Cybersecurity Digest #93: 02/04/2024 – 16/04/2024

Cybersecurity News

• Apple has sent a new batch of threat notifications to users in 92 countries who may have been targeted by mercenary spyware attacks.
• Cybersecurity researchers have disclosed the first native Spectre v2 exploit against the Linux kernel on Intel systems. It could be used to read sensitive data from the memory.
• Researchers have found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices.
• Google has introduced a new feature for its Chrome browser, which should eliminate, or at least minimize, memory corruption vulnerabilities.
• The U.S. HHS Department has warned that hackers can be using social engineering tactics to target IT help desks across the Healthcare and Public Health sector.
• An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been detected. The security issue could lead to the exfiltration of process memory addresses.
• Experts have discovered HTTP/2 protocol vulnerabilities, which can lead to DoS attacks. The flaws can be used to crash web servers with a single TCP connection in some implementations.
• Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT. The attacks may have been operating since 2022.

Cybersecurity Blog Posts

• Steve Durbin, Chief Executive of Information Security Forum, shared his thoughts on how to design and deliver an effective cybersecurity exercise. According to the author, cyber exercises press an organization’s ability to detect, investigate, and respond to threats in a timely and secure manner.
• Christine Bejerasco, CISO at WithSecure, explained how exposure management elevates cyber resilience. The author emphasized the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate.
• Charlotte Wylie, SVP and Deputy CSO at Okta, discussed the challenges of managing user identities across hybrid IT environments. Charlotte also emphasized balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify security policies.
• Eric Demers, CEO of Madaket Health, examined prevalent cyber threats targeting healthcare organizations. Demers also addressed cybersecurity concerns with IoT devices and recommended enhancing resilience through updates, redundancies, and partnerships.

Research and Analytics

• Remote desktop protocol compromise has reached record levels in ransomware attacks, according to new research from Sophos. Experts analyzed 150 of Sopjos’ incident response cases from 2023 and found RDP abuse featured in 90% of them to give threat actors remote access to Windows environments.
• Wiz’s experts have found two critical architecture flaws in generative AI models uploaded to Hugging Face, the leading hub for sharing AI models and applications. In new research, the experts described the two flaws and the risk they could pose to AI-as-a-service providers.
• Cutting Edge, Part 4 report conducted by Mandiant has revealed that Chinese threat actors have developed new techniques to move laterally post-exploitation of Ivanti vulnerabilities.
• According to Proofpoint’s research, only 1% of users are responsible for 88% of data loss events. These events are a problem stemming from the interaction between humans and machines. ‘Careless users’ are much more likely to cause those incidents than compromised or misconfigured systems.
• In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild, which is over 50% more than in 2022. In the We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023 experts claimed end-user platform vendors like Apple, Google and Microsoft have made notable investments to reduce the number of exploitable zero days threat actors can find, making certain types “virtually non-existent” today.
• Flashpoint has released its 2024 Global Threat Intelligence Report that looks back at 2023 to shed light on cyber threats, geopolitical turmoil, and escalating physical conflicts around the world to help organizations strengthen defenses, ensure operational resilience, and proactively confront multifaceted threats.
• According to a new study from Beaming, nearly half of the UK’s small and medium-sized enterprises have lost access to data since 2019, potentially costing them billions. Among the causes of such losses were hardware theft or failure, cybercrime, data management errors, fire and flooding.
• According to Cisco 2024 Cybersecurity Readiness Index, only 3% of organizations are resilient to today’s cybersecurity threats. This figure is much lower than the proportion of global organizations that had a “mature” readiness level compared to 2023, when 15% were rated as “mature.”

Major Cyber Incidents

• An attack on Hoya Corporation has been conducted by the Hunters International group. The hackers demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack.
• The OWASP Foundation has disclosed a data breach from server misconfiguration. Some of its members have been impacted due to a misconfiguration of an old Wiki web server.
• CVS Group, a prominent veterinary services provider based in the UK, has fallen a victim to a cyberattack. Hackers have managed to disrupt the company’s IT services across the country.
• Home Depot has suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data. The gained information could potentially be used in targeted phishing attacks.
• US cancer center City of Hope has confirmed that it has suffered a data breach which impacted its clients. Over800,000 individuals have been affected by this breach, compromising not just their personal information, but also their health data.
• The popular online shopping platform PandaBuy has fallen a victim to a massive data breach, leaving over 1.3 million users affected. The data has been posted on a dark web forum by two threat actors — Sanggiero and IntelBroker.
• AT&T Inc.has confirmed that personal data from about 73 million current and former customers had been leaked onto the dark web.
• Omni Hotels & Resorts has suffered acyberattack, which affected guests and hotel employees. The attack has taken down systems across the hotel chain, including reservations and payment systems.