CISO Daily Update - September 26, 2024
NEW DEVELOPMENTS
Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks
Source: Hackread
Dell suffered a third data leak in a week with the hacker "grep" releasing 500 MB of sensitive internal files–including project documents and multi-factor authentication (MFA) data. The breaches are part of a single coordinated attack, with the hacker leaking the data gradually. Dell has yet to formally respond to this latest breach, which follows two previous leaks exposing employee data and documents.?
RansomHub Genius Tries to Put the Squeeze on Delaware Libraries
Source: The Register
RansomHub affiliates targeted Delaware Libraries with a ransomware attack, demanding $1 million despite the underfunded nature of public libraries. The attack disrupted computer labs, internet services, and phone lines across 35 library sites in Delaware. While RansomHub claims to have stolen 80,000 files, the library’s catalog remains unaffected. Delaware Libraries, in collaboration with Microsoft and state agencies, is rebuilding its systems rather than paying the ransom. Recovery efforts are still in the early stages.
U.S. Govt Agency CMS Says Data Breach Impacted 3.1 Million People
Source: Bleeping Computer
The Centers for Medicare & Medicaid Services (CMS) reported that a data breach resulting from the MOVEit ransomware attack by Cl0p exposed the personal and health information of over 3.1 million individuals, primarily Medicare beneficiaries. The breach occurred after hackers compromised the Wisconsin Physicians Service (WPS), which provides Medicare administrative services. Affected individuals have been notified, and CMS is offering 12 months of free credit monitoring through Experian. Despite Cl0p's claims of data deletion, the risk of the stolen information being sold or shared on the dark web remains high.
Thousands of US Congress Emails Exposed to Takeover
Source: Infosecurity Magazine
A report by Proton and Constella Intelligence uncovered that over 3,191 email addresses of US Congress staffers have been leaked on the dark web, with 1,848 linked to plaintext passwords. This exposure results from staffers using their official email addresses to sign up for third-party services that later experienced data breaches. Experts urge Congress staff to avoid using work emails for third-party accounts, employ password managers, and subscribe to dark web monitoring services to enhance cybersecurity.
Hackers Hiding Malware in Fake “Deleted Diddy Files”
Source: Cybernews
Cybercriminals are exploiting public interest in Sean "Diddy" Combs' recent legal issues by distributing malware disguised as deleted files from his social media accounts. The PDiddySploit malware, a variant of the PySilon RAT, is capable of stealing sensitive data, logging keystrokes, and controlling infected systems. Users are being tricked into downloading these files, which are often spread through email attachments and links. Security experts warn users to avoid suspicious files and verify sources to protect against this threat.
VULNERABILITIES TO WATCH
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
Source: The Hacker News
CISA added a critical vulnerability in Ivanti's Virtual Traffic Manager (vTM)--CVE-2024-7593 with a CVSS score of 9.8–to its Known Exploited Vulnerabilities list due to active exploitation. The flaw allows unauthenticated attackers to bypass admin panel authentication and create rogue administrator accounts. Ivanti patched the issue in several versions released in August 2024, and remediation is required for federal agencies by October 15, 2024. Ivanti acknowledged limited exploitation of this and other vulnerabilities, with over 2,000 exposed devices online, mostly in the U.S.
领英推荐
ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function
Source: The Hacker News
A patched vulnerability in ChatGPT's macOS app, called SpAIware, allowed attackers to exploit its memory feature to implant long-term spyware that facilitates continuous data exfiltration across sessions. The flaw leveraged indirect prompt injection where malicious instructions persisted in ChatGPT's memory, leading to data leaks with future chats. Attackers could have tricked users into visiting malicious sites or downloading compromised documents, which would update ChatGPT’s memory and send chat data to the attacker. OpenAI addressed the issue in version 1.2024.247, and users are advised to review and manage stored memories regularly.
PoC for Critical SolarWinds Web Help Desk Vulnerability Released (CVE-2024-28987)
Source: Help Net Security?
A proof-of-concept (PoC) exploit for a critical vulnerability in SolarWinds Web Help Desk (WHD), CVE-2024-28987, was released publicly. The flaw is caused by hardcoded developer credentials and allows unauthorized attackers to read and modify help desk ticket details. While the vulnerability doesn't compromise the WHD server itself, it poses a high risk for lateral movement via credential exposure. Approximately 827 instances of WHD are exposed online.
TeamViewer for Windows Vulnerability Let Attackers Escalate Privileges
Source: Cyber Security News
A critical vulnerability (CVE-2024-7479 and CVE-2024-7481) in TeamViewer's Remote client for Windows could allow attackers to escalate privileges on affected systems; the CVSS score is 8.8. The flaw arises from improper verification of cryptographic signatures in the TeamViewer_service.exe component. Affected versions include those earlier than 15.58.4. Users are urged to update immediately to protect against potential exploitation.
SPECIAL REPORTS
Google Sees 68% Drop in Android Memory Safety Flaws Over 5 Years
Source: Bleeping Computer
Over the past five years, Google reduced Android memory safety vulnerabilities by 68%, lowering them from 76% in 2019 to 24% in 2024. This was achieved by writing new code in memory-safe languages like Rust. This approach prevented backward compatibility issues and reduced vulnerabilities without extensive rewrites. Google emphasizes transitioning to memory-safe coding practices to prevent vulnerabilities long-term, aligning with CISA's recommendations for secure-by-design practices using languages like Rust, Java, and Go.
82% of Phishing Sites Now Target Mobile Devices
Source: Infosecurity Magazine
According to Zimperium's 2024 zLabs Global Mobile Threat Report, 82% of phishing sites now target mobile devices–with 76% using HTTPS to mislead users about security. The report highlights a 13% increase in unique malware samples, with the healthcare industry suffering the most from mobile phishing attacks. Experts urge enterprises to implement advanced, multi-layered security strategies to protect against these increasing risks targeting employees’ mobile endpoints.
Finding value in this newsletter? Like or share this post on LinkedIn
OT Cybersecurity Leader | ISA/IEC 62443 Specialist | Controls Engineer | Pharma | Manufacturing | Military Veteran | Practitioner
2 周PDiddySploit… really ??