Cyber Intelligence Weekly: The 3 New Ideas You Need to Know this Week (Issue 158 – September 15, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an upcoming talk I will be giving at Fal.Con. If you are attending Fal.Con next week, please join us for a key session on Cyber Risk Management.

?? Wednesday, Sept. 18 | ?? 12:00 PM - 12:45 PM PDT

Don't miss this vital session as we discuss how to best navigate evolving risk in cybersecurity. Learn from me and other industry leaders on how to align security strategies with business goals and turn risk into opportunity!

Gain insights into enhancing your organization’s security posture and meet experts like Eben Kaplan from CrowdStrike and Sean Kelly of Highmark Health who will share cutting-edge strategies.

Learn more here: https://lnkd.in/eKXQAAWZ

?

?

Away we go!

1.??Windows Vulnerabilities Leave Systems at Risk Despite Security Updates

Microsoft's latest Patch Tuesday, released in September 2024, addressed 79 security vulnerabilities across Windows operating systems and related software. This includes critical bugs that are already being exploited in the wild. Of particular concern was a flaw affecting certain Windows 10 systems that were left unpatched for several months due to a rollback issue. The problem stemmed from vulnerabilities related to optional components installed on systems produced in 2015. As a result, updates released between March and August 2024 failed to protect these machines adequately.

One of the most significant vulnerabilities, CVE-2024-43491, emerged from a flaw in the way the update service handled build version numbers for Windows 10 systems. The glitch reintroduced previously patched vulnerabilities, leaving users exposed to potential cyberattacks. To rectify the situation, Microsoft advises users to install both the September 2024 Servicing Stack Update and the Security Updates immediately. Security experts have underscored the seriousness of the bug, with multiple attackers already exploiting these weaknesses.

In addition to CVE-2024-43491, two zero-day vulnerabilities were disclosed. Both CVE-2024-38226 and CVE-2024-38217 target Microsoft Office applications and exploit a security feature designed to flag potentially dangerous files downloaded from the internet. While these zero-days require the user to open a compromised file, their presence highlights the continued risk of using outdated or unpatched systems.

These updates come amid ongoing concerns about Microsoft's new Copilot+ feature, which includes a controversial screenshot function called "Recall." Although Microsoft claimed this feature would be less intrusive, security experts have raised alarms, pointing out that any user on a system can easily access the screenshots stored locally. This issue underscores the need for businesses and individuals to remain vigilant in applying patches and scrutinizing new system features.

2.??Cyberattack on Transport for London Exposes Customer and Employee Data

Transport for London (TfL) has confirmed a significant cyber incident that has compromised the personal data of both customers and employees. Initially, TfL stated there was no evidence of customer data exposure, but a recent update revealed that the attack may have accessed sensitive information. Approximately 5,000 customers' bank details, including Oyster card refund data with bank account numbers and sort codes, were potentially compromised. As a precaution, TfL plans to contact affected individuals as soon as possible.

To address the situation, TfL has pulled large portions of its IT infrastructure offline, affecting services such as live tube arrival updates and the processing of new Oyster photocards. Staff have also faced restricted access to systems as the agency conducts an in-person reset of 30,000 employee passwords, part of a broader security protocol in response to the incident. Employee data, including email addresses, job titles, and employee numbers, may have been accessed, prompting additional security measures.

The National Crime Agency (NCA) has arrested a 17-year-old male in connection with the attack. The suspect, detained under the Computer Misuse Act, was released on bail while the investigation continues. Authorities, including the NCA and the National Cyber Security Centre, are collaborating with TfL to mitigate further risks and assess the full extent of the breach.

This attack on a major public transport body highlights the ongoing challenges posed by cyber threats to critical infrastructure. TfL's response, including bolstered physical security measures and collaboration with law enforcement, aims to restore normal operations while minimizing the impact on affected individuals.

?

3.??SonicWall Pushes Urgent Patch for Critical SonicOS Vulnerability

SonicWall has issued a crucial patch for a vulnerability in its SonicOS platform that could allow attackers to gain unauthorized access and, under certain conditions, cause the company’s firewalls to crash. The vulnerability, tracked as CVE-2024-40766, has been assigned a CVSS score of 9.3, marking it as a severe security risk. This issue affects Gen 5, Gen 6, and some Gen 7 SonicWall firewalls operating on SonicOS version 7.0.1-5035 and earlier.

SonicWall has promptly notified its customers and partners about the vulnerability and released patches to address the issue. Security teams are advised to apply these patches as soon as possible. In the meantime, they can reduce risk by restricting SonicOS access to trusted accounts and disabling firewall management via the internet. SonicWall has also emphasized the importance of disabling SSLVPN access from the internet unless absolutely necessary.

Unpatched SonicWall devices have been targeted by cybercriminals in the past. For example, in 2023, threat actors exploited a similar vulnerability to deploy malware that allowed them to steal user credentials and maintain access through firmware upgrades. With ransomware and other cyberattacks on the rise, the potential risks of leaving SonicOS systems unpatched are considerable.

To mitigate the threat posed by CVE-2024-40766, SonicWall recommends that customers immediately install the latest firmware updates for affected products. In addition, administrators are urged to enhance security by enforcing password changes for SSLVPN users and enabling multi-factor authentication (MFA) for further protection.

?

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about