π What’s trending in cybersecurity today?
CISA, Microsoft, COM, Firefox, Chameleon Trojan, Fake CRM, Canada, Europe, Kibana, Code Execution, LNK Stomping, Reputation-Based Security, Port of Tyne, DDoS, McLaren Health Care, Ransomware, North Miami City Hall, Blue Ridge, Network Breach, South Suburban College, CISA, Secure by Demand, Guide, FBI, UK, Information Commissionerβs Office, Β£6 Million, Fine, Samsung, Bug Bounty, Galaxy Devices, Phishing Emails, DMARC Checks, Email Filters, Taiwan, Incidents, Public Sector
Listen to the full podcast
π¨Β Cyber Alerts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft COM for Windows vulnerability, tracked as CVE-2018-0824, to its Known Exploited Vulnerabilities (KEV) catalog. This deserialization of untrusted data flaw, with a CVSS score of 7.5, can enable remote code execution through improperly handled serialized objects. Recently exploited by the China-linked APT41 group against a Taiwanese research institute, the vulnerability was used to deploy ShadowPad malware and other tools.
Mozilla has released Firefox 129.0, bringing significant security enhancements to the popular browser. This update addresses 14 unique security vulnerabilities, including several with a high aggregate severity rating. Although there are no reports of these vulnerabilities being exploited in the wild, the fixes are crucial for maintaining user safety. The update also includes improvements in handling HTTPS, now prioritizing secure connections by default for non-local addresses, and enhancing DNS security by using system DNS settings on supported operating systems.
Researchers have uncovered a new campaign involving the Chameleon Android banking trojan, which disguises itself as a Customer Relationship Management (CRM) app to target users. The campaign, identified in July 2024 by Dutch security firm ThreatFabric, primarily affects users in Canada and Europe, expanding from earlier targets in Australia, Italy, Poland, and the U.K. Once installed, the trojan pretends to be a legitimate CRM tool, tricking users into logging in and then displaying false error messages to deploy the malware.
A critical vulnerability in Kibana, identified as CVE-2024-37287 with a CVSSv3 severity rating of 9.9, has been revealed to allow attackers to execute arbitrary code. This flaw, stemming from prototype pollution, affects multiple Kibana environments, including self-managed installations, Docker images, and Elastic Cloud instances. The vulnerability impacts Kibana versions below 8.14.2 in the 8.x series and below 7.17.23 in the 7.x series.
A recent study by Elastic Security reveals that reputation-based security measures like Windows Smart App Control (SAC) and SmartScreen are increasingly vulnerable to sophisticated attack techniques. Attackers are bypassing these protections by employing methods such as digitally signing malware with extended validation SSL certificates, manipulating code signing, and using tactics like “LNK Stomping” to evade detection.
π₯ Cyber Incidents
The Port of Tyne’s website in North East England was disrupted on Tuesday due to a distributed denial of service (DDoS) attack, which aimed to overload the site and render it inaccessible. Despite the website issues, the port confirmed that its operational systems, which are maintained separately, were not impacted and that all data remains secure. The port swiftly restored full website functionality and is currently collaborating with relevant parties to investigate the source of the attack.
McLaren Health Care, based in Grand Blanc, MI, is investigating a significant disruption to its phone and computer systems that may be linked to a ransomware attack. The outage has led to operational challenges, including the redirection of ambulances to other facilities due to lost access to electronic medical records. While some non-emergent procedures may be rescheduled, patients are advised to attend their appointments as scheduled unless contacted by hospital staff.
North Miami City Hall in Florida has been closed indefinitely due to a possible cyber attack. The breach, which was detected by the city’s IT department on Sunday, has disrupted permits, payments, billing, and passport services. Frustrated residents are unable to conduct city business, with some questioning the lack of contingency plans. The FBI, Miami-Dade police, and North Miami police are investigating the incident.
On August 6, 2024, Blue Ridge Water Solutions, based in Augusta, Maine, disclosed a data breach involving unauthorized access to its corporate network, which does not include its water management systems. The breach, detected on July 23, 2024, led to the exposure of files containing sensitive information, including the name and Social Security number of a Maine resident. The company has responded by notifying the affected individual via First-Class mail and offering one year of complimentary credit monitoring and identity protection services through CyEx Identity Defense Total.
South Suburban College (SSC) in South Holland, Illinois, has reported a data breach potentially exposing personal information of current and former students. Detected on November 8, 2023, the breach involved unauthorized access to the collegeβs network, leading to a ransom demand. Although there is no evidence of misuse, personal data such as names, addresses, dates of birth, and Social Security numbers may have been compromised.
π’ Cyber News
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have unveiled the “Secure by Demand Guide,” designed to help organizations ensure software security during procurement. Released on August 6, 2024, the guide provides practical advice for assessing software manufacturers’ cybersecurity practices, including key questions to ask and considerations for integrating security into the procurement lifecycle.
The UK’s Information Commissionerβs Office (ICO) has announced a provisional Β£6.1 million fine for Advanced Computer Software Group following a serious ransomware attack in August 2022. The breach exposed the personal information of nearly 83,000 individuals, including sensitive medical records and details on how to gain physical access to the homes of 890 care recipients. The attack severely disrupted NHS services, affecting patient referrals, appointment bookings, and emergency prescriptions.
Samsung has unveiled a significant new initiative aimed at bolstering the security of its mobile devices. The companyβs ‘Important Scenario Vulnerability Program’ (ISVP) offers up to $1,000,000 in rewards for critical vulnerabilities that enable arbitrary code execution, device unlocking, or data extraction. The program targets weaknesses in Samsungβs Knox Vault, Trusted Execution Environment (TEEGRIS OS), and Rich OS, with varying rewards based on the severity of the vulnerability.
Darktrace’s latest report reveals alarming trends in email security, analyzing 17.8 million phishing emails and finding that 62% passed domain-based message authentication, reporting, and conformance (DMARC) checks. Over a third of these emails avoided detection by major email providers, and 56% evaded all existing security measures, highlighting significant gaps in current defenses.
Taiwan’s Ministry of Digital Affairs reported 697 information security incidents in the public sector in 2023. The majority of incidents were illegal intrusions, with equipment issues, denial-of-service attacks, and web attacks also noted. Most incidents were classified as level one, indicating lower severity, while no incidents reached the most severe level four.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
