CISO Daily Update - October 9, 2024
NEW DEVELOPMENTS
Casio Reports IT Systems Failure After Weekend Network Breach
Source: Bleeping Computer
Casio disclosed a cyberattack discovered on October 5, 2024, which caused system disruptions and impacted several services. The company is working with external experts to determine if any personal or confidential data was compromised. Although no ransomware group has claimed responsibility, Casio has reported the breach to authorities and is taking action to prevent future incidents. This breach follows last year's attack, which affected users of its ClassPad platform in 149 countries. The incident adds to Casio's ongoing challenges, as the company faces nearly $50 million in losses from a major restructuring effort.
Meow Hacking Group Allegedly Claims Breach of Superior Court of California
Source: Cyber Press
The Meow hacking group claims responsibility for a breach at the Superior Court of California, Sonoma County, stealing around 5 GB of sensitive data. The stolen information includes employee records, social security numbers, banking details, legal agreements, and criminal records. If confirmed, this breach raises concerns about identity theft and fraud. The court and law enforcement agencies are expected to investigate further.
Physical Security Firm ADT Hacked Again
Source: Security Week
Leading physical security provider ADT reported a cybersecurity breach involving compromised credentials from a business partner. While attackers accessed some internal, encrypted employee data, ADT confirmed that customer information and security systems were not impacted. This breach caused system disruptions and follows another incident in August, when hackers stole 30,000 customer records. Investigations are ongoing, and no ransomware group has claimed responsibility for this latest breach.
Recently Spotted Trinity Ransomware Spurs Federal Warning to Healthcare Industry
Source: The Record
Federal officials have warned the U.S. healthcare industry about the Trinity ransomware, a new strain first detected in May 2024. Trinity has already targeted multiple victims, including healthcare providers in the U.S. and U.K. The ransomware encrypts files and steals data, leaving victims with extortion demands. With no decryption tool available, federal authorities urge healthcare organizations to strengthen their defenses to avoid further disruptions.
The 30-Year-Old Internet Backdoor Law That Came Back to Bite
Source: TechCrunch
The 30-year-old Communications Assistance for Law Enforcement Act (CALEA), which mandates wiretap access for U.S. telecom and internet providers, has come back to haunt the industry as Chinese hackers exploited these backdoors to breach several U.S. providers–including AT&T and Verizon. These breaches granted attackers access to sensitive customer data and internet traffic–emphasizing the risks of backdoor systems. Experts emphasize that secure backdoors are impossible to create and argue that strong encryption is the only effective defense against such vulnerabilities.
Late Shipment? Retailers’ Data Leak May Have Allowed Attackers to Redirect It
Source: Cybernews
U.S. outdoor sports retailer Peter Glenn exposed sensitive credentials in a publicly hosted environment configuration file (.env), leaving its systems vulnerable to attack. Discovered in June 2024, the leak included API keys, AWS credentials, and database information that attackers could use to manipulate orders, access customer data, and potentially redirect shipments. Despite repeated outreach from researchers, the company only acted after CERT was notified in September and finally secured the file and closed public access in October.
VULNERABILITIES TO WATCH
Ivanti Warns of Three More CSA Zero-Days Exploited in Attacks
Source: Bleeping Computer
Three recently found zero-day vulnerabilities in Ivanti's Cloud Services Appliance (CSA) have been fixed with security patches. These vulnerabilities are presently being used in attacks. These vulnerabilities, which are known as CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, enable remote attackers the ability to execute arbitrary code, perform SQL injections, and circumvent security measures by using path traversal. Alongside the vulnerabilities, CVE-2024-8963, a previously patched vulnerability, is also being exploited. Customers still using the out-of-date version 4.6 are urged by Ivanti to update to version 5.0.2 and keep a close eye on their systems for any indications of compromise, such as changed admin accounts or strange EDR notifications.
领英推荐
SAP Patches Critical Vulnerability in BusinessObjects
Source: Security Week
SAP issued new security updates in October 2024, including a critical patch for BusinessObjects Business Intelligence, fixing a missing authorization check vulnerability (CVE-2024-41730). While SAP initially addressed the flaw in August, additional updates target users on version 4.2 SP009. SAP also patched four high-severity vulnerabilities in Enterprise Project Connection related to the Spring framework, Log4j libraries, and an insecure file operations issue in BusinessObjects. SAP urges users to apply these patches immediately, as threat actors have previously exploited similar vulnerabilities.
Android’s October 2024 Update Patches 26 Vulnerabilities
Source: Security Week
Google's October 2024 Android security update patches 26 high-severity vulnerabilities across various components. The update is split into two parts: the 2024-10-01 patch fixes vulnerabilities in the Framework and System components that could lead to privilege escalation, denial-of-service, or remote code execution. The 2024-10-05 patch addresses issues in components from Imagination Technologies, MediaTek, and Qualcomm. While there is no evidence that these vulnerabilities have been exploited, users are advised to update their devices promptly to stay protected. No new security patches were released for Pixel devices, Android Automotive OS, or Wear OS this month.
Qualcomm Fixed a Zero-Day Exploited Limited, Targeted Attacks
Source: Security Affairs
Qualcomm has patched 20 vulnerabilities, including a zero-day flaw (CVE-2024-43047) in its Digital Signal Processor (DSP) service. This use-after-free bug, with a CVSS score of 7.8, could lead to memory corruption and has been exploited in limited, targeted attacks. Discovered by researchers from Google Project Zero and Amnesty International Security Lab, Qualcomm has issued patches to OEMs, urging immediate updates to affected devices. The vulnerability impacts various Qualcomm chipsets used in FastConnect, Snapdragon platforms, and mobile and video collaboration systems. Qualcomm also fixed a critical flaw in its WLAN Resource Manager (CVE-2024-33066), which had a CVSS score of 9.8.
iTunes 0-day Privilege Escalation Flaw Let Attackers Hack Windows
Source: Cyber Security News
A critical zero-day vulnerability (CVE-2024-44193) in iTunes for Windows, specifically in the Apple Device Discovery Service, allowed attackers to escalate privileges and gain SYSTEM-level access. Researcher mhans (aka "mbog14") discovered the flaw in iTunes version 12.13.2.3, which stemmed from improper permission management in the "C:\ProgramData\Apple*" directory. Attackers could exploit this Local Privilege Escalation (LPE) by using opportunistic locks (oplocks) and NTFS junction points, enabling them to delete files with SYSTEM privileges. Apple patched the vulnerability on September 12, 2024, addressing the flaw that let unprivileged users gain full administrator access by manipulating service restarts and file deletions.
SPECIAL REPORTS
31 New Ransomware Groups Join the Ecosystem in 12 Months
Source: Infosecurity Magazine
Over the past year, 31 new ransomware groups have entered the cybercrime ecosystem, driving a 30% increase in active ransomware gangs according to Secureworks' State of the Threat report. LockBit remains the most dominant group, responsible for 17% of all reported victims. Newcomers like PLAY and RansomHub have also emerged, with RansomHub surfacing after a major LockBit takedown. Despite the increase in groups, victim numbers haven't risen as sharply, suggesting a more fragmented landscape. The report also highlights the growing use of AI tools in cybercrime and the rise of Adversary-in-the-Middle (AiTM) attacks that undermine multi-factor authentication (MFA) defenses.
Cloud Security Risks Surge as 38% of Firms Face Exposures
Source: Infosecurity Magzine
A new report from Tenable reveals that 38% of organizations are critically exposed to security threats in their cloud environments, primarily due to a "toxic cloud triad" of publicly exposed, critically vulnerable, and highly privileged workloads. This dangerous combination increases the risk of cyber-attacks, system takeovers, and data breaches, with average incident costs nearing $5 million in 2024. The report also highlights that 84% of companies have unused access keys with excessive permissions, 80% of workloads are vulnerable to the critical container escape flaw CVE-2024-21626, and 74% have publicly exposed storage–heightening ransomware risks. Misconfigurations and over-privileged access remain the main threats, which can be mitigated through improved awareness and timely remediation efforts.
Finding value in this newsletter? Like or share this post on LinkedIn
freelancer
1 个月aicybercheck.com AI fixes this (Automated IT cybersecurity compliance assessment and management platform) SO Daily Update - October 9.
Managing Partner @ Recrewmint | We Help Companies Recruit Security Leaders, Architects, and Engineers
4 个月Marcos, you by far have the best newsletter in the industry. I would love to sit down with you one day and discuss your marketing mind!
Procurement & Product Sourcing Manager | E-Commerce Analyst | Data-driven Insights @ Serversupply.com Inc.
4 个月Very helpful, if someone can give the all latest parts update link i will more happy.