CISO Daily Update - December 4, 2024
NEW DEVELOPMENTS
760,000 Employee Records From Several Major Firms Leaked Online
Source: Security Week
A hacker known as "Nam3l3ss" leaked over 760,000 employee records from major corporations, including Bank of America, Koch Industries, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater. The compromised data includes names, email addresses, phone numbers, work ID numbers, job titles, and manager names. This breach is linked to the 2023 MOVEit hack where the Cl0p ransomware group exploited a zero-day vulnerability in Progress Software's file transfer tool affecting approximately 2,800 organizations and nearly 100 million individuals. The recent leak is a curated subset of the original stolen data packaged for broader dissemination.
Hackers Allegedly Claims Breach of EazyDiner Reservation Platform
Source: Cyber Security News
Hackers reportedly breached EazyDiner, a restaurant reservation platform exposing sensitive customer data, including names, email addresses, phone numbers, and reservation records. EazyDiner has not issued a statement addressing the breach. Customers are advised to monitor accounts for suspicious activity, avoid clicking on unverified links, and protect personal information.
30M Protected Links Exposed by ‘Safe’ Link-Sharing Provider
Source: Cybernews
A misconfigured MongoDB database exposed 30 million private links and account data from a link-sharing platform called Safelinking.net. The leak included usernames, emails, encrypted passwords, API hashes, and social media account IDs. Malicious bots exploited the vulnerability, issuing ransom demands and eventually destroying the database after failing to receive payment. These breach risks are associated with third-party safe-linking services and sensitive content like healthcare data, payment requests, and internal documents. Experts stress the importance of secure configurations, multi-factor authentication, and robust data protection practices to prevent similar incidents.
FTC Bans Data Brokers From Selling Americans’ Sensitive Location Data
Source: Bleeping Computer
FTC prohibited data broker X-Mode Social, now known as Outlogic, from selling or sharing sensitive location data. This action addresses concerns that such data could be used to track individuals' visits to sensitive locations, including medical and reproductive health clinics, places of worship, and domestic abuse shelters. The FTC's order requires Outlogic to delete all previously collected sensitive location information and implement a comprehensive privacy program to safeguard consumer data.
Ransomware Attack Disrupts Operations at US Contractor ENGlobal
Source: Infosecurity Magazine
A ransomware attack disrupted operations at ENGlobal Corporation a Houston-based contractor serving the energy sector and U.S. government agencies on November 25, 2024. The breach involved unauthorized access to IT systems and encryption of data files, leading ENGlobal to take systems offline. The company is conducting remediation efforts with cybersecurity experts while focusing on essential operations, but the timeline for full restoration remains unclear. Details about the ransomware or stolen data have not been disclosed and no group claimed responsibility.
Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database
Source: Hackread
A self-identified "data vigilante" known as Nam3L3ss leaked over 772,000 employee records from 27 major companies including Bank of America and Nokia, along with a database from Jones Lang LaSalle Incorporated containing over 12 million rows totaling approximately 13 million records. The leaked information includes names, email addresses, phone numbers, physical addresses, and company location coordinates. This data was initially stolen by the Cl0p ransomware group while exploiting the MOVEit file transfer software vulnerability. Nam3L3ss subsequently cleaned and released the data publicly.
An Apple Employee Is Suing the Company Over Monitoring Employee Personal Devices
Source: TechCrunch
Apple employee Amar Bhakta sued the company for infringing on workers' privacy by monitoring personal devices used for work and restricting discussions about pay and working conditions. The suit alleges that Apple encourages employees to use personal devices for work. Managed by Apple's internal software, granting the company access to personal data, including emails, photos, and location information. The lawsuit claims Apple's policies unlawfully permit surveillance of employees' home offices and suppress free speech by prohibiting public discussions about workplace experiences. Apple denies these allegations asserting that employees are annually trained on their rights to discuss wages and working conditions, and considers the claims meritless.
VULNERABILITIES TO WATCH
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Source: The Hacker News
Cisco updated its advisory to warn of active exploitation in the wild for CVE-2014-2120, a cross-site scripting vulnerability in the WebVPN login page of Adaptive Security Appliance software. This flaw allows unauthenticated, remote attackers to execute scripts in the context of a user's browser session by convincing them to click on malicious links.CISA added this vulnerability to its Known Exploited Vulnerabilities catalog to mandate remediation by December 3, 2024. Users are strongly advised to apply the latest security updates to mitigate potential risks.
Recommended by LinkedIn
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Source: The Hacker News
Researchers from AmberWolf identified critical vulnerabilities in Palo Alto Networks' GlobalProtect and SonicWall's NetExtender VPN clients, allowing attacker-controlled servers to execute arbitrary code on connected systems. These flaws CVE-2024-5921 and CVE-2024-29014 respectively, enable attackers to deploy malicious updates or install harmful root certificates for credential theft and elevated privilege execution. AmberWolf developed an open-source tool, NachoVPN, to simulate rogue VPN servers exploiting these vulnerabilities, aiming to assist security professionals in identifying and mitigating such threats. Palo Alto Networks and SonicWall released patches addressing these flaws. Users are strongly advised to update their VPN clients to the latest versions to ensure protection.
Veeam Plugs Serious Holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
Source: Help Net Security
Veeam addressed two critical vulnerabilities in its Service Provider Console: CVE-2024-42448 and CVE-2024-42449. CVE-2024-42448 allows authorized management agents to execute remote code on the VSPC server, while CVE-2024-42449 enables attackers to leak NTLM hashes and delete files on the server under similar conditions. Discovered during internal testing, these vulnerabilities affect VSPC versions 7 and 8, with no current evidence of exploitation in the wild. Veeam recommends that users upgrade to version 8.1.0.21999 to mitigate these issues.
TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
Source: Cyber Security News
A critical zero-day vulnerability, tracked as CVE-2023-1389 identified in TP-Link Archer AX21 routers allows unauthenticated attackers to execute arbitrary commands via the device's web management interface. This flaw is exploited by multiple botnets including variants of Mirai to incorporate compromised routers into networks used for DDoS attacks. TP-Link released firmware updates in March 2023 to address this issue; however, reports indicate that exploitation attempts persist.
Exploit Released for Critical WhatsUp Gold RCE Flaw, Patch Now
Source: Bleeping Computer
A proof-of-concept exploit for a critical remote code execution vulnerability identified as CVE-2024-8785 with a CVSS score of 9.8 was released for Progress Software's WhatsUp Gold versions 2023.1.0 through 24.0.0. This flaw allows unauthenticated attackers to manipulate Windows Registry keys via the NmAPI.exe process, potentially leading to arbitrary code execution. Progress Software addressed this issue in version 24.0.1 released on September 24, 2024. Administrators are strongly advised to update to the latest version immediately to mitigate potential exploitation risks.
Salesforce Applications Vulnerability Let Attackers Takeover The Accounts
Source: Cyber Security News
A penetration test on Salesforce Communities revealed critical vulnerabilities including misconfigured objects and broken access controls that could lead to unauthorized data access and account takeovers. Sensitive data, such as customer PII, account information, notes, and files, were exposed due to improperly configured standard and custom objects. A severe flaw in the custom Apex controller allowed attackers to reset any user's password without authentication. Recommendations to mitigate these risks include reviewing object security settings, implementing strong authentication for password resets, restricting access to sensitive API endpoints, auditing custom Apex controllers, and enforcing robust input validation.
SPECIAL REPORTS
US Agency Proposes New Rule Blocking Data Brokers From Selling Americans’ Sensitive Personal Data
Source: TechCrunch
CFPB proposed new regulations restrict data brokers from selling Americans' sensitive personal information such as social security numbers and credit scores without explicit consumer consent. This initiative aims to enhance national security and public safety by preventing unauthorized access to personal data by malicious actors including foreign adversaries. The proposed rules would classify data brokers as consumer reporting agencies, subjecting them to the Fair Credit Reporting Act's requirements for accuracy, transparency, and consumer access. The CFPB is accepting public comments on this proposal until March 2025.
US Shares Tips to Block Hackers Behind Recent Telecom Breaches
Source: Bleeping Computer
CISA in collaboration with the FBI and NSA issued guidance to combat Salt Typhoon, a Chinese threat group responsible for breaching global telecommunications providers. These attackers infiltrated networks of major firms like AT&T and Verizon compromising government communications and stealing sensitive data over several months. Recommendations include promptly patching vulnerabilities, disabling unused protocols, securing privileged accounts, and implementing strong cryptography. System logging, monitoring trusted partner traffic, and vigilant oversight of network perimeters are critical to preventing future breaches.
Finding value in this newsletter? Like or share this post on LinkedIn