CyberSecurity Newsletter 21st October 2024
In this week’s news: Ransomware attacks drop by 51%, Throwing Cash at Tools Isn't Helping Detect Breaches, Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, Hackers breached ESET's exclusive partner in Israel, Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, and scammers used AI face-swapping technology to create female personas for online dating.
Subscribe to this newsletter.
In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so do its consequences, costs, and implications for enterprises and critical infrastructure.:
https://securityintelligence.com/articles/whats-behind-51-drop-in-ransomware-attacks/
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches. Global information security spend is projected to reach $215 billion by the end of 2024. But a new survey of chief information security officers (CISOs) shows that all that cash might not have bought the peace of mind they hoped for. In fact, 44% of CISOs across the globe reported missing a data breach in the past 12 months with existing tools:
https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches
Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims. The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices.:
https://www.darkreading.com/cyberattacks-data-breaches/hong-kong-crime-ring-swindles-victims-out-of-46m
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. "We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed," reads an updated statement from Cisco.:
https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/
Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees. Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations.:
https://securityaffairs.com/169972/data-breach/omni-family-health-disclosed-a-data-breach.html
Fair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses. While the organization assures that no financial information was compromised, the incident has raised concerns about data security practices. Fair Vote Canada revealed that the breach involved data from 2020, which inadvertently became publicly accessible via an external website.:
https://gbhackers.com/fair-vote-canada-data-leak/
Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. A data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to recover the data.:
https://www.bleepingcomputer.com/news/security/eset-partner-breached-to-send-data-wipers-to-israeli-orgs/
U.S. and allies warn of attacks from Iran-linked actors targeting critical infrastructure through brute-force attacks in a year-long campaign. Intelligence and cybersecurity agencies from the U.S., Australia, and Canada, warn about a year-long campaign carried out by Iran-linked threat actors to break into critical infrastructure organizations via brute force and password spraying attacks.:
https://securityaffairs.com/169960/apt/iran-linked-actors-a-year-long-campaign.html
Grafana, an open-source data analytics and visualization platform, was found to have a critical vulnerability that could lead to remote code execution. The flaw, tracked as CVE-2024-9264, which has a CVSS v4 score of 9.4, was introduced in Grafana version 11 released in May 2024, Grafana Labs disclosed Thursday.:
https://www.scworld.com/news/grafana-critical-vulnerability-risks-remote-code-execution
Alabama man Eric Council Jr., has been apprehended and charged by U.S. authorities following his involvement in the compromise of the Securities and Exchange Council's official account on X, formerly Twitter, that resulted in a Bitcoin price spike earlier this year, reports CyberScoop.:
https://www.scworld.com/brief/us-arrests-indicts-hacker-of-secs-x-account
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain.:
https://thehackernews.com/2024/10/crypt-ghouls-targets-russian-firms-with.html
A North Korea-linked threat actor, tracked as APT37 (also known as RedEyes, TA-RedAnt, Reaper, ScarCruft, Group123), exploited a recent Internet Explorer zero-day vulnerability, tracked as CVE-2024-38178 (CVSS score 7.5), in a supply chain attack.:
https://securityaffairs.com/169983/apt/north-korea-apt37-ie-zero-day.html
The US Justice Department charged two Sudanese brothers (Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) with operating and controlling the cybercrime collective Anonymous Sudan that launched tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.:
https://securityaffairs.com/169937/hacktivism/anonymous-sudan-members-arrested.html
Cybercrime in recent years shows no signs of slowing down, with phishing attacks surging and ransomware tactics becoming more advanced, forcing organizations to constantly adapt their defenses. The rise of deepfake technology, especially in creating realistic audio impersonations, poses new dangers:
https://www.helpnetsecurity.com/2024/10/18/cybercrime-attacks-tactics-video/
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code.:
https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html
Microsoft appeared as the most impersonated brand in phishing attacks during the third quarter of 2024, according to new research by CheckPoint. The tech firm topped the latest edition of Check Point Research’s Brand Phishing Ranking, with 61% of brand phishing attempts leveraging Microsoft branding.:
https://www.infosecurity-magazine.com/news/microsoft-most-imitated-brand/
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog.:
https://securityaffairs.com/170014/security/u-s-cisa-adds-veeam-backup-and-replication-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. The issue was first reported by Business Insider earlier this month, who reported that Microsoft had began notifying customers that their logging data had not been consistently collected between September 2nd and September 19th:
https://www.bleepingcomputer.com/news/security/microsoft-warns-it-lost-some-customers-security-logs-for-a-month/
The Cicada3301 ransomware-as-a-service (RaaS) group had its affiliate program infiltrated by Group-IB researchers, who published new details about the gang’s affiliate panel and ransomware strains in a report published Thursday.:
https://www.scworld.com/news/cicada3301-ransomware-affiliate-program-infiltrated-by-security-researchers
Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system.:
https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647.:
https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html
Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model. The software, called Vulnhuntr, was announced at the No Hat security conference in Italy on Saturday.:
https://www.theregister.com/2024/10/20/python_zero_day_tool/