THN Cybersecurity Recap: Final Week’s Prime Threats and Developments (September 23-29)

Sep 30, 2024Ravie LakshmananCybersecurity / Weekly Recap

Maintain onto your hats, of us, as a result of the cybersecurity world is something however quiet! Final week, we dodged a bullet after we found vulnerabilities in CUPS that might’ve opened the door to distant assaults. Google’s change to Rust is paying off huge time, slashing memory-related vulnerabilities in Android.

However it wasn’t all excellent news – Kaspersky’s compelled exit from the US market left customers with extra questions than solutions. And do not even get us began on the Kia vehicles that might’ve been hijacked with only a license plate!

Let’s unpack these tales and extra, and arm ourselves with the data to remain protected on this ever-evolving digital panorama.

⚡ Risk of the Week

Flaws Present in CUPS: A brand new set of safety vulnerabilities has been disclosed within the OpenPrinting Widespread Unix Printing System (CUPS) on Linux methods that might allow distant command execution below sure situations. Pink Hat Enterprise Linux tagged the problems as Vital in severity, provided that the real-world affect is more likely to be low as a result of conditions needed to tug off a profitable exploit.

🔔 Prime Information

  • Google’s Touts Shift to Rust: The pivot to memory-safe languages comparable to Rust for Android has led to the share of memory-safe vulnerabilities found in Android dropping from 76% to 24% over a interval of six years. The event comes as Google and Arm’s elevated collaboration has made it attainable to flag a number of shortcomings and elevate the general safety of the GPU software program/firmware stack throughout the Android ecosystem.
  • Kaspersky Exits U.S. Market: Russian cybersecurity vendor Kaspersky, which has been banned from promoting its merchandise within the U.S. as a result of nationwide safety considerations, raised considerations after some discovered that their installations have been routinely eliminated and changed by antivirus software program from a lesser-known firm known as UltraAV. Kaspersky mentioned it started notifying prospects of the transition earlier this month, however it seems that it was not made clear that the software program could be forcefully migrated with out requiring any person motion. Pango, which owns UltraUV, mentioned customers additionally had the choice of canceling their subscription instantly with Kaspersky’s customer support staff.
  • Kia Vehicles May Be Remotely Managed with Simply License Plates: A set of now patched vulnerabilities in Kia autos that might have allowed distant management over key capabilities just by utilizing solely a license plate. They might additionally let attackers covertly acquire entry to delicate data together with the sufferer’s title, cellphone quantity, e mail deal with, and bodily deal with. There isn’t any proof that these vulnerabilities have been ever exploited within the wild.
  • U.S. Sanctions Cryptex and PM2BTC: The U.S. authorities sanctioned two cryptocurrency exchanges Cryptex and PM2BTC for allegedly facilitating the laundering of cryptocurrencies presumably obtained via cybercrime. In tandem, an indictment was unsealed in opposition to a Russian nationwide, Sergey Sergeevich Ivanov, for his purported involvement within the operation of a number of cash laundering companies that have been supplied to cybercriminals.
  • 3 Iranian Hackers Charged: In one more legislation enforcement motion, the U.S. authorities charged three Iranian nationals, Masoud Jalili, Seyyed Ali Aghamiri, and Yasar (Yaser) Balaghi, who’re allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for his or her focusing on of present and former officers to steal delicate knowledge in an try to intrude with the upcoming elections. Iran has known as the allegations baseless.

📰 Across the Cyber World

  • Mysterious Web Noise Storms Detailed: Risk intelligence agency GreyNoise mentioned it has been monitoring giant waves of “Noise Storms” containing spoofed web site visitors comprising TCP connections and ICMP packets since January 2020, though the precise origins and its meant objective stay unknown. An intriguing side of the inexplicable phenomenon is the presence of a “LOVE” ASCII string within the generated ICMP packets, reinforcing the speculation that it might be used as a covert communications channel. “Millions of spoofed IPs are flooding key internet providers like Cogent and Lumen while strategically avoiding AWS — suggesting a sophisticated, potentially organized actor with a clear agenda,” it mentioned. “Although traffic appears to originate from Brazil, deeper connections to Chinese platforms like QQ, WeChat, and WePay raise the possibility of deliberate obfuscation, complicating efforts to trace the true source and purpose.”
  • Tails and Tor Merge Operations: The Tor Venture, the non-profit that maintains software program for the Tor (The Onion Router) anonymity community, is becoming a member of forces with Tails (brief for The Amnesic Incognito Reside System), the maker of a conveyable Linux-based working system that makes use of Tor. “Incorporating Tails into the Tor Project’s structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats,” the organizations mentioned. The transfer “feels like coming home,” intrigeri, Tails OS staff lead mentioned.
  • NIST Proposes New Password Guidelines: The U.S. Nationwide Institute of Requirements and Expertise (NIST) has outlined new tips that counsel credential service suppliers (CSPs) cease recommending passwords utilizing a number of character sorts and cease mandating periodic password modifications except the authenticator has been compromised. Different notable suggestions embrace passwords must be anyplace between 15 and 64 characters lengthy, in addition to ASCII and Unicode characters must be allowed when setting them.
  • PKfail Extra Broader Than Beforehand Thought: A essential firmware provide chain situation often known as PKfail (CVE-2024-8105), which permits attackers to bypass Safe Boot and set up malware, has been now discovered to affect extra gadgets, together with medical gadgets, desktops, laptops, gaming consoles, enterprise servers, ATMs, PoS terminals, and even voting machines. Binarly has described PKfail as a “great example of a supply chain security failure impacting the entire industry.”
  • Microsoft Revamps Recall: When Microsoft launched its AI-powered function Recall in Could 2024, it was met with close to instantaneous backlash over privateness and safety considerations, and for making it simpler for risk actors to steal delicate knowledge. The corporate subsequently delayed a wider rollout pending under-the-hood modifications to make sure that the problems have been addressed. As a part of the new updates, Recall is now not enabled by default and may be uninstalled by customers. It additionally strikes the entire screenshot processing to a Virtualization-based Safety (VBS) Enclave. Moreover, the corporate mentioned it engaged an unnamed third-party safety vendor to carry out an unbiased safety design evaluation and penetration take a look at.

🔥 Cybersecurity Sources & Insights

  • Upcoming Webinars
    • Overloaded with Logs? Let’s Repair Your SIEM: Legacy SIEMs are overwhelmed. The reply is not extra knowledge… It is higher oversight. Be a part of Zuri Cortez and Seth Geftic as they break down how we went from knowledge overload to safety simplicity with out sacrificing efficiency. Save your seat immediately and simplify your safety sport with our Managed SIEM.
    • Methods to Defeat Ransomware in 2024: Ransomware assaults are up by 17.8%, and ransom payouts are reaching all-time highs. Is your group ready for the escalating ransomware risk? Be a part of us for an unique webinar the place Emily Laufer, Director of Product Advertising and marketing at Zscaler, will unveil insights from the Zscaler ThreatLabz 2024 Ransomware Report. Register now and safe your spot!
  • Ask the Skilled
    • Q: How can organizations safe gadget firmware in opposition to vulnerabilities like PKfail, and what applied sciences or practices ought to they prioritize?
    • A: Securing firmware is not nearly patching—it is about defending the very core of your gadgets the place threats like PKfail disguise in plain sight. Consider firmware as the inspiration of a skyscraper; if it is weak, your entire construction is in danger. Organizations ought to prioritize implementing safe boot mechanisms to make sure solely trusted firmware masses, use firmware vulnerability scanning instruments to detect and deal with points proactively, and deploy runtime protections to watch for malicious actions. Partnering intently with {hardware} distributors for well timed updates, adopting a zero-trust safety mannequin, and educating workers about firmware dangers are additionally essential. In immediately’s cyber panorama, safeguarding the firmware layer is important—it is the bedrock of your complete safety technique.

🔒 Tip of the Week

Forestall Information Leaks to AI Companies: Shield delicate knowledge by imposing strict insurance policies in opposition to sharing with exterior AI platforms, deploying DLP instruments to dam confidential transmissions, limiting entry to unauthorized AI instruments, coaching workers on the dangers, and utilizing safe, in-house AI options.

Conclusion

Till subsequent time, bear in mind, cybersecurity just isn’t a dash, it is a marathon. Keep vigilant, keep knowledgeable, and most significantly, keep protected on this ever-evolving digital world. Collectively, we are able to construct a safer on-line future.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles