Developer Sues Minnesota Contractor After $735K Payment Disappears
Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/
- Recently, the building developer Beck Properties Minnesota sued their general contractor, R.J. Ryan, and their escrow company, FSA Title, for negligence, civil theft, and fraud following potential insiders stealing $735,000 meant to pay the contractor and its subcontractors.
- Allegedly, Beck received a legitimate invoice from R.J. Ryan and then received an electronic payment request from the same R.J. Ryan account several hours later. Beck reached out to their bank, who in turn contacted FSA. FSA sent an authorization form to Beck for them to have the R.J. Ryan team complete. Once completed, the money was transferred to a personal Capital One bank account.
- The theft wasn’t noticed until Beck began receiving lien notices from unpaid subcontractors. R.J. Ryan noted that they did not detect a compromise, suggesting an insider threat attack occurred. Beck is suing FSA for accepting the account transfer information despite the notary stamp covering up the notary signature and R.J. Ryan for failing to accurately monitor its email system and train employees on fraud.
Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet
Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/
- According to researchers at Colorado State University, there are security vulnerabilities in electronic logging devices (ELDs) required in many medium and heavy-duty US commercial trucks, which could lead to trucks being manipulated and forced to slow down and pull over if exploited.
- Most ELD devices have exposed APIs that allow for over-the-air updates and enable Wi-Fi and Bluetooth by default with predictable identifiers and weak default passwords. Also, these devices can be exploited if attackers are within wireless range of the ELDs, both on the road or at truck stops.
- The researchers tested and reported on several different attacks that can be carried out, one of which was able to occur in 14 seconds. The most concerning attack that the researchers tested was a worm that was able to spread between trucks, allowing for entire fleets to be infected with malicious code.
- Link to the CSU Research Report: https://www.ndss-symposium.org/wp-content/uploads/vehiclesec2024-47-paper.pdf
NIST’s Vuln Database Downshifts, Prompting Questions About Its Future
Article Link: https://www.darkreading.com/cybersecurity-operations/nist-vuln-database-downshifts-prompting-questions-about-its-future
- Recently, the National Vulnerability Database (NVD), operated by NIST and MITRE, began to drastically slow down the number of CVEs that are analyzed and documented, without informing the public.
- As a result, many newly discovered vulnerabilities lack details or metadata used by vulnerability scanners, and by extension vulnerability managers, to identify and remediate vulnerabilities.
- The article emphasizes that many organizations rely on data published in the NVD. The lack of information will likely make patching more difficult and slower for many organizations.
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats
Article Link: https://securityaffairs.com/160664/uncategorized/aviation-and-aerospace-sectors-cyber-threats.html
- The article references a report from the security company, Resecurity, which highlights that malicious cyber actors have increasingly targeted the aviation and aerospace sectors.
- Resecurity’s report discusses numerous aerospace-related incidents that have occurred over the past year. The report attributes the increase in incidents to geopolitical tensions, a desire for more IoT sensors and monitors at airports and on airplanes, and BYOD policies for airline crewmembers.
- The report also highlights the importance of conducting cybersecurity assessments such as network security assessments, vulnerability assessments, penetration tests, and social engineering assessments. Likewise, it gives specific information on reviewing different airport systems and facilities ranging from fuel farms to radar stations.
- Link to Resecurity’s Report: https://www.resecurity.com/blog/article/the-aviation-and-aerospace-sectors-face-skyrocketing-cyber-threats
U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks
Article Link: https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html
- Recently, the U.S. Environmental Protection Agency (EPA) announced that they are forming a new Water Sector Cybersecurity Task Force as a means of addressing threats to the water sector.
- The task force highlights the widely held belief by government officials that nation-state threat actors have established persistence within critical infrastructure systems.
- The development of the EPA’s task force also coincides with a fact sheet released by CISA, which offers up information on how to defend against the pervasive Chinese threat actor, Volt Typhoon.
- Link to the EPA’s Cybersecurity Resources: https://www.epa.gov/waterresilience/epa-cybersecurity-water-sector
- Link to CISA’s Volt Typhoon Fact Sheet: https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders
APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage
Article Link: https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html
- Both Imperva and Fastly have recently released reports raising the alarm on the threat of APIs, especially when APIs are not effectively managed.
- Specifically, Imperva noted that 71% of observed internet traffic in 2023 were API calls, highlighting the pervasiveness of APIs within organizations. Fastly’s report, which surveyed 235 industry leaders in Europe, highlighted that 84% of respondents lack advanced API security and 95% experienced API security problems within the last 12 months.
- The article reviews the threat of mismanaged APIs. Likewise, it offers a handful of recommendations for securing APIs with the first step being to discover, classify, and inventory all APIs.
- Link to Supplemental API Article: https://www.helpnetsecurity.com/2024/03/22/api-security-importance-for-businesses/
- Link to Imperva’s Report: https://www.imperva.com/resources/resource-library/reports/the-state-of-api-security-in-2024/
- Link to Fastly’s Report: https://www.fastly.com/blog/are-apis-the-key-to-digital-innovation-or-a-trojan-horse
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks
Article Link: https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html?m=1
- According to researchers at Cisco Talos, threat actors are actively leveraging digital document publishing (DDP) sites hosted on platforms such as FlipSnack and Issuu, legitimate services used for media like online magazines and brochures, to phish unsuspecting users.
- The DDP services allow users to upload PDFs and often limit URL review tools, which gives bad actors the ability to divert potential victims from the legitimate DDP sites to the threat actor’s malicious sites with ease.
- Overall, DDP websites allow threat actors to thwart mainstream phishing countermeasures due to many users lacking training around DDP-related threats and the low chance of email and web content filters blocking the phish-filled content.
- Link to Cisco Talos’ Report: https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
Microsoft Announces Deprecation of 1024-bit RSA Keys in Windows
Article Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-deprecation-of-1024-bit-rsa-keys-in-windows/
- Microsoft recently announced that support for Windows TLS RSA keys shorter than 2048 bits will be deprecated in the near future. The information provided by Microsoft does not include a date for when the change will occur at this time.
- While the change will improve system security, it may negatively impact organizations that leverage older software and network-attached devices that use 1024-bit RSA keys.
- Microsoft stated that TLS certificates issued by enterprise or test certification authorities will not be impacted. Likewise, there will likely be a grace period in which Windows administrators can configure logging to identify which devices are attempting to connect with older keys and will be impacted by the deprecation.
- Link to Microsoft’s Announcement: https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
