CISO Daily Update - September 12, 2024
NEW DEVELOPMENTS
Columbus City Cyberattack: Feds Lead Probe as Council Vows Transparency
Source: The Cyber Express
The Columbus City cyberattack in July 2024 has drawn federal attention, with the FBI and Homeland Security leading investigations. City Council members, including Nicholas Bankston, are emphasizing public safety and urging residents to stay vigilant. The personal data of residents has been compromised, and the city is providing free credit monitoring services. Public hearings are scheduled to address concerns, and cybersecurity enhancements are underway as the investigation continues. The attack has significantly impacted residents, city officials, and public trust.
Data Breach at Golf Course Management Firm KemperSports Impacts 62,000
Source: Security Week
Golf course management firm KemperSports disclosed a data breach affecting over 62,000 individuals, primarily current and former employees. The breach was discovered on April 1, 2024, and exposed personal information such as names and social security numbers. While there's no evidence of misuse, impacted individuals are being offered a year of free credit monitoring. The attack's nature remains unclear, with no ransomware group claiming responsibility. This marks the second reported breach for KemperSports in two years, following a previous incident involving unauthorized access to employee email accounts.
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
Source: The Hacker News
Cybersecurity researchers discovered new malicious Python packages used by the Lazarus Group to target developers under the pretense of coding tests. These packages were found on GitHub and public repositories like npm and PyPI and contained hidden malware embedded in modified versions of popular libraries such as pyperclip and pyrebase. The malware, often obscured in Base64-encoded strings, connects to a command-and-control server to execute remote commands. The campaigns are linked to the North Korean Lazarus Group, which tricks developers into running these packages by masquerading them as urgent coding assignments or job interview tasks. This tactic leverages fake job interviews and coding challenges to bypass security checks and infect systems.
Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam
Source: Hackread
Hackers are targeting supporters of former President Donald Trump by creating fake websites and phishing campaigns related to his digital trading cards. These scams involve typosquatting, where fake domains closely resemble legitimate ones, tricking users into revealing sensitive data or installing malware. Cybercriminals are using emails with malicious links promoting limited-time offers to deceive collectors. This isn't the first time Trump-related scams have surfaced, with similar incidents involving fake donation sites and cryptocurrency theft. Users are advised to double-check URLs and be cautious of unsolicited emails.
VULNERABILITIES TO WATCH
Intel Informs Customers About Over a Dozen Processor Vulnerabilities
Source: Security Week
Intel disclosed over 20 vulnerabilities in its processors and other products, including a high-severity issue in the UEFI firmware affecting Atom, Xeon, Pentium, Celeron, and Core series processors. These flaws could lead to local privilege escalation, DoS attacks, and information leaks. A separate vulnerability impacts the RAPL interface, leading to potential information disclosure. Additionally, Intel's RAID Web Console software contains nine medium- and low-severity flaws that could result in DoS attacks and privilege escalation. Customers are urged to install the latest firmware and microcode updates to mitigate these risks.
Chrome 128 Update Resolves High-Severity Vulnerabilities
Source: Security Week
Google issued a Chrome 128 security update that addresses five vulnerabilities, four of which were discovered by external researchers. These critical concerns include a memory buffer overflow in Skia (CVE-2024-8636), use-after-free flaws in Media Router (CVE-2024-8637) and Autofill (CVE-2024-8639), and type confusion in the V8 JavaScript engine (CVE-2024-8638). The Chrome 128.0.6613.137/.138 update is now available for Windows, macOS, and Linux. Google has yet to report any active exploitation of these flaws.
领英推荐
ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA
Source: Security Week
The September 2024 ICS Patch Tuesday includes advisories from Siemens, Schneider Electric, ABB, and CISA, addressing numerous vulnerabilities. Siemens released 17 advisories, including critical flaws like an authentication bypass in Industrial Edge Management and remote code execution vulnerabilities in Simatic products. Schneider Electric addressed two issues, including a high-severity privilege escalation in Vijeo Designer. ABB's advisory covers medium-severity DoS issues in Relion protection relays. CISA issued four advisories, notably covering critical vulnerabilities in Viessmann Climate Solutions and high-severity bugs in SCADA Web Server and Rockwell Automation products.
Researchers Hacked EV Car Chargers To Execute Arbitrary Code
Source: Cyber Security News
At Pwn2Own Automotive 2024, researchers successfully hacked EV car chargers from Autel, ChargePoint, and JuiceBox, demonstrating significant security flaws. They exploited vulnerabilities in the Autel MaxiCharger, including CVE-2024-23958 (BLE authentication bypass), CVE-2024-23959 (stack buffer overflow in BLE handler), and CVE-2024-23967 (stack buffer overflow in ACMP). The hacks allowed arbitrary code execution, revealing weaknesses in the firmware’s handling of Bluetooth, firmware updates, and protocol connections. Researchers used techniques like Return-Oriented Programming (ROP) to bypass security measures. Autel has addressed these issues in firmware v1.35.00 by adding bounds checks and removing the backdoor token.
Rogue WHOIS Server Gives Researcher Superpowers No One Should Ever Have
Source: ARS Technica
Benjamin Harris of watchTowr discovered a major security issue by acquiring the expired domain dotmobilregistry.net, once used for.mobi WHOIS queries. This rogue WHOIS server, which received millions of queries from various major entities, allowed Harris to potentially manipulate HTTPS certificate issuance, track email activity, and exploit vulnerabilities in WHOIS clients. By redirecting queries from government, security, and academic institutions, Harris demonstrated significant flaws in WHOIS' trust and security processes. Autel and other affected parties have taken steps to address these issues.
SPECIAL REPORTS
Cybernews Business Digital Index Reveals Major Shortcomings in Corporate Customer Data Security
Source: Cybernews
The Cybernews Business Digital Index reveals significant cybersecurity weaknesses in corporate customer data security worldwide, with 63% of companies scoring a D or worse. The index assesses businesses based on their online security, using data from external sources, and provides insights to improve security practices. Notably, healthcare companies struggle the most, with 48% scoring an F, while crypto wallet providers fare better but still face challenges. SSL configuration issues are the most common problem, affecting 99% of organizations. The report highlights widespread vulnerabilities, including phishing, malware, and employee password reuse.
So You Paid a Ransom Demand … and Now the Decryptor Doesn’t Work
Source: The Register
Organizations facing ransomware attacks may find themselves in dire situations even after paying the ransom for a decryptor that ultimately fails to work. Recent incidents highlight the frustration of executives who, after paying to regain access to their encrypted files, received ineffective decryptors–exacerbating their stress and operational challenges. Ransomware negotiators, like GuidePoint Security, emphasize that paying a ransom does not guarantee data recovery, as the criminals involved may provide faulty tools or cease communication altogether. While some sophisticated ransomware groups have technical support teams, others lack the necessary skills, leading to varying outcomes for victims.
Finding value in this newsletter? Like or share this post on LinkedIn
OT Cybersecurity Leader | Agentic AI Engineering Novice | Controls Engineer | Pharma | Manufacturing | Military Veteran | Practitioner
2 个月Busy ICS patch Tuesday, Marcos.