Levi’s Caught with Pants Down: Hackers Expose 72,000 Customer Account Details
Article Link: https://www.scmagazine.com/news/levis-gets-stripped-of-72000-customer-account-details
- The retailer detected suspicious activity indicative of a credential stuffing attack, where attackers used stolen credentials from other breaches to access customer accounts.
- Compromised information includes customers’ names, email addresses, mailing addresses, order history, and the last four digits of payment cards.
- Levi Strauss responded by deactivating the affected accounts and forcing password resets to prevent further unauthorized access.
- The company advises customers to use unique passwords for different services and a password manager tool to reduce the risk of similar attacks in the future.
CISA Says Crooks Used Ivanti Bugs to Snoop Around High-Risk Chemical Facilities
Article Link: https://www.theregister.com/2024/06/25/cisa_ivanti_chemical_facilities/
- The US Cybersecurity and Infrastructure Security Agency (CISA) is urging high-risk chemical facilities to secure their online accounts after a breach in its Chemical Security Assessment Tool (CSAT) portal.
- The breach exploited vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways, potentially allowing unauthorized access.
- Although no data was stolen, encrypted site security plans, Top-Screen surveys (available through the CSAT tool), and personal details of facility staff were potentially accessed.
- CISA advises rotating passwords and patching Ivanti bugs. Identity protection services will be available for affected individuals.
Cloud Breaches Impact Nearly Half of Organizations
Article Link: https://www.infosecurity-magazine.com/news/cloud-breaches-half-organizations/
- With 3,000 respondents from 18 countries across 37 industries, the Thales Group 2024 Cloud Security study reports nearly half of organizations (44%) have experienced a cloud data breach, with 14% in the past year.
- Three top root causes reported were human error and misconfigurations (31%), exploitation of known vulnerabilities (28%), and zero-day vulnerabilities (24%). Failure to use multi-factor authentication was a factor in 17% of breaches as well.
- The report also noted that challenges in managing compliance and privacy are due to cloud complexity, with 53% using five or more key management systems.
- Link to Thales Group’s Report: https://cpl.thalesgroup.com/cloud-security-research
Navigating the Evolving World of Cybersecurity Regulations in Financial Services
Article Link: https://biztechmagazine.com/article/2024/06/navigating-evolving-world-cybersecurity-regulations-financial-services
- Financial services must comply with the New York Department of Financial Services’ Part 500 regulations, which require stricter cybersecurity controls.
- Covered entities need to implement multi-factor authentication, have a designated CISO, written policies, and conduct periodic risk assessments and cybersecurity tests.
- CISOs must report on cybersecurity posture to their board, highlighting the importance of board involvement in understanding and managing cybersecurity risks.
- The Securities and Exchange Commission (SEC) and Department of Homeland Security (DHS) have issued new rules for incident reporting, while financial services benefit from zero-trust strategies and must navigate overlapping regulatory requirements.
- Link to the NYDFS Part 500 Regulations: https://www.dfs.ny.gov/industry_guidance/cybersecurity
75% of New Vulnerabilities Exploited Within 19 Days
Article Link: https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/
- Over 30,000 new vulnerabilities were published last year, with a new vulnerability emerging approximately every 17 minutes, which has resulted in a 17% increase year-over-year.
- The average time to patch vulnerabilities exceeds 100 days, while 75% of new vulnerabilities are exploited within 19 days.
- The report also noted that nearly half of all reported vulnerabilities catalogued by the National Vulnerability Database (234,579) since inception 30 years ago, have only been discovered in the past five years, creating a “focus gap” for security teams.
- Effective vulnerability management involves continuous identification, risk-based prioritization, leveraging existing controls, and ethical compliance.
- Link to Skybox Security’s Report: https://www.skyboxsecurity.com/resources/report/vulnerability-threat-trends-report-2024/
Crown Equipment Confirms a Cyberattack Disrupted Manufacturing
Article Link: https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
- Crown Equipment, a major forklift manufacturer, confirmed a cyberattack that disrupted its operations since June 8th, 2024.
- Reports suggest that the incident stemmed from an employee falling for a social engineering attack that led to remote access software being installed on their computer. The attack has led to IT system shutdowns, affecting employee clock-ins, access to service manuals, and machinery deliveries.
- Crown is working with cybersecurity experts and the FBI. They have also slowly started to restore systems, although manufacturing is still impacted.
CHERI Alliance Aims to Secure Hardware Memory
Article Link: https://www.darkreading.com/endpoint-security/cheri-alliance-aims-to-secure-hardware-memory
- The CHERI Alliance works to protect hardware memory from cyber attacks by separating hardware from software. They introduced detailed memory protection to block hackers completely.
- The initiative, supported by FreeBSD Foundation and the University of Cambridge, emphasizes security for Advanced RISC Machines (ARM), Million Instructions Per Second (MIPS), and Reduced Instruction Set Computer (RISC-V) Five architectures, which are common in edge devices.
- CHERI’s evolution is marked by its origins in a research program initiated by the University of Cambridge and SRI International, with DARPA’s CRASH funding.
- Link to Additional Information: https://arxiv.org/pdf/2309.11332
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Article Link: https://thehackernews.com/2024/06/google-introduces-project-naptime-for.html
- Project Naptime is Google’s new framework for AI-powered vulnerability research.
- The framework leverages large language models (LLMs) for automated discovery and security analysis. Its toolset includes a Code Browser, Python tool, Debugger, and Reporter for comprehensive research.
- The performance review showed that this framework achieved top scores in CYBERSECEVAL 2 benchmarks for identifying buffer overflow and memory corruption flaws.
- This initiative represents a significant advancement in the use of AI to enhance cybersecurity efforts.
- Link to the CYBERSECEVAL 2 White Paper: https://ai.meta.com/research/publications/cyberseceval-2-a-wide-ranging-cybersecurity-evaluation-suite-for-large-language-models/
Achieve Next-Level Security Awareness by Creating Secure Social Norms
Article Link: https://www.darkreading.com/cybersecurity-operations/achieve-next-level-security-awareness-by-creating-secure-social-norms
- Security awareness importance can be emphasized by developing secure social habits to reduce the likelihood of security breaches.
- Human behavior highlights how individual actions can influence the security behavior of others.
- Those in the role of security professionals are encouraged to transform security awareness into social norms and actions.
- A practical tip is to launch security awareness campaigns and use clear language to explain security concepts and proactive steps.