Information Security News 11-25-2024

Share This Post

Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous

Article Link: https://www.theregister.com/2024/11/20/data_is_the_new_uranium/

  • The growing volume of data scattered across various systems is leaving Chief Information Security Officers (CISOs) struggling to locate and secure critical assets, increasing the risk of data breaches with reputational and financial blowback.
  • Cloud service providers contribute to this challenge with their fragmented ecosystems, complicating oversight, and exposing organizations to additional security vulnerabilities.
  • The article draws a parallel between data and uranium, pointing out that both can be powerful yet dangerous if mishandled, thus illuminating the need for effective data governance and security protocols.
  • Organizations are encouraged to implement regular data audits, enforce strict security measures, and provide ongoing employee training on data protection best practices.

MITRE Updates List of 25 Most Dangerous Software Vulnerabilities

Article Link: https://www.securityweek.com/mitre-updates-list-of-25-most-dangerous-software-vulnerabilities/

  • MITRE has released the updated 2024 CWE Top 25 Most Dangerous Software Weaknesses list, identifying the most prevalent and impactful software vulnerabilities.
  • The list is based on an analysis of vulnerability data from the National Vulnerability Database (NVD) and CISA’s Known Exploited Vulnerabilities (KEV) Catalog, focusing on flaws that attackers commonly target.
  • Cross-site scripting (XSS) vulnerabilities have taken the top spot, replacing out-of-bounds write flaws, reflecting the evolving priorities in cybersecurity threats and the importance of secure coding practices.
  • Prevention and remediation should include reviewing the updated list and incorporating its finding into the software development lifecycle, adopting secure-by-design principles, and executing proactive vulnerability management to reduce the attack surface.
  • Link to MITRE’s CWE Report: https://cwe.mitre.org/data/slices/1430.html

Two Undersea Internet Cables Connecting Finland and Sweden to Europe Have Been Cut — EU Leaders Suspect Sabotage

Article Link: https://www.tomshardware.com/tech-industry/two-undersea-internet-cables-connecting-finland-and-sweden-to-europe-have-been-cut-eu-leaders-suspect-sabotage

  • On November 18, 2024, two critical undersea internet cables, one connecting Finland to Germany and another linking Lithuania to Sweden, were severed in the Baltic Sea.
  • The cables, located around 65 miles apart, were damaged within 24 hours of each other. European Union (EU) leaders suspect sabotage, pointing to increasing risks to vital communication networks like fiber optic cables.
  • This event exposes how vulnerable undersea cables are to intentional damage, creating the potential for widespread Internet disruptions that could affect governments, businesses, and millions of users.
  • In response to the incident, authorities are working to increase surveillance efforts around key underwater infrastructure and discussing avenues to improve protection against deliberate attacks.

China’s Hacking Reached Deep into U.S. Telecoms

Article Link: https://www.darkreading.com/cloud-security/salt-typhoon-tmobile-telecom-attack-spree

  • Chinese cyber-espionage group Salt Typhoon attacked T-Mobile’s network as part of a months-long campaign targeting U.S. telecom companies, including AT&T, Verizon, and Lumen Technologies, enabling unauthorized wiretaps on American citizens.
  • Hackers exploited outdated law enforcement equipment, such as Cisco routers, granting them capabilities like those of the FBI to activate phone taps without authorization and access unencrypted texts, call records, and other sensitive communications from high-value intelligence targets.
  • This breach, considered one of the most severe in U.S. telecom history, conveys fragile critical vulnerabilities in telecommunications infrastructure that present dangerous risks to national security by potentially compromising sensitive communications of senior officials.
  • While T-Mobile reported no major customer data breaches, federal authorities are actively investigating to address gaps and enhance the resiliency of systems against such coordinated threats.

CISOs Can Now Obtain Professional Liability Insurance

Article Link: https://cyberscoop.com/ciso-liability-insurance-coverage-protection-crum-forster/

  • Crum & Forster has introduced a professional liability insurance policy specifically designed to protect Chief Information Security Officers (CISOs) from personal financial losses resulting from lawsuits.
  • Traditional directors’ and officers’ liability policies often exclude CISOs, leaving them vulnerable to personal liability in the event of a security incident. This new policy addresses that gap, offering coverage for consulting work, including pro bono and moonlighting activities.
  • With increasing legal scrutiny on cybersecurity practices, especially following high-profile incidents, CISOs face heightened personal risk. This insurance provided the safety net, ensuring they are protected against potential financial repercussions.
  • CISOs and organizations should consider this specialized insurance to mitigate personal liability risks. Additionally, maintaining strong information security practices and ensuring transparency can reduce the likelihood of incidents leading to litigation.

Put Your Usernames and Passwords in Your Will, Advises Japan’s Government

Article Link: https://www.theregister.com/2024/11/21/japan_digital_end_of_life/

  • Japan’s National Consumer Affairs Center has urged citizens to adopt “digital-end-of-life planning,” a strategy for managing digital assets and accounts after one’s death.
  • Families often struggle to cancel subscriptions or access online accounts due to missing credentials like usernames and passwords. This lack of preparation leads to unresolved expenses and complications.
  • By directing digital assets in advance, individuals can spare their loved ones unnecessary financial and emotional stress, ensuring a smoother transition for account management and asset handling.
  • Recommendations include maintaining a secure record of usernames, passwords, and subscriptions, designating trusted individuals for access, and considering services that provide posthumous account management.

Leaky Cybersecurity Holes Put Water Systems at Risk

Article Link: https://www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk

  • A recent Environmental Protection Agency (EPA) report reveals that at least 97 major U.S. water systems have critical information security vulnerabilities, endangering the water supply for nearly 27 million Americans.
  • Passive assessments conducted in October examined over 75,000 IP addresses and 14,400 domains, uncovering serious security weaknesses in more than 9% of community water systems serving at least 50,000 people.
  • These vulnerabilities expose water systems to potential attacks which could disrupt services or cause irreversible damage to drinking water infrastructure, affecting businesses, industries, and millions of citizens.
  • The EPA emphasized the need for immediate action to address these security gaps, recommending that water utilities adopt more hearty and effective security measures to protect this critical infrastructure and maintain the safety of the water supply.
  • Link to EPA Report: https://www.epaoig.gov/reports/other/management-implication-report-cybersecurity-concerns-related-drinking-water-systems

Researchers Detailed Credential Abuse Cycle

Article Link: https://gbhackers.com/credential-abuse-cycle-research-2/

  • Recent analysis performed by ReliaQuest illustrates how cybercriminals acquire, distribute, and misuse stolen credentials offering valuable insights into the mechanisms of credential abuse.
  • Attackers obtain credentials through methods like phishing and data breaches, then use automated tools for credential stuffing attacks, leveraging password reuse to gain unauthorized access.
  • This cycle enables threat actors to blend in with legitimate user behavior, facilitating data theft and ransomware deployment while evading detection and prolonging their presence within networks.
  • Organizations should enforce strong, unique passwords, implement multi-factor authentication (MFA), and monitor for unusual login patterns to disrupt this cycle and enhance security.
  • Link to Reliaquest’s Analysis: https://www.reliaquest.com/blog/the-credential-abuse-cycle-theft-trade-and-exploitation/

Botnet Fueling Residential Proxies Disrupted in Cybercrime Crackdown

Article Link: https://www.bleepingcomputer.com/news/security/ngioweb-botnet-fueling-residential-proxies-disrupted-in-cybercrime-crackdown/

  • The Ngioweb botnet, responsible for supplying approximately 80% of the 35,000 proxies used by the illicit NSOCKS proxy service, has been disrupted by cybersecurity firms.
  • Active since 2017, Ngioweb has infected devices globally, converting them into proxy nodes for malicious activities.
  • Researchers from Lumen’s Black Lotus Labs identified and blocked traffic to and from the botnet’s command-and-control nodes, effectively dismantling its operations.
  • The takedown of Ngioweb significantly reduces the infrastructure available for cybercriminals to anonymize their activities, thereby disrupting various malicious operations that relied on these proxies.
  • Organizations are advised to strengthen security measures, including regular network monitoring and prompt patching of vulnerabilities, to prevent their systems from being co-opted into such botnets.
  • Link to Lumen’s Analysis: https://blog.lumen.com/one-sock-fits-all-the-use-and-abuse-of-the-nsocks-botnet/


Reach out to our incident response team for help

More To Explore

Information Security News – 1/6/2025

Emerging Threats & Vulnerabilities to Prepare for in 2025 Article Link: https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 These Were the Badly Handled Data Breaches of 2024 Article Link: https://techcrunch.com/2024/12/26/badly-handled-data-breaches-2024/ Biden

Information Security News – 12/23/2024

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants Article Link: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/amp/Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.