Secret CISO 7/28: Global Outage Sparks Phishing Attacks on CrowdStrike, Casper Network Halts After Breach, Cicada3301 Targets Tri-Star Display, India and Ukraine Bolster Cybersecurity
Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into a series of global security breaches and their implications. We start with a phishing attack campaign that targeted users impacted by the recent global computer outage, as reported by India's cybersecurity agency, CERT-In. The attack was directed against CrowdStrike users, highlighting the vulnerability of even the most secure systems. In the world of cryptocurrency, Casper Network has halted all operations following a serious security breach. The team is now collaborating with validators and the broader community to address the issue.
Meanwhile, the notorious ransomware group Cicada3301 has claimed responsibility for a significant data breach at Singapore-based Tri-Star Display Pte Ltd. This incident underscores the persistent threat of ransomware attacks on businesses worldwide. In other news, HD Hyundai Heavy is distancing itself from charges related to a data security breach linked to the KDDX project. This comes as AT&T faces a cyberattack that resulted in the theft of millions of customer records.
On the innovation front, Hong Kong is fortifying its financial fortress by using cybersecurity as a launchpad. By implementing a fully integrated approach to breach and remediation, the city aims to minimize the overall impact of data breaches and service disruptions. Lastly, we touch on the ministerial shake-up in the Australian government, which has resulted in Tony Burke being named the new minister for cybersecurity. Stay tuned for more updates on these stories and other top cybersecurity news in today's issue of Secret CISO.
Data Breaches
- Global outage leading to phishing attacks against CrowdStrike user: The Indian cybersecurity agency, CERT-In, has reported a phishing attack campaign targeting users affected by a recent global computer outage. The attack is believed to be linked to the global outage, but the extent of the damage is yet to be determined. Source: Business Standard
- Casper Network halts operations following a security breach: Casper Network has suspended all operations following a serious security breach. The team is currently working with validators and the broader community to address the issue and prevent further breaches. Source: Cointelegraph
- Tri-Star Display Cyberattack: Cicada3301 Claims Data Breach: The infamous ransomware group Cicada3301 has claimed responsibility for a significant data breach at Singapore-based Tri-Star Display Pte Ltd. The extent of the breach and the data compromised are still under investigation. Source: The Cyber Express
- HD Hyundai Heavy distances itself from ex-DAPA head's charges: HD Hyundai Heavy, one of the bidders for the KDDX project, has been implicated in a data security breach. However, the company has distanced itself from the charges, stating that it did not lose any points despite the data breach. Source: The Korea Times
- AT&T Cyberattack: Hackers Stole Millions of Customer Records: AT&T has suffered a data breach, with hackers stealing millions of customer records. The stolen data did not include sensitive personal information like Social Security numbers, but the breach still poses a significant threat to customer privacy. Source: MITechNews
Security Research
- "AI can snoop on your computer screen using signals leaking from HDMI cables": A research team in Uruguay has demonstrated how AI can exploit signals leaking from HDMI cables to snoop on computer screens. This type of attack, known as TEMPEST, has been recognized by the NSA and NATO. Source: Tom's Hardware
- "Fortra: How to Guard Against Supply Chain Attacks": Cyber Risk and Information Security Expert at Fortra, Theo Zafirakos, provides strategies for companies to protect against supply chain attacks. Source: Supply Chain Digital
- "Hackers race to win millions in contest to thwart cyberattacks with AI": A contest is underway where hackers are racing to use AI to thwart cyberattacks, with millions in prize money at stake. Source: Washington Post
- "3,000 Fake GitHub Accounts Used to Spread Malware in Stargazers Ghost Scheme": Check Point Research has discovered a network of 3,000 fake GitHub accounts being used to spread malware in a scheme known as Stargazers Ghost. Source: HackRead
- "IIT-K, NPTI Collaboration on Cyber Security for Power Grid in India": IIT-K and NPTI have signed an MoU to enhance research and training capabilities in cyber security for power grid in India. Source: Times of India
Top CVEs
- CVE-2024-7152: A critical vulnerability was found in Tenda O3 1.0.0.10(2478) affecting the function fromSafeSetMacFilter. The manipulation of the argument time leads to a stack-based buffer overflow. The attack can be initiated remotely and the exploit has been made public. Source: CVE-2024-7152
- CVE-2024-7153: A problematic vulnerability has been found in Netgear WN604 up to 20240719. An unknown function of the file siteSurvey.php is affected. The manipulation leads to a direct request and the attack can be launched remotely. The exploit has been disclosed to the public. Source: CVE-2024-7153
- CVE-2024-7151: A critical vulnerability was found in Tenda O3 1.0.0.10(2478) affecting the function fromMacFilterSet. The manipulation of the argument remark leads to a stack-based buffer overflow. The attack can be initiated remotely and the exploit has been made public. Source: CVE-2024-7151
- CVE-2024-6703: The Contact Form Plugin by Fluent Forms for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters. This vulnerability allows attackers with Form Manager permissions and Subscriber+ user role to inject arbitrary web scripts. Source: CVE-2024-6703
- CVE-2024-6897: The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads. This vulnerability allows authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages. Source: CVE-2024-6897
API Security
- OAuth 2.1: The Latest in API Security: OAuth 2.1 is the latest update to the OAuth 2.0 authorization framework, which aims to simplify and improve security for developers. It consolidates the best practices and features from OAuth 2.0 and OpenID Connect, and removes features that posed security risks. Source: OAuth.net.
- Open Policy Agent (OPA) for API Security: OPA is an open-source, general-purpose policy engine that unifies policy enforcement across the stack. It provides a high-level declarative language for authoring policies and can be used to enforce security policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. Source: Open Policy Agent.
- API Security with JSON Web Tokens (JWTs): JWTs are a compact, URL-safe means of representing claims to be transferred between two parties. They can be used to implement access tokens that assert some number of claims, such as identity, role, or scope of access, making them a powerful tool for API security. Source: JWT.io.
- API Security with Akamai: Akamai's API Gateway provides an all-in-one solution for securing APIs, including features like rate limiting, OAuth, API key verification, and more. It also offers DDoS protection, ensuring your APIs remain available even under heavy load. Source: Akamai.
- API Security with AWS WAF: AWS WAF is a web application firewall that helps protect your APIs against common web exploits. It provides control over which traffic to allow or block to your APIs by defining customizable web security rules, helping to secure your applications from threats. Source: AWS.
Going Black Hat in Vegas?
Get Cool Stickers at the Booth 3122
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. From phishing attacks to data breaches, the cyber world never sleeps, and neither do we. We're committed to keeping you informed and prepared, one newsletter at a time.
Remember, knowledge is power, and sharing is caring. If you found today's content valuable, don't keep it to yourself. Share this newsletter with your colleagues and friends to help them stay one step ahead of the cyber threats.
Stay safe, stay informed, and see you in the next edition of Secret CISO.