CyberSecurity Newsletter July 14th 2024
CyberSecurity Newsletter July 14th 2024
In this week’s news: CISA red team breaks into federal agency, Nullbudge hacks Disney, RCE vuln in Outlook, Hackers average 22min to hack after PoC, PKIK-SSH released, Twitter and NSA breaches online, and the 10 billion password compilation is released.
CISA broke into a US federal agency, and no one noticed for a full 5 months. The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a particular unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets:
https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/
Hacktivist group NullBulge claims to have breached Disney, leaking 1.1 TiB of internal Slack data. The leak allegedly includes messages, files, code, and more. This comes amidst breaches affecting AT&T and Ticketmaster.:
https://hackread.com/disneys-internal-slack-breached-nullbulge-leak-data/
Morphisec researchers have discovered a critical zero-click remote code execution (RCE) vulnerability in Microsoft Outlook, designated CVE-2024-38021. Unlike the previously disclosed CVE-2024-30103, this vulnerability does not require authentication, making it particularly dangerous:
https://cybersecuritynews.com/outlook-zero-click-rce-vulnerability/
Hackers use PoC exploits in attacks 22 minutes after release:
https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/
PKIX-SSH, a modified version of OpenSSH supporting X.509 v3 certificate authentication, is crucial in network management devices and baseband management controllers. On July 6, 2024, version 15.1 of PKIX-SSH was released to tackle a regreSSHion vulnerability affecting:
https://www.runzero.com/blog/pkix-ssh-services/
Published in response to recent intrusions exploiting CVE-2024-20399 (Cisco NX-OS), CVE-2024-3400 (Palo Alto Networks PAN-OS), and CVE-2024-21887 (Ivanti Connect Secure), CISA and the FBI are urging business leaders and device manufacturers to eliminate OS command injection vulnerabilities at the source:
https://www.securityweek.com/cisa-fbi-urge-immediate-action-on-os-command-injection-vulnerabilities-in-network-devices/
Researchers at Cyber Press discovered a 9.4GB leaked Twitter user data containing nearly 200 million user data records. This leak, sourced from a Twitter database or scrape, represents one of the largest exposures of user data in recent times:
https://cybersecuritynews.com/massive-9-4gb-twitter-data-leaked-online/
Researchers from Cyber Press, who reported a massive Twitter data leak today, found another data leak online. This time, cybercriminals exposed a file with 1.4 GB of leaked data from the National Security Agency (NSA). The data, which includes sensitive and classified information, is posted in a well-known data breach forum:
https://cybersecuritynews.com/1-4-gb-of-nsa-data-leaked/
Nearly 10 billion unique passwords have been leaked on a cybercrime forum, putting online users across the world at risk of account compromise, according to a Cybernews investigation. The researchers discovered the leak of 9.94 million plaintext passwords, described as the largest password compilation of all time, which was posted on a popular hacking forum by a user named ‘ObamaCare’ on July 4. The attackers have essentially expanded a previous password compilation from 2021, titled RockYou2021, built from online data leaks.:
https://www.infosecurity-magazine.com/news/10-billion-passwords-leaked/
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol:
https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/
A major South Korean ISP is accused of installing malware on over 600,000 customers’ PCs to curb torrent traffic, raising concerns about user privacy and ethical business practices:
https://hackread.com/isp-mass-malware-attack-on-customers/
DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal:
https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/
4000+ Domains Used By FIN7 Actors Mimic Popular Brands:
https://cybersecuritynews.com/fin7-domains-mimic-brands-uncovered/
Attackers have exploited zero-day patched by Microsoft for over a year (CVE-2024-38112):
https://www.helpnetsecurity.com/2024/07/10/cve-2024-38112-cve-2024-38021/
Critical Exim bug bypasses security filters on 1.5 million mail servers:
https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/
A trio of unauthenticated ServiceNow vulnerabilities exposed 42,000. CVE-2024-4879 (CVSS 9.8) lets “an unauthenticated user remotely execute code”:
https://www.thestack.technology/trio-of-unauthenticated-servicenow-vulnerabilities-exposed-42-000/
A significant data breach involving Microsoft has come to light, exposing sensitive information of over 2,000 employees. The Cyber Press Research Team has uncovered a data leak file containing personal and professional details of 2,073 Microsoft employees, reportedly obtained through a breach of a third-party vendor:
https://cybersecuritynews.com/microsoft-employees-data-exposed/
AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. AT&T started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. AT&T have confirmed the access point has been secured:
https://www.att.com/support/article/my-account/000102979
Hackers weaponize shortcut files because they are an inconspicuous way to execute malicious code on a target system:
https://cybersecuritynews.com/hackers-weaponize-shortcut-files/
Citrix has fixed a critical-severity vulnerability in NetScaler Console, its cloud-based monitoring and management product, which if exploited could give attackers unauthorized access to sensitive data. The flaw (CVE-2024-6235), which scores 9.4 out of 10 on the CVSS scale, stems from improper authentication and could be exploited by an attacker that has access to a NetScaler Console IP:
https://malware.news/t/citrix-warns-of-critical-netscaler-console-flaw/83960
Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations:
https://securityaffairs.com/165693/cyber-crime/vyacheslav-igorevich-penchukov-sentenced-prison.html
Multiple threat actors began exploiting a critical vulnerability in the PHP scripting language within a day of its public disclosure last month, according to security firm Akamai. Administrators are advised to patch immediately:
https://www.govinfosecurity.com/multiple-threat-actors-moving-quickly-to-exploit-php-flaw-a-25748
Nearly two-thirds of security professionals admitted to using unauthorised software-as-a-service (SaaS) tools, also known as “shadow SaaS,” in a survey published this week by Next DLP. Of the more than 250 security professionals surveyed at RSA Conference 2024 and Infosecurity Europe 2024, 73% said they had used unauthorised tools, despite most respondents acknowledging the risks of data loss, data breaches and lack of visibility associated with shadow SaaS:
https://www.scmagazine.com/news/shadow-saas-used-by-two-thirds-of-security-pros-survey-finds
Google reportedly in advanced talks to acquire cyber startup Wiz for $23 billion:
https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a
Microsoft fixes bug causing Windows Update automation issues:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-windows-update-automation-issues/
An arbitrary file upload vulnerability in the component “/admin/cmsWebFile/save” of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file:
https://gitee.com/sanluan/PublicCMS/issues/IAAKYP
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to http.memcap being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6:
https://redmine.openinfosecfoundation.org/issues/7029
The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident.":
https://www.bleepingcomputer.com/news/security/arrl-finally-confirms-ransomware-gang-stole-data-in-cyberattack/