Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation
Google has announced that it is once again delaying its plans to deprecate third-party tracking cookies in its Chrome web browser. This time the reason is outstanding competition concerns from UK regulators over its Privacy Sandbox initiative. This is the third extension since the company announced its plans in 2020. A representative said it is “working closely with the UK Competition and Markets Authority and hopes to achieve an agreement by the end of the year.” Privacy Sandbox is a collection of initiatives that seek to provide alternatives to tracking cookies and cross-app identifiers in order to serve tailored ads to users while maintaining privacy.
Brocade SAN appliances and switches exposed to hacking
Security researcher Pierre Barre is warning about 18 flaws in the Brocade SANnav storage area network management application, including some that would allow remote attackers to log in to vulnerable devices as root. Nine of these vulnerabilities were assigned CVE identifiers, CVE-2024-2859 and CVE-2024-29960 through CVE-2024-29967. Barre states that “three of these issues could allow an attacker to send malicious data and to intercept credentials sent in clear text, potentially compromising the entire Fibre Channel infrastructure.”
ICICI Bank exposes credit cards to wrong users
One of India’s biggest private banks, which also has branches and subsidiaries in 17 other countries, confirmed to TechCrunch that “yesterday (Thursday) that its digital channels erroneously mapped about 17,000 credit cards issued in the past few days to “wrong” users. Finance-related forum Technofino reported that “sensitive data such as the full card number, expiry date and CVV of other customers’ credit cards suddenly appeared for some users on the iMobile Pay app. A spokesperson for ICICI Bank told TechCrunch it had blocked the affected cards and is issuing new ones.
CISA issues urgent patch advisory for Cisco and CrushFTP
The agency has ordered all federal civilian agencies to patch three high-profile vulnerabilities within a week because they are being exploited by hackers. These cover two Cisco product vulnerabilities as well as one impacting the file transfer tool CrushFTP, a story we covered on Tuesday. Unlike most additions to the Known Exploited Vulnerabilities catalog, CISA is only giving federal agencies until May 1 to patch the vulnerabilities. This is done only with bugs that CISA considers urgent. On Wednesday, Cisco released advisories about its two vulnerabilities being exploited as part of a campaign by state-sponsored threat actors. These vulnerabilities impact Cisco’s Adaptive Security Appliances (ASA) and the related Firepower Threat Defense (FTD) software suite. As for Crush, CrowdStrike has said it has observed this exploit being used in the wild in a targeted fashion, with multiple U.S. entities affected. They added that those behind the exploitation were doing “intelligence-gathering activity” and were “possibly politically motivated.”
领英推荐
Huge thanks to this week’s episode sponsor, Veracode
Change Healthcare update: ransom paid; millions exposed
Representatives from Change Healthcare have stated that health information related to “a substantial portion of people in America” could be among the data stolen by cybercriminals in the attack that occurred in February. This statement was made the same day that the company acknowledged having paid a ransom shortly after the attack. The amount paid is alleged to be $22 million. The attack has now inspired lawmakers to question the dominant position of parent company UnitedHealth Group, suggesting it might be a systemic threat. UnitedHealth Group reported nearly $100 billion in revenue in the first quarter of 2024 and are expecting losses from the attack to exceed $1 billion.
Brokewell malware attacks Android devices
Researchers working at fraud risk company ThreatFabric discovered this new Android banking trojan, which they named Brokewell, while investigating a fake Chrome update page that was dropping malware payloads. Brokewell’s chief roles are to steal data and offer remote control to attackers. It is delivered through a spoofed Chrome update page.
WordPress plugin hit by millions of SQL injection attacks
A critical severity vulnerability in the WP Automatic plugin for WordPress is being used by bad actors to create user accounts with administrative privileges and to plant backdoors for long-term access. According to BleepingComputer this plugin, called WP Automatic is currently installed on more than 30,000 websites, and was designed to allow administrators automate the act of importing content such as text, images, and video to publish on their WordPress sites.
Hackers threaten to release sensitive World-Check database
World-Check risk analysis database currently owned by the London Stock Exchange Group. It is used by financial institutions, regulatory bodies, and law enforcement agencies, and pulls information from public records, regulatory filings, and proprietary databases. A financially motivated threat actor named GhostR, had now announced the theft of a confidential database containing 5.3 million records. According to TechCrunch who has been given access to a section of the stolen data as proof, “it includes records on current and former government officials, diplomats, and politically exposed people. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.” This is not the first time that this controversial database, which was once owned by Thomson Reuters and then later by The Blackstone Group, has suffered a data leak.