Weekly Cybersecurity Digest: Top 5 News Stories in the Digital Sphere

1. LinkedIn Suspends AI Data Processing in the U.K. Over Privacy Concerns

LinkedIn has paused the use of U.K. user data for training AI models following concerns raised by the Information Commissioner’s Office (ICO). The suspension comes after LinkedIn admitted to using user data without explicit consent under a new privacy policy. Users outside Europe can opt out, but data previously used remains in the system. The ICO plans to closely monitor LinkedIn and other tech companies to ensure proper privacy safeguards.

Key Points:

• LinkedIn halts AI data processing in the U.K. after ICO intervention.
• Users outside Europe can opt out of AI data use, but past data will remain.
• The ICO will continue monitoring privacy practices in AI across tech companies.

Read More

2. GitLab Patches Critical SAML Authentication Bypass Vulnerability

GitLab has patched a critical vulnerability (CVE-2024-45409, CVSS score: 10.0) affecting its Community (CE) and Enterprise (EE) Editions, allowing attackers to bypass authentication and log in as any user. The flaw, found in the ruby-saml library, was caused by improper verification of SAML responses. GitLab has updated dependencies in several versions (16.11.10, 17.0.8, 17.1.8, 17.2.7, 17.3.3) to fix the issue.

Key Points:

• Critical authentication bypass flaw fixed in GitLab CE and EE.
• Vulnerability stems from improper verification of SAML responses.
• Users urged to enable two-factor authentication (2FA) and block SAML 2FA bypass.
• No evidence of exploitation in the wild, but indicators of attempts are provided.

Read More

3. Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Cybercriminals are targeting construction firms by exploiting default credentials in FOUNDATION Accounting Software, particularly accounts with high privileges like "sa" and "dba" on MS SQL servers. Huntress detected around 35,000 brute-force attempts on one server, with several companies exposed. Attackers use the xp_cmdshell feature to run arbitrary commands, potentially compromising systems.

Key Points:

• Hackers exploit default credentials in FOUNDATION software used by construction firms.
• Attackers gain access to MS SQL servers by brute-forcing high-privilege accounts.
• Recommendation: Rotate default credentials, disable xp_cmdshell, and limit public exposure of the software.

Read More

4. Ukraine Bans Telegram for Government and Military Personnel

Ukraine has restricted the use of Telegram for government officials, military personnel, and other critical infrastructure workers.

Key Points:

• National Security Concerns: Telegram is suspected of being used by Russia to launch cyberattacks, spread misinformation, and track user locations.
• Data Privacy Concerns: Telegram's privacy policies raise questions about potential data sharing with foreign governments.
• Ban Restrictions: The ban applies to official devices but not personal use.
• Telegram's Response: Telegram denies sharing user data with any government, including Russia.

Read More

5. Microsoft Warns of New Ransomware Targeting U.S. Healthcare

A new ransomware threat is targeting the U.S. healthcare sector. Microsoft has identified a threat actor using the INC ransomware to attack healthcare organizations. It's important for healthcare organizations to have strong cybersecurity measures in place to protect their systems and data.

Key Points:

• Threat Actor: Vanilla Tempest (formerly DEV-0832) is targeting healthcare organizations.
• Ransomware: INC ransomware is being used to encrypt data and demand a ransom.
• Attack Methods: Threat actors are using various techniques, including GootLoader infections and Remote Desktop Protocol (RDP) to gain access to systems.
• Data Exfiltration: The threat actor is using Azure Storage Explorer and AzCopy to exfiltrate stolen data.

Read More

Stay ahead of the curve!?? Follow us on LinkedIn and Subscribe to our newsletter ?? for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape. Don't forget to check out our Website ?? to make your cyberspace safe and secure ??, and join our growing community on Instagram ?? for bite-sized cyber security tips and trends. ?? ??