Monday 4th November 2024

Good morning and a very happy Monday to you all.. If your antivirus has been feeling a little off lately, you might want to check your SharePoint server. Today’s edition kicks off with Microsoft’s newly disclosed SharePoint vulnerability, CVE-2024-38094, which hackers are actively exploiting to break into corporate networks, disable security systems, and wreak havoc from the inside. From election disinformation on X to another chapter in tech's security cat-and-mouse game, we’ve got the latest developments to keep you a step ahead.

A Disney World Hack Gone Wild

When a former Disney World employee found himself out of a job, he allegedly decided to make a dramatic comeback—on the servers. Accused of hacking into Disney’s menu system, he’s charged with altering prices, adding profanities, and dangerously mislabeling allergy information, putting park visitors at potential risk. Disney’s tech team caught the unauthorised menu updates before they reached the public, but the fallout was significant, including taking Disney’s menu software offline for over a week and racking up $150,000 in damages.

The FBI took the ex-employee into custody, and his attorney says he’ll plead not guilty, pointing to long-standing mental health challenges. The attorney also argued that he hasn’t received mental health support while in jail, complicating his case ahead of next week’s bond hearing. Disney’s internal probe identified him based on his role and the level of system access required to pull off the stunt.

FBI Warns of Deepfake Election Videos on X

As the 2024 U.S. election heats up, the FBI is warning voters about a pair of fake videos spreading false claims of ballot fraud and misinformation about Vice President Kamala Harris’s husband, Doug Emhoff. The clips, which misrepresent themselves as FBI broadcasts, featured the bureau's logo and were posted on X (formerly Twitter), but gained minimal traction from real viewers. "These videos are not authentic, are not from the FBI, and the content they depict is false," the FBI clarified in a statement on Saturday.

The FBI is also investigating a separate fake video that appears to show mail-in ballots for Donald Trump being destroyed in Pennsylvania—a clip that racked up over 155,000 views in just 12 hours. This comes amid ongoing foreign interference efforts: federal cybersecurity officials noted that another viral video, which falsely depicts Haitian immigrants voting illegally, was made by Russian influence groups seeking to destabilise U.S. confidence in electoral integrity.

Cybersecurity firms have reported a marked rise in the sale of impersonation accounts on Telegram, where profiles posing as government agencies and media outlets are marketed to foreign buyers aiming to sway U.S. election sentiment. Experts warn these echo chambers amplify divisive narratives, aiming not to support a particular candidate but to undermine trust in the electoral process itself.

SharePoint Vulnerability CVE-2024-38094 Actively Exploited in Corporate Attacks

A high-severity vulnerability in Microsoft SharePoint, CVE-2024-38094, is now under active exploitation, allowing attackers to gain initial access to corporate networks. Microsoft patched the vulnerability in July, but security researchers at Rapid7 revealed that attackers used it to breach a SharePoint server in a recent incident. They installed a malicious webshell, laterally moved through the network, and compromised a Microsoft Exchange service account to elevate privileges.

Once inside, the attackers deployed Huorong Antivirus to disable existing security defences, creating conflicts that incapacitated legitimate antivirus programs. Rapid7's report shows they also used Mimikatz for credential theft, disabled Windows Defender, and altered logs to stay undetected for two weeks. Additional tools for persistence and network mapping, such as everything.exe and kerbrute, were used to deepen control over the network.

Admins should patch CVE-2024-38094 immediately to prevent similar breaches, as Rapid7’s findings underscore the severe impact of delaying critical security updates.