09-Aug-23: In Security News Today

Major Design Flaw in Billions of Intel CPUs Exposes Data Leakage Vulnerability

A newly revealed flaw in Intel CPUs, called ‘Downfall,’ allows for data leakage between users sharing a computer or cloud environment. The vulnerability arises from a memory optimization feature in Intel CPUs that accidentally leaks internal hardware registers. While a patch has been released, it is seen as a treatment rather than a cure, as the underlying problem of shared hardware registers without proper isolation remains. This flaw affects billions of devices running Intel processors manufactured between 2014 and 2021, and similar vulnerabilities may exist in CPUs developed by other vendors.

Data Breach Compromises Safety of Police Officers in Northern Ireland

A data leak from the Police Service of Northern Ireland (PSNI) has put the safety of 10,000 serving police officers at risk. The leak occurred when a spreadsheet containing sensitive details, including names, ranks, departments, and locations of the officers, was accidentally published in response to a Freedom of Information (FoI) request. The PSNI is currently investigating the breach and has expressed concerns about the effectiveness of cybersecurity safeguards in the UK.

August 2023 Microsoft Security Updates: Exploitation Detected Bugs and Other Fixes

Microsoft has released its August 2023 security updates, addressing 74 CVE-numbered bugs. Two special items, labeled as ‘Exploitation Detected,’ appear at the top of Microsoft’s bug listing page, indicating zero-day vulnerabilities that were first exploited by cyber attackers. One of the items relates to security improvements in Microsoft Office to address a previously patched zero-day bug related to the Mark of the Web system. Another item, related to the Memory Integrity System Readiness Scan Tool, does not mention any CVE numbers, leaving the details of the vulnerability and its exploitation unclear. Other notable fixes include vulnerabilities in Microsoft Exchange Server and Microsoft Teams, which could lead to unauthorized access and remote code execution, respectively.

OWASP Lead Flags Gaping Hole in Software Supply Chain Security

A lead from OWASP has proposed a solution to the problem of securing the software supply chain by using a process called binary source validation. This process involves inspecting software at a layer deeper than the source code to validate the build artifacts created while coding. The current security measures, such as software bills of material (SBOMs), are not sufficient to address the security issues in the software supply chain.

Interpol Shuts Down African Cybercrime Group, Seizes $2 Million

Interpol led a cross-border investigation called Operation Jackal, resulting in the arrest of 103 individuals and the seizure of over $2 million from West African cybercriminal groups. The operation targeted the Nigerian criminal gang ‘Black Axe,’ known for cyber-enabled financial fraud, including business email compromise, romance and inheritance scams, credit card and tax fraud, and money laundering. Interpol’s success in this operation demonstrates international cooperation and serves as a warning to West African crime networks that they will be pursued relentlessly.

Why Shellshock Remains a Cybersecurity Threat After 9 Years

The Shellshock vulnerability, also known as the Bash bug, is still a prevalent and popular target for attackers nearly a decade after it was first disclosed. The vulnerability exists because of bad patch management, with organizations failing to apply necessary updates in a timely manner. Credit unions are particularly vulnerable to Shellshock attacks due to their lack of security resources and reliance on third-party vendors.

Attacker Breakout Time Shrinks Again, Underscoring Need for Automation

Attackers are becoming faster at moving from an initial compromise to extending their infiltration of a firm’s network, with the average intrusion requiring just 79 minutes before launching an attack on other systems. The breakout time is one measure of an attacker’s agility when compromising corporate networks, and it highlights the need for automation in cybersecurity defenses. Attackers are also increasingly focusing on interactive intrusions, abusing legitimate identities and account information, and exploiting cloud environments, particularly Linux containers or virtual machines.

New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware

A new report by Check Point has uncovered tactical similarities between the Rhysida ransomware group and Vice Society, including their targeting of education and healthcare sectors. The report suggests that Vice Society operators are now using Rhysida ransomware, although it does not imply exclusive use. Both groups have been observed using existing ransomware binaries and resorting to pure extortion-themed attacks. The findings also reveal a correlation between the emergence of Rhysida and the disappearance of Vice Society.

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

The U.K. Electoral Commission has disclosed a cyber attack that lasted over a year, resulting in the exposure of voter data belonging to 40 million people. The breach, which was detected in October 2022, allowed unauthorized access to the Commission’s servers hosting email, control systems, and electoral registers. The exposed data includes personal information such as names, email addresses, home addresses, and contact telephone numbers. The Commission has stated that the attack does not impact the electoral process or registration status, but individuals should remain vigilant for unauthorized use of their personal data.

Exposed Kubernetes Clusters Exploited for Cryptocurrency Mining and Backdoors

Aqua, a cloud security firm, has reported that exposed Kubernetes clusters are being targeted by malicious actors for deploying cryptocurrency miners and backdoors. The majority of these clusters belong to small to medium-sized organizations, with some belonging to larger companies in various sectors. The clusters suffer from misconfigurations that allow anonymous access with high privileges and running kubectl proxy with certain flags, making them vulnerable to exploitation. These exposed clusters contain sensitive assets such as customer data, financial records, intellectual property, and access credentials, making them a significant security risk.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.