đ Welcome to the 23rd edition Cyber Weekly Digest of 2024.
Busy few days at Infosec this week, alongside the API dream team at Cequence. Thanks to all those that joined us at Zero Sette!
New and noteworthy this week:
Â
đŁ Mitigate risk and make your devices less vulnerable to unauthorised access by deactivating remote desktop capabilities. This week Automox share how you can automate it with a Worklet automation script
Â
đŁ The majority of #OT environments are running on outdated protocols and systems that are highly vulnerable to attacks and lack proper security measures. Learn how an integrated security platform can be your ultimate defense with Fortinet
Â
đŁ Webinar alert! Mark your calendars for Thursday, June 13 at 10 AM PDT, as Egress' very own James Dyer is presenting a SecureWorld remote session covering:
- The rise of quishing and evolution of payloads
- How AI is used in phishing attacks, including deepfakes
- How multi-channel attacks play out
- The threats that are getting through secure email gateways
Make sure to secure your place by signing up here
Last but not least...
đŁ More webinar goodness from CultureAI, Beyond Awareness, kicking off Tuesday 11 June. 4 expert guests, 1 critical topic.Â
Join CultureAI's Lead Security Researcher, John Scott, in this weekly deep dive, bringing you insights from four industry experts who have critically examined the traditional security awareness model and concluded "we need to do more."
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
Â
đ¨ This week we heard ongoing threats for the healthcare industry, a security issue sliding into the DM's of celebrities on popular social media app TikTok and a big warning for self check in systems being used by hotels worldwide!
Â
Keep reading to stay up to date on the latest cyber security news.
Â
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain. It's operational across multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Advertised and sold on the RAMP cybercrime forum, attacks involving the ransomware have been found to leverage phishing and spear-phishing campaigns as a distribution vector in the form of malicious attachments.
Â
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to click or interact with it. The exploit has been found to take advantage of a zero-day vulnerability in the messaging component that allows malicious code to be executed as soon as the message is opened.
Â
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake's platform," the company said in a joint statement along with CrowdStrike and Google-owned Mandiant. "We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel."
Â
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. LAUSD is the second largest public school district in the United States, with over 25,900 teachers, roughly 48,700 other employees, and more than 563,000 students enrolled during the 2023-2024 school year. The threat actor selling the allegedly stolen data for $1,000 says the CSV files put up for sale on a hacking forum contain over 11GB of data, including over 26 million records with student information, more than 24,000 teacher records, and around 500 containing staff information.
Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guestsâ personal information and the keys for other rooms. These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID transponders used as room keys. Back in March, Pentagrid security researcher Martin Schobert discovered that he could easily bypass the Ariane Allegro Scenario Player running in kiosk mode on the self check-in terminal at the hotel he was staying, and access the underlying Windows desktop with all customer details.
Comments