Information Security News 8-26-2024

Share This Post

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

Article Link: https://www.securityweek.com/major-backdoor-in-millions-of-rfid-cards-allows-instant-cloning

  • According to Quarkslab, a French security company, FM11RF08S versions of RFID cards produced by Shanghai Fudan contain a backdoor flaw that allows for cards to be cloned when malicious users are within close proximity of cards for several minutes.
  • This issue poses a major risk, as the compromised cards are widely used in hotels and facilities globally; Quarkslab advises consumers to assess their infrastructure and take immediate action to mitigate potential harm.

Georgia Tech Sued Over Cybersecurity Violations

https://www.infosecurity-magazine.com/news/georgia-tech-sued-cybersecurity

  • The Department of Justice (DoJ) has sued the Georgia Institute of Technology (Georgia Tech) and its affiliate, Georgia Tech Research Corporations (GTRC), for allegedly neglecting cybersecurity protocols required by a Department of Defense (DoD) contract in the first lawsuit under the Civil Cyber-Fraud Initiative.
  • These requirements fall under the False Claim Act and apply to all US defense contractors considered to operate critical infrastructure under the Defense Acquisition Regulations System (DFARS) clause 252.204-7012.
  • Whistleblowers claim the university failed to implement a required system security plan, refused to install anti-virus software, and submitted a false Supplier Performance Risk System (SPRS) score of 98 out of 110 to the DoD.
  • Georgia Tech denies the accusations, arguing that no data breach occurred, that the information in question wasn’t confidential, and that it plans to contest the lawsuit, asserting that the research did not require strict cybersecurity measures.
  • Link to DFARS 252.204-7012: https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-incident-reporting.

Halliburton Hit by Cyberattack, Operations Disrupted

Article Link: https://cybersecuritynews.com/halliburton-cyberattack/

  • A cyberattack has significantly disrupted Halliburton’s Houston campus and global networks. The major oil and gas corporation has acknowledged an unspecified ‘issue’ and is collaborating with cybersecurity experts to resolve it.
  • Employees at the North Houston campus have been advised to avoid internal networks, highlighting operational challenges and raising concerns about the energy sector’s vulnerability to cyber threats.
  • The incident underscores the growing trend of cyberattacks targeting critical infrastructure, emphasizing the urgent need for improved cybersecurity measures in industries vital to national and global economies.

Microsoft Will Require MFA for Azure Services

Article Link: https://www.darkreading.com/identity-access-management-security/microsoft-will-require-mfa-for-azure-services

  • Starting in October 2024, Microsoft will mandate multifactor authentication (MFA) for all Azure customers using the Azure portal, including the Microsoft Entrata and Intune admin centers as part of its Secure Future Initiative to strengthen security and prevent account compromises.
  • Microsoft will notify customers to ensure they are prepared for this change, with options to request additional time for compliance. Certain Azure tools will not require MFA until 2025.
  • This proactive move is essential for enhancing security across Microsoft’s systems and contributing to a safer online environment for its customers.
  • Link to Microsoft’s Announcement: https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/

Over 3400 High and Critical Cyber Alerts Recorded in First Half of 2024

Article Link: https://www.infosecurity-magazine.com/news/3400-high-threats-recorded

  • Critical Start, a cybersecurity solutions company, released a report revealing 3,438 high and critical cyber alerts in the first half of 2024. The U.S. experienced a 46.15% increase in attacks, with the manufacturing and industrial sectors being the hardest hit, facing 377 ransomware and database leak incidents.
  • Professional services saw a 15% increase in attacks, while the technology sector reported a 12.75% decrease. The healthcare and life sciences sector experienced a 180% surge in attacks, particularly against major providers.
  • The report notes a 3000% spike in deepfake fraud and increased exploitation of open-source repositories, leading experts to recommend a zero-trust security model, enforcing least privilege access, and using real-time threat intelligence to mitigate these threats.
  • Link to Critical Start’s Report: https://www.criticalstart.com/resources/cyber-threat-intelligence-report-2024/

Not Even Zoos Are Safe from Data Breaches — Oregon Zoo Warns Visitors Their Details May Have Been Stolen

Article Link: https://www.techradar.com/pro/security/not-even-zoos-are-safe-from-data-breaches-oregon-zoo-warns-visitors-their-details-may-have-been-stolen

  • A security breach within the Oregon Zoo’s online ticketing system has compromised sensitive information of over 117,000 ticket purchasers, including names, payment card numbers, CVVs, and expiration dates, exposing them to risks like wire fraud and identity theft.
  • Hackers redirected transactions between December 2023 and June 2024 to access the sensitive data. In response, the zoo has decommissioned the compromised website, launched a new secure platform, and notified federal law enforcement.
  • Affected individuals are being offered free credit monitoring and identity protection services for 12 months and they are advised to cancel and replace their credit cards and review transactions made since late 2023 to detect and prevent misuse.

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Article Link: https://thehackernews.com/2024/08/thousands-of-oracle-netsuite-sites-at.html

  • Thousands of Oracle NetSuite e-commerce sites risk exposing sensitive customer data due to misconfigured access controls on custom record types (CRTs) due to customer errors, not flaws in NetSuite.
  • The vulnerability allows unauthorized access through CRTs set with “No Permission Required” access types, needing attackers to know CRT names.
  • Administrators should tighten CRT access controls, limit public access to sensitive data, and possibly take affected sites offline while changing access types to “Require Custom Record Entries Permission” for better security.

Why End of Life for Applications Is the Beginning of Life for Hackers

Article Link: https://www.darkreading.com/vulnerabilities-threats/why-end-of-life-for-applications-is-beginning-of-life-for-hackers

  • Over 35,000 applications will reach end-of-life in the next year, becoming vulnerable to attacks without updates or patches, particularly if they use outdated systems like older Apache Log4j versions.
  • Migrating or updating these applications is challenging and costly, as they often depend on outdated systems vital to business operations.
  • To manage risks, track end-of-life, advocate for timely updates or migrations, and highlight the business value of security improvements during cloud transitions.

It’s Time to Untangle the SaaS Ball of Yarn

Article Link: https://thehackernews.com/2024/08/its-time-to-untangle-saas-ball-of-yarn.html

  • Businesses use around 500 Software-as-a-Service (SaaS) apps, with 51% unauthorized, increasing data exposure risks due to poor permission management.
  • A 68% rise in attacks from third-party SaaS or cloud apps in 2023 highlights the need for thorough monitoring and mapping of these environments.
  • To reduce risks, continuously monitor all apps, enforce strict access controls, employ an identity provider (IdP), and implement multifactor authentication (MFA).
  • Link to Verizon’s Report: https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/

Man Sentenced for Altering Registry Systems to Fake His Death

Article Link: https://cybersecuritynews.com/man-sentenced-for-altering-registry/

  • Jesse Kipf, a 39-year-old resident of Somerset, Kentucky, was sentenced to 81 months in prison for creating a fake death certificate to evade child support and hacking into death registries and private networks.
  • His actions revealed significant digital vulnerabilities and the far-reaching impact of identity theft.
  • Prosecuted by Assistant U.S. Attorney Kate Dieruf, Kipf will serve 85% of his sentence and face supervised release, underscoring cybercrime’s serious financial and long-term consequences.


Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.