskVet will pay or seek help from law enforcement.
Electric Motor Giant Nidec Confirms Data Stolen in Ransomware Attack
Source: Security Week
Japanese electric motor manufacturer Nidec confirmed that over 50,000 business and internal documents were stolen in an August 2024 ransomware attack on its Vietnam-based subsidiary, Nidec Precision (NPCV). The Everest ransomware group is responsible for the attack and leaked the stolen files on a Tor-based site after Nidec refused to pay the ransom. The data includes documents related to procurement, health and safety, and business transactions. In response, Nidec has tightened server access rights, updated passwords, and suspended VPN usage to prevent future breaches.
Casio Suspends Repair Services After Major Cyberattack Disrupts Systems
Source: Hackerdose
Casio suspended its repair services following a major cyberattack on October 5, 2024, that severely disrupted its systems and exposed sensitive data. The ransomware group behind the attack claims to have stolen 204.9 GB of confidential information, including employee payroll, legal records, and project specifications. Casio is working to restore operations by late November and has apologized for the disruption.
Bumblebee Malware Returns After Recent Law Enforcement Disruption
Source: Bleeping Computer
The Bumblebee malware loader, previously disrupted by Europol's 'Operation Endgame' in May 2024, has reemerged after a brief dormancy. Linked to the TrickBot developers, Bumblebee is known for facilitating ransomware attacks through phishing, malvertising, and SEO poisoning. Netskope researchers recently detected its return with infection chains starting from phishing emails that deliver a malicious ZIP file disguised as an NVIDIA driver or Midjourney installer. The malware executes silently via PowerShell and MSI files, leading to payload deployment in memory. The scale of this resurgence is unclear.
ESET Distributor’s Systems Abused to Deliver Wiper Malware
Source: Security Week
ESET launched an investigation after the systems of its Israeli distributor, Comsecure, were abused to send emails delivering wiper malware. The emails impersonated ESET’s Advanced Threat Defense team, passed DKIM and SPF checks, and included links to a malicious ZIP file. The file contained ESET DLLs and an executable designed to deploy wiper malware. While ESET quickly responded and blocked the campaign within ten minutes, at least one Israeli organization was reportedly affected. The attack may be linked to Iran-affiliated threat groups Handala and CyberToufan, known for anti-Israel cyber operations.
领英推荐
VULNERABILITIES TO WATCH
Fortinet Releases Patches for Undisclosed Critical FortiManager Vulnerability
Source: Help Net Security
Fortinet released critical security updates for FortiManager to fix an undisclosed vulnerability that may be under active exploitation by Chinese threat actors. The company has privately alerted select customers and advised mitigation steps such as restricting device registration to authorized serial numbers. Although the exact details and associated CVE haven't been disclosed, speculation points to a possible link with CVE-2024-23113, a format string vulnerability previously patched in FortiOS, FortiPAM, and other products. Fortinet urges immediate patch implementation to safeguard against potential threats.
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira
Source: Security Week
Atlassian issued security patches to address six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management. The updates fix a critical Java Runtime Environment (JRE) flaw (CVE-2024-21147) in Bitbucket, as well as path traversal and ReDoS vulnerabilities in Confluence (CVE-2022-24785, CVE-2022-31129). Additionally, Confluence users should patch an XSS vulnerability (CVE-2024-4367) and an Apache Commons Configuration flaw (CVE-2024-29131). Jira Service Management has also patched a Protobuf buffer overflow issue (CVE-2024-7254). Atlassian urges users to update their systems immediately to prevent potential exploits.
High-Risk Vulnerability Affecting UniFi Network Server
Source: Cybernews
A high-risk local privilege escalation vulnerability (CVE-2024-42028) affects Ubiquiti's UniFi Network Server, with a severity rating of 8.8 out of 10. This flaw enables attackers with local access to elevate privileges and potentially take control of the server. It impacts versions 8.4.62 and earlier of the self-hosted UniFi network server. Ubiquiti recommends updating to version 8.5.6 or later to mitigate the risk. IT managers using UniFi Network to manage access points, switches, and IoT devices should apply the security patch immediately to protect their systems.
Critical Chrome Flaw Lets Malicious Apps Control Your PC
Source: Cyber Press
Researchers uncovered critical vulnerabilities in Chromium that allow malicious Chrome extensions to bypass the browser's sandbox and take full control of a user's device. These flaws, identified as CVE-2024-5836 and CVE-2024-6778, were found in Chrome’s WebUIs and the chrome.devtools.inspectedWindow.reload() API. Attackers can exploit these weaknesses to execute malicious code through policy manipulation and JavaScript injections. Google has released patches to fix these vulnerabilities, and users should update their Chrome browsers immediately to protect against potential remote code execution attacks.
SPECIAL REPORTS
Over 10 Million Personal And Corporate Devices Infected By Information Stealers
Source: Cyber Security News
Kaspersky reports that data-stealing malware infected over 10 million personal and corporate devices in 2023, representing a 643% increase over the past three years. Malware like Redline, Vidar, and Raccoon have been used to steal sensitive information, including login credentials, financial details, and corporate data. The rise in attacks is driven by "malware-as-a-service" models, which make these threats accessible to less-skilled cybercriminals. To reduce the risk, users should enable two-factor authentication, use strong and unique passwords, and download software only from verified sources.
CISOs Are Gaining Influence Among Corporate Leadership
Source: Cybersecurity Dive
CISOs are gaining more influence in corporate leadership, with many playing key roles in decisions around digital transformation, cloud adoption, and other tech initiatives, according to a Deloitte Global report. About one-third of executives surveyed noted a significant increase in CISO involvement in critical technology discussions, and one in five CISOs now reports directly to the CEO, reflecting the growing importance of cybersecurity. As businesses face rising global cyber risks and new regulatory demands, such as the SEC's disclosure requirement for material cyber breaches, CISOs are becoming central to shaping risk management and security strategies across interconnected operations.
Finding value in this newsletter? Like or share this post on LinkedIn