Cyber Week in Review: Iranian Hackers Target US Agencies, Siemens Addresses Palo Alto Firewall Bug, Outlook Security Alert and Supply Chain Risks

We have now reached more than 22,820 subscribers! Thanks for your unwavering support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

Iranian Nationals Accused of Targeting U.S. Agencies and Corporations in Hacking Scheme?

?

Four Iranian nationals are indicted for cyberespionage targeting US government departments, defense contractors, and private firms. They allegedly conducted a sophisticated campaign, compromising critical systems at the Departments of Treasury and State, along with numerous private US companies. The accused used spear-phishing and other hacking techniques to access corporate employee accounts, compromising over 200,000 accounts in one instance.

The hackers also employed social engineering tactics, including impersonating women, to deploy malware. The indictment reveals their association with the Iranian Organization for Electronic Warfare and Cyber Defense (EWCD). In response, the Department of State offers a $10 million reward for information leading to their capture, while the Treasury Department imposes sanctions on the individuals involved. ( securityweek.com ) ?

?

My Thoughts: This showcases the evolving tactics employed by threat actors to infiltrate critical systems and access sensitive information. The use of sophisticated techniques such as spear-phishing and social engineering highlights the need for robust cybersecurity measures across government agencies and private enterprises. Enterprises must employ a grassroots effort to create a culture of heightened awareness to protect all attack surfaces. It's often the same message I relay, but it’s important as these situations continue to put companies at risk.??

?

Bookmark my calendar here . When you want to begin safeguarding your business or elevating your current cyber security posture, book a meeting with me directly.??

?

Siemens Responds to Palo Alto Firewall Bug in Ruggedcom APE1808 Devices?

?

Siemens is addressing a severe zero-day vulnerability affecting its Ruggedcom APE1808 devices, used alongside Palo Alto Networks (PAN) Virtual NGFW. This flaw, identified as CVE-2024-3400, allows attackers to execute commands and deploy a Python backdoor. With active exploitation reported, both Palo Alto Networks and CISA have flagged this vulnerability. Siemens is working on patches, advising customers to implement specific countermeasures and follow operational guidelines for Industrial Security. The broader concern of internet-exposed industrial control system (ICS) and operational technology (OT) devices is highlighted, with over 5,800 vulnerable instances of PAN's NGFW exposed globally, underlining the urgency for robust cybersecurity measures. ( darkreading.com ) ?

?

My Thoughts: Never underestimate the importance of rolling our patches and updates across the enterprise in a timely and consistent manner! The emergence of CVE-2024-3400 showcases the persistent threat landscape facing industrial control systems. Enterprises have no choice but to meticulously configure security protocols and adhere to vendor-prescribed guidelines to bolster resilience against sophisticated cyber adversaries prowling in critical operational environments. Be sure to have a routine patch schedule in place.?

?

Outlook Security Alert – Microsoft’s Fix?

Microsoft has retracted a solution for an Outlook glitch linked to incorrect security alerts when opening ICS calendar files post-December security updates. These updates aimed to patch an Outlook vulnerability permitting attackers to pilfer NTLM hashes. Although the fix was initially deployed in April, it was withdrawn due to issues encountered during Insider testing. Affected users can utilize a temporary workaround involving a registry key modification, though this disables security prompts for other file types. Meanwhile, instructions for eliminating warnings are provided in a support document. ( bleepingcomputer.com ) ?

?

My Thoughts: In response to Microsoft's rollback of the fix for the Outlook bug causing security alerts with ICS calendar files, mid-size enterprises should take proactive measures. They should apply the temporary workaround provided by Microsoft, enhance email filtering and monitoring, conduct employee training on email security, closely monitor updates from Microsoft, and update incident response plans to address email vulnerabilities effectively. These steps will help strengthen cybersecurity defenses and mitigate risks until a permanent solution is available.?

?

Discover why others chose Assurance IT to trust in their data.?

?

What is dependency hijacking??

?The Legit research team uncovered a dependency confusion vulnerability within an archived Apache project, emphasizing the risk posed by third-party dependencies, especially in legacy projects. Dependency confusion, also known as "dependency hijacking," occurs when a malicious package with the same name as a private/local package is downloaded instead. Despite measures introduced by package managers like NPM to mitigate such attacks, misconfigurations can lead to exploitation.

The team demonstrated this by exploiting the Cordova App Harness project, highlighting the potential for attackers to upload malicious versions of dependencies, posing a significant security risk to users. It underscores the importance of properly configuring package managers and diligently monitoring dependencies to prevent supply chain attacks. ( legitsecurity.com ) ?

?

My Thoughts: Dependency confusion vulnerabilities underscore the pervasive threats lurking within software supply chains. Here are 5 ways to avoid falling victim to these attacks?

To mitigate Dependency Confusion Attacks:?

1. Enforce strict dependency management policies, vetting third-party packages before use.?

1. Utilize package scoping features to uniquely identify packages within name spaces.?

1. Enable package locking mechanisms to ensure consistent and secure dependency installation.?

1. Regularly verify the integrity and authenticity of dependencies through checksums or digital signatures.?

1. Set up automated monitoring systems to detect unusual package behavior or version changes?

?

Did you know, Assurance IT has a proven methodology? It’s what we call PPR. Prepare, Protect, Recover. Take a look below:?

We only partner with the best.??

Protecting enterprise data, one day at a time.?