Secret CISO 7/22: Greece's Land Registry Breached, Hong Kong Orgs Suffer Identity Breaches, New Phishing Kit on Dark Web, CrowdStrike Outage Affects 8.5M Devices
Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. In today's issue, we delve into the rising threat of SIM swapping, where criminals use personal information to hijack phone numbers and commit fraud. We also explore a new phishing kit discovered on the dark web, emphasizing the need for multi-layered defenses and continuous threat intelligence updates. In a shocking breach, hackers infiltrated Greece's Land Registry, marking over 400 cyberattacks on the system. However, they were unable to exfiltrate data to an outside server. Meanwhile, CrowdStrike's recent update snafu affected 8.5 million Windows devices, highlighting the importance of robust cybersecurity measures.
In Hong Kong, a staggering 98% of organizations experienced two or more identity-related breaches in the past year, largely due to inadequate security controls. We also discuss the fallout from a data breach traced back to a 2022 hack of an employee who reused a password, resulting in a Polymarket user losing $2 million. In other news, AT&T reversed its statement on the impact of a data breach on FirstNet customers, revealing that most were affected. UnitedHealth Group also raised its data breach cost estimate to a whopping $2.45 billion.
We wrap up with an analysis of CrowdStrike's recent outage, the security failure at Trump's rally, and the need for cybercrime security measures in small firms. Stay tuned for more updates and remember, knowledge is the first line of defense.
Data Breaches
- Protect Yourself Against SIM Swapping: Cybercriminals are increasingly using personal information to conduct SIM swapping attacks. By obtaining data such as phone numbers, addresses, birthdays, and Social Security numbers, they can gain control of victims' mobile devices. Source: Toledo Blade
- New Phishing Kit Discovered on the Dark Web: Security teams are being urged to adopt more sophisticated, multi-layered defenses and continuously update their threat intelligence. This comes after researchers discovered a new phishing kit on the dark web, signaling an evolution in cybercriminal tactics. Source: Security Magazine
- Greece's Land Registry Breached: Hackers have breached Greece's Land Registry, marking one of over 400 cyberattacks on the system. Although the hackers managed to gain entry to a security backup, they were unable to exfiltrate data to a server outside Greece. Source: The National Herald
- CrowdStrike Update Affects 8.5 Million Windows Devices: An update snafu from CrowdStrike has affected 8.5 million Windows devices. Singapore's Cyber Security Agency has also warned of an ongoing phishing campaign targeting CrowdStrike users, with threat actors leveraging the outage. Source: Computer Weekly
- 98% of Hong Kong Organisations Suffer Identity-Related Breaches: A report has found that 98% of Hong Kong organisations had two or more identity-related breaches in the past year. This is partly due to inadequate security controls, according to Sandy Lau, district manager of Hong Kong and Macau, CyberArk. Source: FutureCIO
Security Research
- Global IT Outage Highlights the Need for Caution and Resilience in the Logistics Sector: Security researcher Patrick Wardle emphasizes the importance of proactive measures in the logistics sector following a global IT outage. The incident underscores the need for caution and resilience in the industry. Source: Transport and Logistics Middle East
- CrowdStrike Update Chaos: John Hammond, a principal security researcher at Huntress Labs, highlights the need for a cautious approach to software updates following a major incident where 8.5 million Microsoft devices crashed due to a CrowdStrike update. Source: Cloud Computing News
- Critical Bazaar Vulnerability CVE-2024-40348: A security researcher known as 4rdr discovered a critical vulnerability in Bazaar that threatens system integrity. The flaw allows malicious actors to exploit the /api/swaggerui/static component. Source: The Cyber Express
- TAU Intelligence Partners with Jardine Matheson, Intel to Launch Resource-Efficient AI Solutions: TAU Intelligence has partnered with Jardine Matheson and Intel to launch AI solutions that address security concerns and environmental impact. The partnership is based on research by a Singapore-based safety researcher. Source: TechNode Global
- SocGholish Malware Exploits BOINC Project for Covert Cyberattacks: Security researcher Moshe Marelus reported that SocGholish malware is exploiting the BOINC project for covert cyberattacks. The malware uses V8 technology, commonly used to create software. Source: The Hacker News
Top CVEs
- CVE-2024-37495: Mediavine Create by Mediavine has a vulnerability that allows Stored XSS. The extent of the vulnerability is yet to be disclosed. Source: CVE-2024-37495
- CVE-2024-6970: A critical vulnerability has been found in itsourcecode Tailoring Management System 1.0. The vulnerability is related to an unknown function of the file /staffcatadd.php, which can lead to SQL injection. Source: CVE-2024-6970
- CVE-2024-37460: SuperSaaS SuperSaaS – online appointment scheduling has a vulnerability that allows Stored XSS. The extent of the vulnerability is yet to be disclosed. Source: CVE-2024-37460
- CVE-2024-38438: D-Link has a vulnerability related to Authentication Bypass. The extent of the vulnerability is yet to be disclosed. Source: CVE-2024-38438
- CVE-2024-6964: Tenda O3 1.0.0.10 has a critical vulnerability in the function fromDhcpSetSer, which can lead to stack-based buffer overflow. The vendor has not responded to this disclosure. Source: CVE-2024-6964
API Security
- CVE-2024-40430 - SFTPGO 2.6.2 JWT Implementation Vulnerability: The JWT implementation in SFTPGO 2.6.2 lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation. This vulnerability could potentially allow unauthorized access to sensitive information. Source: CVE-2024-40430
- CVE-2024-37447 - PixelYourSite XSS Vulnerability: PixelYourSite, a smart pixel (tag) manager, has an improper neutralization of input during web page generation vulnerability. This Cross-site Scripting (XSS) issue allows Stored XSS, potentially enabling attackers to inject arbitrary web script or HTML. Source: CVE-2024-37447
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. From SIM swapping to new phishing kits on the dark web, we've covered a lot of ground. Remember, staying informed is the first step towards ensuring your digital safety. In the face of increasing cyber threats, it's crucial to adopt multi-layered defenses and continuously update your threat intelligence. Don't forget, even the most secure systems can be breached, so always be on your guard.
If you found this newsletter helpful, why not share it with your friends and colleagues? Together, we can create a safer digital world. Stay safe and see you tomorrow for more updates from the world of cybersecurity.