Thursday 27th June 2024

Good morning everyone! Thank you for joining me for today's edition of Cyber Daily. Today's edition looks in to 3 very interesting and very different stories which have the chance of affecting us all.

First, Yahoo! Japan is making headlines by waiving $189 million in ad revenue due to fraudulent clicks, showcasing a rare moment of transparency in the online advertising world. Meanwhile, Siemens has patched critical vulnerabilities in its Sicam products, strengthening the energy sector against potential cyber-attacks. And just when you thought your AirPods were secure, Apple has rolled out a crucial firmware update to prevent eavesdropping on your private conversations.

Yahoo! Japan Waives $189M in Ad Revenue Amid Fraud Concerns

Yahoo! Japan is eating a huge loss of $189 million after detecting fraudulent ad clicks. LY Corporation, Yahoo! Japan's parent company, announced that approximately 96 million ad materials in 2023 were deemed invalid, resulting in a non-chargeable cost of ￥30.2 billion. This figure represents about 1.6% of LY Corp's revenue, a significant hit for investors.

However, not all news is grim. LY Corp's transparency report indicates an improvement in overall ad quality. Although the number of fraudulent advertiser accounts remained stable (around 7,800), unapproved ad materials dropped from 133.5 million in 2022 to under 97 million in 2023.

This level of transparency is rare among online advertisers, with giants like Google and Reddit often facing scrutiny over ad fraud. LY Corp's admission and efforts to combat fraud could bolster advertiser trust, even as the financial repercussions are felt.

As ad fraud remains a persistent issue, LY Corp’s proactive stance could set a precedent for the industry, emphasising the importance of transparency and quality in online advertising.

Siemens Patches High-Severity Vulnerabilities in Sicam Products

Siemens recently patched several vulnerabilities in its Sicam product line, which could have been exploited to launch attacks against the energy sector. The updates address two high-severity and one medium-severity flaw found in Sicam A8000 remote terminal units, Sicam EGS grid sensors, and Sicam 8 power automation software.

The Details

• CVE-2024-31484: A buffer overread issue that allows attackers to read sensitive data from memory, potentially leading to arbitrary code execution or denial-of-service (DoS).
• CVE-2024-31485: A command injection flaw in the web interface enabling attackers to intercept admin credentials and execute code with root privileges.
• CVE-2024-31486: An issue where MQTT client passwords are inadequately protected, allowing attackers with physical or remote shell access to obtain credentials.

These vulnerabilities affect products designed for substation automation, crucial for maintaining power grid stability. Siemens informed customers in May and released an advisory in June, confirming that CVE-2024-31484 also impacts SICAM AK3/TM/BC devices.

Steffen Robertz, an SEC Consult researcher, highlighted how attackers could exploit these vulnerabilities. Gaining network-level access on ports 443/80 allows an attacker to leverage CVE-2024-31484 to extract sensitive information, which can facilitate further attacks. With a low-privileged account, CVE-2024-31485 could be used to obtain admin passwords, allowing reconfiguration of PLCs and potential destabilisation of substations. Following the patch, all passwords should be changed to maintain security.

SEC Consult's advisory underscores the significance of these patches, given the potential impact on power grid operations. Siemens' proactive approach and SEC Consult's detailed vulnerability analysis offer a roadmap for safeguarding critical infrastructure.

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a crucial firmware update for AirPods to fix a vulnerability that could enable unauthorised access to the headphones. The issue, tracked as CVE-2024-27867, affects several models, including AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Apple's advisory explains that when AirPods are seeking a connection to a previously paired device, an attacker within Bluetooth range could spoof the intended source device. This breach could allow the attacker to access the headphones, potentially eavesdropping on private conversations.

The vulnerability has been patched with improved state management in the following firmware updates:

• AirPods Firmware Update 6A326
• AirPods Firmware Update 6F8
• Beats Firmware Update 6F8

Security researcher Jonas Dre?ler, who discovered and reported the flaw, has been credited for his work.

This patch comes just two weeks after Apple addressed 21 issues in visionOS version 1.2, including a logic flaw (CVE-2024-27812) in the WebKit browser engine. This flaw could lead to a denial-of-service (DoS) when processing web content, fixed with improved file handling.

Notably, security researcher Ryan Pickren uncovered a vulnerability in ARKit's Quick Look feature that allowed the creation of 3D objects in a user's space without their interaction. This exploit bypassed all warnings and could forcefully populate a room with animated 3D objects, even after exiting Safari. Apple addressed this issue by reinforcing its permissions model.

Key Takeaway: Apple's proactive approach in patching these vulnerabilities highlights the importance of regular updates to maintain security.