π What’s going on in the cyber world today?
- Rising Rhysida Ransomware Threat,Β
- Black Friday Warning on Smart Device Security,Β
- Critical Vulnerability Patched in SAP Business One,Β
- Advanced Exploits for ActiveMQ Security Alert,Β
- Microsoft’s November Patch,Β
- Samsung UK Store Data Breach,Β
- Plume Under Investigation After Database Theft Claim,Β
- Beaverton School District Faces Cybersecurity Crisis,
- Tyson Foods Faces Ransomware Threat,
- Alleged INC Ransom Breach on Yamaha Motor Philippines,Β
- US Government Unveils AI Roadmap for Cybersecurity,Β
- Resurgence of Credit Card Skimming,
- Rackspace’s $5M Battle Against the Aftermath Ransomware Attack,Β
- Google Takes Legal Stand Against Cybercriminals,Β
- European Telecom Standards Body to Open-Source TETRA Encryption
π¨Β Cyber Alerts
1.Β Rhysida Ransomware Targets Multiple Sectors
Security agencies FBI and CISA have jointly issued a warning about the growing threat of Rhysida ransomware, emphasizing its opportunistic attacks across various sectors. Originating in May 2023, Rhysida gained notoriety after targeting the Chilean Army and has since expanded its assaults to healthcare organizations, prompting a Department of Health and Human Services alert.
2.Β ICO’s Black Friday Alert on Smart Devices
The Information Commissioner’s Office in the UK has issued a cautionary message to Black Friday shoppers, urging them to scrutinize the privacy and security aspects of smart devices before making purchases. As the data protection regulator reviews the tech category for forthcoming guidance, it emphasizes the potential risks to personal data that buyers might unknowingly expose themselves to.
3.Β Critical Fixes in SAP Business One
SAP, the leading enterprise software company, has successfully rectified a critical improper access control vulnerability identified in its Business One product. Tracked as CVE-2023-31403 with a CVSS score of 9.6, the flaw affected the SAP Business One installation, version 10.0, by neglecting proper authentication and authorization checks for SMB shared folders. This lapse exposed a significant risk, allowing malicious users to read, write, and even execute files within the shared folder, posing a considerable threat to confidentiality, integrity, and availability.
4.Β VulnCheck Exposes ActiveMQ Exploits
Cybersecurity firm VulnCheck exposes advanced exploits leveraging the critical security flaw in Apache ActiveMQ, denoted as CVE-2023-46604. Ransomware groups, including those deploying threats like HelloKitty and TellYouThePass, actively exploit this vulnerability, allowing arbitrary code execution in memory. VulnCheck’s findings reveal a public proof-of-concept exploit, prompting urgent calls from Jacob Baines, VulnCheck’s chief technology officer, to promptly patch ActiveMQ servers and consider removal from internet exposure, highlighting the necessity of vigilance against stealthy attacks using CVE-2023-46604.
5.Β Microsoft’s November Security Update
Microsoft has taken decisive action against emerging cyber threats by releasing a comprehensive security update addressing 63 vulnerabilities in its software for November 2023. Of particular concern are five zero-day vulnerabilities, including CVE-2023-36025, a Windows SmartScreen Security Feature Bypass flaw with a CVSS score of 8.8, and CVE-2023-36033 and CVE-2023-36036, both Windows DWM Core Library Elevation of Privilege vulnerabilities.
6.Β Samsung UK Store Data Breach
Samsung Electronics has disclosed a data breach affecting customers who made purchases from its UK online store between July 1, 2019, and June 30, 2020. The breach, discovered two days ago, resulted from a hacker exploiting a vulnerability in a third-party application used by the company. While details about the security issue remain undisclosed, Samsung reassures customers that credentials and financial information remain unaffected, with only personal details such as names, phone numbers, and addresses exposed.
7.Β Plume Data Breach Alert
Smart Wi-Fi service provider Plume is in the midst of a data breach, revealed by hackers on Breach Forums. With services spanning over 45 countries and 55 million homes, Plume is under investigation after hackers claimed to have stolen 20GB of its Wi-Fi database. Dissatisfied, the hackers released CSV files containing alleged customer and employee data, urging Plume’s compliance within 48 hours or the threat of further sensitive information disclosure. The breach highlights the importance of robust security protocols and access management for organizations like Plume.
8.Β Security Incident at Beaverton District
The Beaverton School District announced on Tuesday evening that it has fallen victim to a cybersecurity breach, raising concerns over the potential compromise of student passwords. The district promptly issued warnings to students and parents, notifying them of the incident and initiating a comprehensive system reset for student accounts across various platforms, including email, Google documents, and Canvas. As part of the security measures, the district urged parents to ensure their students hadn’t reused school passwords on other platforms and advised them to change passwords promptly if such instances were identified.
9.Β Tyson Foods Faces Ransomware Threat
In a concerning development, Tyson Foods, the world’s second-largest processor of chicken, beef, and pork, has reportedly fallen prey to a ransomware attack. The Snatch ransomware cartel, known for showcasing its exploits on a blog and Telegram channel, has claimed responsibility, raising fears about the security of Tyson Foods’ data. While the attackers haven’t disclosed the nature of the accessed data, a post on Snatch’s Telegram channel hints at potential insights into the company’s future plans, leaving the multinational food industry giant, with over $53 billion in revenues last year, grappling with cybersecurity concerns.
10.Β INC Ransom targets Yamaha
In a bold move, the notorious INC Ransom ransomware group declares a successful breach of Yamaha Motor Philippines Inc.’s cyber defenses. Despite the group’s claim, crucial details about the attack on Yamaha Motor remain shrouded in secrecy, adding an air of uncertainty to the situation. With the absence of specific information on the extent of the breach and the compromised data, the cybersecurity landscape surrounding Yamaha Motor Philippines is characterized by heightened concerns and unanswered questions.
11.Β Strategic AI Roadmap for Cyber Defense
The US Department of Homeland Securityβs Cybersecurity and Infrastructure Security Agency (CISA) has revealed a groundbreaking roadmap for artificial intelligence (AI) in cybersecurity, aligning with President Bidenβs Executive Order on AI safety standards. The comprehensive roadmap encompasses five strategic lines of effort, emphasizing responsible and ethical AI use to safeguard critical infrastructure and cyber defenses.
12.Β Credit Card Skimming on the Rise
In the wake of the upcoming holiday shopping season, a concerning trend is on the rise as cybercriminals seize the opportunity to exploit unsuspecting consumers. Credit card skimming, a stealthy menace, is becoming increasingly prevalent in online transactions, posing a significant threat to the security of shoppers. With the Kritec campaign gaining momentum and hundreds of stores compromised, the need for heightened vigilance is paramount.
13.Β Rackspace’s Legal Battles Post-Ransomware
In the aftermath of the December 2022 ransomware attack on Rackspace Technology’s Hosted Exchange business, the company faces a financial hurdle with recorded expenses amounting to $5 million in the first nine months of the year. This incident, attributed to the Play ransomware group, prompted the discontinuation of the Hosted Exchange product, representing 1% of the company’s revenue.
14.Β Google Fights Bard Malware Scam
Google has initiated legal action against cybercriminals responsible for delivering account-hijacking malware through deceptive Bard AI download offers. The tech giant filed a lawsuit targeting these “AI scammers” who utilized social media pages and advertisements to lure users into downloading what purported to be Bard, Google’s chat-based AI tool. Google aims to deter such scams in the future by seeking orders to disable domains associated with these cybercriminals and has already conducted approximately 300 takedowns related to this scheme since April.
15.Β Open-Source TETRA Strengthens Cybersecurity
In a significant move, the European Telecommunications Standards Institute has announced its plan to open-source the encryption protocols for Terrestrial Trunked Radio, a widely used radio communication standard adopted by companies like Motorola, Hytera, and Simoco. This decision follows the revelation of a critical vulnerability in the TETRA protocol by Dutch security firm Midnight Blue, which successfully hacked a Motorola radio. ETSI’s move to make its Air Interface algorithms and cryptographic protocols public aims to enhance transparency and security, allowing for collaborative scrutiny to identify and address potential flaws before widespread deployment, particularly in critical infrastructure networks.
