Policies
XM Cyber Report Highlights Misconfiguration Risks Over CVEs
XM Cyber’s 2024 report, “Navigating the Paths of Risk,” found that 80% of security exposures are due to misconfigurations, with CVEs accounting for less than 1%. The research emphasizes that identity and credential misconfigurations pose significant risks to critical assets. Traditional security practices often focus on CVEs, but the report highlights the need to prioritize high-impact exposures and “choke points,” which represent key intersections where multiple attack paths converge. Addressing these critical areas can significantly reduce risk. The report calls for a shift in cybersecurity strategies to focus on real-world attack vectors and effective exposure management.
Windows 11 to Deprecate NTLM, Introduce AI-Powered Security Enhancements
Microsoft will deprecate NTLM in Windows 11 by late 2024, replacing it with Kerberos. New security features include AI-enhanced Smart App Control, Win32 app isolation, Zero Trust DNS, and Virtualization-Based Security for Windows Hello. These measures aim to improve overall cybersecurity and address recent security criticisms.
Vulnerabilities
Critical GitHub Enterprise Server authentication bypass bug. Fix it now!
GitHub has patched a critical vulnerability (CVE-2024-4985) in GitHub Enterprise Server (GHES) that allows attackers to bypass authentication and gain administrator privileges. The flaw, affecting versions before 3.13.0, is linked to SAML single sign-on (SSO) with encrypted assertions. This vulnerability was addressed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. GitHub urges affected users to update their systems immediately to avoid potential exploitation.
Two students uncovered a flaw that allows to use laundry machines for free
Two students from UC Santa Cruz discovered a vulnerability in over a million internet-connected laundry machines managed by CSC ServiceWorks. The flaw allows remote attackers to send commands to start laundry cycles for free. Despite reporting the issue, CSC has not fixed it and only reset the researchers’ account balance, leaving the bug unfixed and exploitable.
Why your Wi-Fi router doubles as an Apple AirTag
Researchers from the University of Maryland revealed that Apple’s method of collecting Wi-Fi access point locations could be exploited to track devices globally, including those in conflict zones. Using Apple’s Wi-Fi Positioning System (WPS), which logs and shares the locations of nearby Wi-Fi access points, the researchers monitored military movements and refugee resettlements. Starlink, impacted by this, has started randomizing BSSIDs to mitigate the issue. Apple now allows users to opt out by adding “_nomap” to their SSID. The researchers call for more robust privacy measures to prevent such large-scale data collection and potential misuse.
Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
Cybersecurity researchers have uncovered a critical vulnerability in Replicate, an AI-as-a-service provider, potentially allowing unauthorized access to customer AI models and sensitive information. The flaw, discovered by Wiz, stems from the packaging of AI models in formats that permit arbitrary code execution. Researchers exploited this vulnerability by uploading a rogue container to Replicate, enabling remote code execution with elevated privileges. This method also allowed cross-tenant attacks by tampering with a centralized Redis server used to manage customer requests. The vulnerability, responsibly disclosed in January 2024, has been patched by Replicate with no evidence of exploitation in the wild. This discovery highlights the significant risks posed by malicious AI models, particularly for AI-as-a-service providers.
Breaches
Sav-Rx Data Breach Affects Over 2.8 Million Individuals
Sav-Rx disclosed a 2023 data breach impacting 2.8 million people in the U.S. Attackers accessed non-clinical systems, compromising sensitive data such as Social Security numbers and health information. Sav-Rx has since enhanced its security and is offering affected individuals 24 months of credit monitoring and identity theft restoration services.
Healthcare firm WebTPA data breach impacted 2.5 million individuals.
WebTPA, a healthcare management and administrative services provider, reported a data breach affecting nearly 2.5 million people. The breach, discovered in December 2023, exposed personal information such as names, contact details, Social Security numbers, and insurance information. WebTPA is offering identity monitoring services and has enhanced security measures post-incident.
Cyber Attacks
MITRE Uncovers Rogue VMs in December 2023 Attack
The MITRE Corporation disclosed that China-linked threat actors exploited Ivanti Connect Secure vulnerabilities to breach its systems in January 2024. The attackers created rogue virtual machines (VMs) within MITRE’s VMware environment to evade detection and maintain control, deploying various malicious payloads while avoiding centralized management interfaces.
Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud
Microsoft reports that Moroccan cybercrime group Storm-0539 steals up to $100,000 daily through sophisticated email and SMS phishing attacks, targeting gift card services. The group exploits initial access to register devices, bypass authentication, and create fraudulent gift cards. They sell these on black markets, using advanced tactics to maintain persistent access and evade detection.
North Korea-linked IT workers infiltrated hundreds of US firms.
The U.S. Justice Department charged five individuals for aiding North Korea-linked IT workers to infiltrate over 300 U.S. firms by posing as U.S. citizens. This scheme, involving stolen identities and fraudulent job platforms, generated $6.8 million for North Korea, allegedly financing its nuclear program. This is the largest scheme of its kind ever charged by U.S. authorities.
Chinese actor ‘Unfading Sea Haze’ remained undetected for five years
A previously unknown Chinese threat actor, ‘Unfading Sea Haze,’ has been targeting military and government entities since 2018. Bitdefender discovered that the group used sophisticated techniques, including spear-phishing and custom malware, to infiltrate and persist within networks. Despite ongoing attacks, the group remained undetected for over five years, highlighting significant cybersecurity challenges.
Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam
The U.S. Department of Justice charged Chinese nationals Daren Li and Yicheng Zhang for orchestrating a pig butchering scam, laundering $73 million through shell companies. Arrested in Atlanta and Los Angeles, the two led an international syndicate that tricked victims into transferring funds to U.S. bank accounts. These funds were then laundered through U.S. and international accounts and converted to cryptocurrency. If convicted, both face up to 20 years in prison for conspiracy and international money laundering. This case highlights the rising trend of romance and investment scams in Southeast Asia, often involving coercion and human trafficking.
Advisory
CISA Urges Immediate Patching of D-Link Router Vulnerabilities
CISA added two actively exploited D-Link router vulnerabilities (CVE-2014-100005 and CVE-2021-40655) to its Known Exploited Vulnerabilities catalog. These flaws enable configuration changes and information disclosure. Agencies must apply mitigations by June 6, 2024. Additionally, unpatched issues in DIR-X4860 routers could allow remote command execution, necessitating immediate action.
Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats
Rockwell Automation advises customers to disconnect industrial control systems (ICS) not meant for public internet access to mitigate cyber threats amid heightened geopolitical tensions. The company stresses the importance of removing internet connectivity to reduce attack surfaces and recommends ensuring all necessary patches and mitigations are in place for specific vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) supports this advisory, highlighting the risks of malicious actors targeting internet-accessible operational technology (OT) assets. Recent research indicates that compromising web interfaces of programmable logic controllers (PLCs) can lead to serious security breaches, reinforcing the need for stringent cybersecurity measures.
Cyber Threat Alert! Beware of Fake Antivirus Sites Spreading Malware.
Cybercriminals are using fake antivirus websites posing as trusted brands like Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices. These malicious programs steal sensitive data, employ advanced distribution techniques like malvertising and SEO poisoning, and contribute to the rising threat of stealers and trojans in the cybersecurity landscape.
This is a new initiative and we would like to know your feedback and how useful it is for you. With a hope that we can tune it to address your needs.
Leave a Reply