CISO Daily Update - October 16, 2024
NEW DEVELOPMENTS
Cisco Investigating Data Breach: What We Know So Far
Source: Cybernews
Cisco is investigating claims made by the hacker IntelBroker, who alleges stealing sensitive data, including business customer information and credentials from various tech giants and government institutions. The breach reportedly involves 1,000 organizations such as Amazon, Apple, and the US military. Cisco has not yet confirmed the validity of the breach but is conducting an investigation. IntelBroker is known for past high-profile hacks and is attempting to sell the stolen data.
Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft
Source: Security Week
Volkswagen responded after the 8Base ransomware group claimed to steal sensitive data, stating that its IT infrastructure was not affected and the situation is being closely monitored. The 8Base gang alleged they obtained invoices, personal data, and other confidential information but have yet to release it publicly. The group has been active since early 2023 and uses stolen data to pressure victims into paying ransoms. This incident follows past cybersecurity challenges faced by Volkswagen, including previous reports of Chinese hackers accessing systems from 2011 to 2014.
US Invented Volt Typhoon to Hide Its Own Cyber Espionage, China Says
Source: Cybernews
China has accused the U.S. of creating the Volt Typhoon hacking group as part of a disinformation campaign to justify its global surveillance and cyber espionage activities. The National Computer Virus Emergency Response Center in China claims the U.S. conducts false flag cyberattacks, using tools like "Marble" to hide its involvement while blaming nations such as China, Russia, and Iran. These allegations suggest that the U.S. manipulates cyber threat narratives to retain control over critical global internet infrastructure.
New ConfusedPilot Attack Targets AI Systems with Data Poisoning
Source: Infosecurity Magazine
Researchers from the University of Texas at Austin's SPARK Lab have uncovered a new cyber-attack method called ConfusedPilot, targeting AI systems like Microsoft 365 Copilot. This attack uses data poisoning by introducing malicious content into documents referenced by Retrieval-Augmented Generation (RAG) systems, leading to misinformation and flawed decisions. ConfusedPilot persists even after malicious content has been removed and existing AI security measures have been bypassed. To mitigate this, experts recommend implementing access controls, regular data audits, segmentation, and human oversight of AI-generated content.
VULNERABILITIES TO WATCH
WordPress Jetpack Plugin Critical Flaw Impacts 27 Million Sites
Source: Security Affairs
The WordPress Jetpack plugin has patched a critical vulnerability in its Contact Form feature, which allowed logged-in users to view form submissions from other users on the same site. This flaw has been present since version 3.9.9 in 2016, impacting 27 million sites. Jetpack addressed the issue with the release of version 13.9.1. Although there’s no evidence of active exploitation, plugin maintainers urge users to update immediately to prevent potential risks. Most sites are automatically receiving the patch.
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
Source: Security Week
Splunk issued security patches for several vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws (CVE-2024-45733 and CVE-2024-45731) that affect Windows systems. These flaws could allow attackers to execute code or write malicious files remotely. The update also addresses a high-severity information disclosure vulnerability (CVE-2024-45732) and other medium-severity issues. Splunk urges users to update their systems to the latest versions of Splunk Enterprise or Splunk Cloud.
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
Source: Cyber Security News
A critical vulnerability in Windows Kernel-Mode Drivers (CVE-2024-35250) allows attackers to escalate privileges to the SYSTEM level. A Proof-of-Concept (PoC) exploit recently released shows how attackers can bypass security measures by manipulating IOCTL_KS_PROPERTY requests within Windows Kernel Streaming. Microsoft has released a patch, and users are strongly urged to update their systems to prevent exploitation. This flaw affects multiple Windows versions, including Windows 11, and is particularly concerning due to its long-standing presence.
Ubuntu Authd Flaw Let Attackers Spoof User ID
Source: Cyber Security News
A newly discovered vulnerability (CVE-2024-9312) in Ubuntu’s Authd enables local attackers to spoof user IDs, potentially gaining unauthorized access to privileged accounts. This flaw stems from a deterministic method for assigning user IDs, which can lead to ID collisions. Attackers can exploit the vulnerability by purging caches or targeting inactive accounts. To mitigate the risk, organizations should implement external Identity Providers (IdPs) or make architectural changes to ensure unique user IDs across systems.
SPECIAL REPORTS
Most Organizations Unprepared for Post-Quantum Threat
Source: Infosecurity Magazine
A report from the Entrust Cybersecurity Institute reveals that most organizations remain unprepared for post-quantum threats, despite NIST's release of post-quantum encryption standards. The survey included over 2,000 IT security experts, and found that fewer than half of organizations are ready to adopt quantum cryptography. Key challenges include ownership issues, lack of visibility into cryptographic assets, and insufficient skills. Many organizations still face significant obstacles in transitioning to post-quantum cryptography, which leaves them vulnerable to future threats.
Eight Million Users Install 200+ Malicious Apps from Google Play
Source: Infosecurity Magazine
Security researchers uncovered more than 200 malicious apps on Google Play, downloaded by over 8 million users, according to Zscaler's 2024 report. Joker malware, responsible for 38% of detections, commits WAP fraud by subscribing victims to premium services without their consent. Other threats included adware (35%) and Facestealer (14%), which hijacks Facebook accounts. The "Tools" category was the most exploited, with mobile banking malware and spyware on the rise. India, the US, and Canada were the hardest-hit regions by mobile attacks.
Data Breaches Trigger Increase in Cyber Insurance Claims
Source: Help Net Security
Cyber insurance claims have surged in 2024 due to a spike in data breaches and privacy violations, with claims exceeding €1 million up by 14%, and overall claim severity rising by 17%. Ransomware and data exfiltration attacks, alongside regulatory and legal pressures, have fueled this increase. U.S. privacy-related class actions have doubled, affecting sectors ranging from healthcare to social media. Despite growing cybersecurity investments, many breaches continue to occur due to insufficient protections.
Microsoft Says More Ransomware Stopped Before Reaching Encryption
Source: The Register
Microsoft's 2024 Digital Defense Report shows a 2.75-fold increase in ransomware attacks but highlights improved defenses that prevent more attacks from reaching the encryption stage. Enhanced automatic detection and disruption capabilities contribute to this success. Social engineering remains a significant entry point, with tactics like phishing and SIM swapping bypassing MFA protections. The report also points to growing threats in cloud environments from groups like Octo Tempest and stresses the need for phishing-resistant technologies and better identity and authentication management to reduce risks.
CISOs' Privacy Responsibilities Keep Growing
Source: Darkreading
As cybersecurity threats intensify and privacy regulations tighten, CISOs take on more privacy-related responsibilities. This shift stems from regulatory pressures, AI governance concerns, and the need to comply with laws like GDPR and CCPA. CISOs now collaborate with legal and HR teams to implement privacy controls while managing their traditional cybersecurity roles. Many are reskilling to address these evolving privacy challenges, focusing on transparency, consent management, and data governance.
Finding value in this newsletter? Like or share this post on LinkedIn