25/06/2024
Cybersecurity news
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, including flaws affecting Microsoft, Linux, WSO2, and Jenkins systems.
- The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.
- Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework. The flaw is tracked as CVE-2022-0540 and comes with a severity rating of 9.9.
- Some popular virtual private networks (VPNs) may be leaving users exposed to a significant security risk. A new report by AppEsteem has found that a number of popular options put their users at risk with questionable practices.
- Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage exploit, dubbed homeage, to install the NSO Group Pegasus spyware on iPhones belonging to Catalan politicians, journalists, academics, and activists.
- A vulnerability has been identified in the popular free 7-Zip archiver for the Windows platform, exploitation of which allows a local user with limited rights to increase the privilege level in the system to the system level.
Cybersecurity Blog Posts
- Corey Nachreiner, CSO at WatchGuard Technologies, gave a high-level summary of the Internet Security Report for Q4 2021, which revealed all of the threats were up, whether they’re network attacks or malware.
- Paul Ducklin told about the KISS principle in phishing. The post is useful for understanding and recognizing possible phishing emails and combating them.
- Phil Muncaster told about webcam hacking: how to know if someone may be spying on people through their webcam.
Research and analytics
- The 2022 Open Source Security and Risk Analysis report by Synopsys, examines vulnerabilities and license conflicts found in more than 2,400 codebases across 17 industries. This year’s report shows a modest 3% decrease in vulnerabilities from the previous year, though the overall percentage of codebases containing vulnerabilities remains troublingly high. This trend indicates that progress toward minimizing risk is slow, but it’s moving in the right direction.
- Claroty experts have published details of a vulnerability in Snort that allows you to remotely transfer a preprocessor into an infinite loop. Cisco, which oversees the opensource project, has already released patches for both affected versions, 2 and 3, as well as for a number of its products. The vulnerability of CVE-2022-20685 is estimated as 7.5 CVSS points and is associated with an integer overflow error that occurs during preprocessing of Modbus packets.
- Last year, Google specialists discovered 58 zero-day vulnerabilities that were used in real attacks, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. Out of the 58 in-the-wild 0-days for the year, 39, or 67% were memory corruption vulnerabilities.
- Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level. The data comes cybersecurity company Check Point, who recorded a dramatic uptick in LinkedIn brand abuse in phishing incidents in the first quarter of this year. According to the company, in the last quarter of 2021, LinkedIn held the fifth spot on the list, the count for impersonating attacks being a much lower 8%.
- The Torii 2022 SaaS Visibility and Impact Report states that 69% of tech executives believe that shadow IT is the main problem associated with SaaS. Most respondents made exceptions to their SaaS security protocols, although the applications were adopted outside the competence of the IT department. To combat these and other SaaS proliferation issues, 64% are evaluating or planning to deploy SaaS management tools.
- The 451 Research and Noname Security Report The 2022 API Security Trends Report examines the key characteristics and security risks present in modern API usage. 41% of the organizations represented by the survey respondents had an API security incident in the last 12 months; 63% of them noted that the incident was related to a data leak or loss.
- Pindrop Voice Intelligence & Security Report reveals innovative ways for attackers to use certain authentication methods to commit fraud in order to better protect customer accounts. 92% of scammers have passed the knowledge-based authentication (KBA) based on the case study of the national contact center, while real customers have passed the KBA test only in 46% of cases.
- Kaspersky Lab experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. The researchers also found out that the encryption process depends on the size of the files, and identified the prerequisites for successful decryption.
- According to a study by Kaspersky Lab Kaspersky ICS Security Survey 2022, 30% of industrial enterprises around the world have a common practice of disabling cybersecurity products if they affect production processes or the operation of automation systems. 43% of organizations have faced such problems at least once, and another 38% face them from time to time.
Major Cyber Incidents
- Cybercriminals robbed Pakistan’s leading bank United Bank Limited (UBL) via Internet banking, using the compromised data of a number of debit cards to conduct fraudulent financial transactions in dollars. The cyber incident forced the financial institution to suspend the services of international financial transactions through debit cards of almost all customers.
- The American Dental Association (ADA) was hit by a cyberattack, causing them to shut down portions of their network while investigating the attack.
- The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB.
- The GHT Coeur Grand Est. Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack’s spread and further data theft.
- One of the largest Indian oil refineries, Indian Oil, has fallen victim to an attack by a ransomware program that led to the shutdown of the company’s computers and IT systems. Cybercriminals demanded a ransom of about $7.5 million.
- Costa Rica confirmed that the computer systems of the finance ministry remained disabled after a cyberattack on official platforms. Authorities temporarily disabled platforms deemed vulnerable following the cyberattack, adding experts were working to identify and fix the problems.