Information Security News 8-5-2024

Share This Post

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

Article Link: https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html

  • A big phishing campaign was found where a hacker used a flaw in Proofpoint’s email system to send fake emails. These emails looked like they came from companies like Best Buy and IBM, tricking people into giving away their personal information and credit card details.
  • The fake emails used legitimate Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) signatures, so they passed email security checks. This flaw let the malicious users send emails through Microsoft 365 tenants using Proofpoint’s servers.
  • Proofpoint admitted to the error after finding out about it. They called it a “super-permissive misconfiguration.” The company has now fixed the issue and told customers how to stop this from happening again.
  • Security experts say it’s important to maintain strong cloud security and do threat assessments often. They also advise email providers to limit bulk emailing abilities and secure routing setups against such scams.
  • Link to Proofpoint’s Analysis: https://www.proofpoint.com/us/blog/threat-insight/scammer-abuses-microsoft-365-tenants-relaying-through-proofpoint-servers-deliver

Cost of a Data Breach Report 2024

Article Link: https://www.ibm.com/reports/data-breach?mod=djemCybersecruityPro&tpl=cs

  • In 2024, the cost of data breaches rose by 10% globally, reaching an all-time high. Public cloud breaches are particularly costly, averaging $5.17 million per incident, with 40% of breaches involving data stored across multiple environments.
  • Organizations that use security AI and automation have allegedly saved an average of $2.22 million in breach costs compared to those that do not, demonstrating the financial benefits of investing in advanced security technologies.
  • However, only 24% of generative AI initiatives are currently secured, putting data and models at significant risk. IBM provides frameworks and tools to enhance AI security to address these vulnerabilities.

Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error

Article Link: https://www.darkreading.com/cloud-security/microsoft-azure-ddos-attack-amplified-cyber-defense-error

  • On July 30, 2024, a cyberattack hit Microsoft Azure, taking down several cloud services for nearly eight hours. The problem worsened because of an error during Microsoft’s defense of the attack.
  • Microsoft’s Distributed Denial of Service (DDoS) protection tools kicked in but made things worse due inadvertent errors in DDoS mitigation and network configuration changes. They are now looking into what happened and will share a report soon.
  • The attack affected many Azure services, including Azure App Services, Azure IoT Central, Application Insights, Log Search Alerts, and Azure Policy. Other key services such as Azure’s portal, Microsoft 365, Entra, and Intune had issues as well.
  • Experts say DDoS defenses can fail for many reasons, such as wrong settings or faulty load balancing. Microsoft’s experience emphasizes the need for real-time traffic analysis, scalable infrastructure, redundant systems, and intelligent load balancing to prevent similar disruptions in the future.

Cybercriminals Use Malicious Android Apps to Steal OTP Codes

Article Link: https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html

  • Over 107,000 malicious Android apps have been identified, targeting users’ SMS messages to steal one-time passwords (OTPs) for online account verification since at least February 2022.
  • The campaign has affected victims in 113 countries, with the highest numbers in India and Russia. Other major affected countries include Brazil, Mexico, the U.S., Ukraine, Spain, and Turkey.
  • The malicious apps are distributed through deceptive ads mimicking Google Play Store listings and Telegram bots posing as legitimate services. Once installed, the apps request access to SMS messages and send stolen OTPs to command-and-control servers.
  • Stolen OTPs are used to commit identity fraud, such as creating fake accounts for phishing or social engineering attacks. The malware campaign highlights the abuse of Telegram by cybercriminals for malware propagation and control.

Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom

Article Link: https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-receives-record-breaking-75-million-ransom/

  • According to Zscaler ThreatLabz, a Fortune 50 company broke the record for largest publicly-known ransom payment after paying the cyber crime group Dark Angels $75 million, surpassing the previous record of $40 million.
  • The Dark Angels group is known for its advanced methods, which involve breaching corporate networks, stealing sensitive data, and demanding large sums of money. They employ aggressive methods, such as Linux encryptors and data leak sites to pressure their victims.
  • Unlike other ransomware groups that target a wide range of victims, Dark Angels focuses on a few high-value targets in order to maximize their profits. This strategy, known as “Big Game Hunting,” has become a prevailing trend adopted by many ransomware groups in recent years.

Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations

Article Link: https://www.securityweek.com/ransomware-attack-hits-oneblood-blood-bank-disrupts-medical-operations/

  • OneBlood, a key non-profit blood bank for 300+ hospitals in Florida, Georgia, and the Carolinas, faced a ransomware attack, significantly impeding their operations.
  • Despite remaining operational, OneBlood is now relying on manual processes, which take longer and impact blood inventory availability. Hospitals have been asked to activate critical blood shortage protocols.
  • OneBlood is working with anti-malware specialists and federal, state, and local agencies to investigate and resolve the issue. Efforts are ongoing to restore full system functionality as quickly as possible.
  • This incident adds OneBlood to a growing list of healthcare providers targeted by ransomware attacks. Recently, the U.S. government and Mandiant exposed a North Korean group conducting similar attacks on healthcare providers.

How to Write a Generative AI Cybersecurity Policy

Article Link: https://www.trendmicro.com/en_us/research/24/g/write-generative-ai-cybersecurity-policy.html

  • As the use of generative AI becomes increasingly prevalent in enterprise IT, CISOs are taking steps to mitigate potential risks and ensure secure implementation. These risks include internal bias, dissemination of misinformation, and sophisticated phishing attacks, highlighting the need for clear policies to protect data privacy and maintain information accuracy.
  • Effective AI security policies should include measures such as prohibiting the sharing of sensitive data with public AI platforms, implementing data separation protocols, validating AI outputs, and adopting a zero-trust security approach to manage access and protect data.
  • To effectively enforce these policies, CISOs may utilize advanced tools such as Extended Detection and Response (XDR), Security Information and Event Management (SIEM), and data loss prevention (DLP) technologies. These tools can monitor network activity and detect potential threats, helping to maintain the security of AI integration within the enterprise.

Ohio Becomes the Fifth U.S. State to Recognize IDs in Apple Wallet

Article Link: https://www.engadget.com/ohio-becomes-the-fifth-us-state-to-recognize-ids-in-apple-wallet-211807995.html

  • Ohio has become the fifth US state to accept driver’s licenses and state IDs stored in Apple Wallets, making it easier for residents to carry identification digitally. This new feature can be used at TSA airport checkpoints and select businesses across the state.
  • States like Arizona, Colorado, Georgia, and Maryland have aalready adopted digital IDs in both Apple Wallet and Google Wallet. Twenty-four other states as well as Washington D.C. and Puerto Rico are considering implementing mobile digital licenses, with seven already committed to implementing digital wallet access.
  • The Ohio Bureau of Motor Vehicles has provided an instructional video to help residents add their IDs to Apple Wallet. The state is also developing a free age verification app for businesses. Apple Wallet’s digital ID feature was first introduced with iOS 15 in 2021, and similar functionalities are available for Google Wallet users with compatible Android devices.



Reach out to our incident response team for help

More To Explore

Information Security News 12-2-2024

Minnesota Mandates Updated Cybersecurity Incident Reporting Article Link: https://mn.gov/mnit/about-mnit/security/cir/ New York Fines GEICO $9.8 Million Over Data Breach Article Link: https://www.reuters.com/business/finance/new-york-fines-geico-98-million-over-data-breach-2024-11-25/ RansomHub Gang Says It

Information Security News 11-25-2024

Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous Article Link: https://www.theregister.com/2024/11/20/data_is_the_new_uranium/ MITRE Updates List of 25 Most Dangerous Software Vulnerabilities Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.