Daily Brief

Penetration Testing as a Service (PTaaS) offers a comprehensive solution for continuous security monitoring in web applications Traditional pen testing is labor-intensive, time-consuming, and does not offer continuous monitoring PTaaS provides comprehensive coverage, frequent testing, automated processes, and integration with development processes Benefits of PTaaS include continuous security, holistic view of AppSec, and effective protection against cyber-attacks PTaaS is more scalable and effective compared to traditional pen testing PTaaS is suitable for organizations with a large number of applications and frequent release updates.

DDoS attacks are on the rise, with the volume growing by up to 300 percent in 2023. These attacks use compromised computer systems to generate attack traffic, resulting in loss of service, revenue, reputation, and control of network defenses. Being able to detect and mitigate DDoS attacks is crucial in preventing damage. A webinar hosted by The Register and Cloudflare will discuss the scale of DDoS attacks in 2023 and identify the perpetrators. The webinar will provide guidance on how to defend against DDoS attacks and offer best practices for mitigation. Participants will learn how to effectively protect their businesses and build strong defenses against DDoS attacks. The webinar is scheduled for 6th September and registration is available.

The Police Service of Northern Ireland (PSNI) mistakenly published data on 10,000 employees on their website Two men have been released on bail after being arrested under the Terrorism Act in relation to the data breach The breach included details of every serving Northern Ireland police officer, potentially endangering their safety Recent poster attempts to intimidate police officers, but the information contained was incorrect The PSNI has made four arrests in relation to the data breach so far Other police forces in the UK have also experienced data breaches recently, including Cumbria Police and the Metropolitan Police in London

Attackers gained access to data from a UK supplier of high-security fencing for military bases The initial entry point was a Windows 7 PC, highlighting the risks of running obsolete code and hardware The LockBit Ransom group conducted the attack and may have exfiltrated 10GB of data The breach could potentially provide access to sensitive military and research sites in the UK The company stated that no classified information was stored on the compromised system Zaun has notified the National Cyber Security Centre and the UK's Information Commissioner's Office regarding the breach The attack serves as a reminder for enterprises and organizations to be vigilant about security in their supply chains The targeted nature of the attack on a third-party supplier raises concerns about national security and critical infrastructure

Microsoft is disabling TLS 1.0 and 1.1 by default in Windows, potentially causing issues for enterprise administrators. SQL Server 2012, 2014, and 2016 editions may require updates to be compatible. Other applications expected to be broken include Apple's Safari browser for Windows and several security applications. Microsoft has been tracking TLS protocol usage and believes usage of TLS 1.0 and 1.1 is low enough to act. Windows Insiders will be the first to have TLS 1.0 and 1.1 disabled by default from September, followed by future Windows releases. The option to re-enable the protocols will still be available but should only be done as a temporary solution. Microsoft's goal aligns with industry efforts to eliminate deprecated versions of TLS, with the US National Security Agency (NSA) and major tech companies advocating for the move. Microsoft's progress in disabling TLS 1.0 and 1.1 has been delayed but is now planned to be implemented in its flagship operating system.

Simon Byrne, Chief Constable of the Police Service Northern Ireland (PSNI), has resigned amid a data breach and disciplinary controversy The PSNI mistakenly published spreadsheet data containing details of every single serving Northern Ireland police officer following a Freedom of Information request The sensitive information included personal details of officers and staff, making them vulnerable to potential targeting by dissident republican groups An independent review is currently underway to investigate the data breach In addition to the data breach, Byrne was facing backlash over a court ruling related to disciplinary actions taken against two junior officers The court ruled that the officers had been unlawfully disciplined to appease Sinn Féin's support for policing in Northern Ireland The ruling undermined Byrne's credibility and authority, contributing to his decision to resign Deputy Chief Constable Mark Hamilton is expected to temporarily lead the PSNI while a new leader is sought.

Organizations heavily depend on digital assets in today's digital age The real battleground in cybersecurity has shifted to user identities Many organizations are unaware of security gaps and vulnerabilities Silverfort commissioned a comprehensive study on the Identity Attack Surface The webinar aims to provide insights and actionable steps to improve cybersecurity The digital landscape is evolving with new threats, and organizations need to stay ahead Attendees will discover ways to transform their perception of cybersecurity Registration is open for the webinar to fortify organizations' cybersecurity.

The average cost of a data breach rose to $4.45 million, a 15% increase over the last three years. Healthcare organizations suffered the highest average loss of $10.93 million, followed by the finance industry at $5.9 million. Organizations with fewer than 500 employees experienced higher average data breach costs in 2023 ($3.31 million) compared to previous years. Phishing and stolen credentials are still the most common initial attack vectors, with phishing costing an average of $4.76 million and stolen credentials costing an average of $4.62 million. Integrating a third-party tool into the Active Directory can provide added control and visibility over compromised passwords. Rapid incident response is crucial to mitigating the financial impact of a data breach, as companies that detected compromises within 200 days lost $3.93 million compared to those that identified the issue later. Understanding and securing the cloud is essential, as 82% of breached data was stored in the cloud. Misconfigured cloud configurations and supply chain attacks were prevalent in the surveyed organizations. External Attack Surface Management (EASM) and risk-based vulnerability management can significantly reduce the time to identify and contain a data breach and lower breach costs.

Andariel, a North Korean threat actor, has been using various malicious tools in cyber assaults against corporations and organizations in South Korea The attacks involve malware strains developed in the Go language Andariel is a sub-cluster of the Lazarus Group, active since 2008 Financial institutions, defense contractors, government agencies, universities, cybersecurity vendors, and energy companies are targeted Initial infection vectors include spear-phishing, watering holes, and supply chain attacks Malware families employed by Andariel include Gh0st RAT, DTrack, YamaBot, NukeSped, and more Andariel recently exploited security flaws in Zoho ManageEngine ServiceDesk Plus using QuiteRAT The group has been carrying out attacks for financial gains and national security-related information

A reworked variant of the Chaes malware is targeting the banking and logistics industries The malware has been rewritten in Python, making it harder to detect by traditional defense systems Chaes primarily targets e-commerce customers in Latin America, particularly Brazil, to steal sensitive financial information The threat actors behind the malware, known as Lucifer, have breached over 800 WordPress websites to deliver Chaes to users The latest version, called Chae$ 4, includes significant transformations and enhancements, such as expanded credential theft capabilities and clipper functionalities The malware is delivered through compromised websites, with the victims being prompted to download an installer for Java Runtime or an antivirus solution ChaesCore, the primary orchestrator module, establishes a communication channel with the command-and-control server to fetch additional modules The malware now targets cryptocurrency transfers and instant payments via Brazil's PIX platform, highlighting the threat actors' financial motivations.

Hackers are targeting IT service desk agents in social engineering attacks Their goal is to trick agents into resetting multi-factor authentication (MFA) for high-privileged users The attackers aim to hijack Okta Super Administrator accounts to abuse identity federation features for impersonation They were able to compromise Super Admin accounts through authentication flow tampering or having passwords for privileged accounts Once they gain admin access, they elevate privileges for other accounts, reset enrolled authenticators, and remove 2FA protection Hackers use a second Identity Provider to impersonate users and access applications through Single-Sign-On authentication Okta recommends security measures to protect admin accounts from external actors Indicators of compromise and IP addresses associated with the attacks have been provided by Okta for additional protection measures.

Hackers are exploiting vulnerabilities in the MinIO storage system to breach object storage systems and access private information Two vulnerabilities, CVE-2023-28432 and CVE-2023-28434, are being used by attackers to execute arbitrary code and potentially take over servers Attackers are using a modified version of MinIO called Evil MinIO, which replaces the legitimate software with modified code that adds a backdoor The attack begins with social engineering to convince a DevOps engineer to downgrade to a vulnerable version of MinIO Hackers exploit one vulnerability to remotely access server environment variables and administrative credentials The malicious update replaces legitimate code with a tampered version that allows for remote command execution The backdoor in Evil MinIO is not detected by antivirus engines on Virus Total After breaching the storage system, attackers establish a communication channel with a command and control server and download additional payloads for post-compromise activity 38% of MinIO instances exposed on the public internet are confirmed to run a non-vulnerable version, but administrators should still apply the security update to protect against attacks.

The German Federal Financial Supervisory Authority (BaFin) has been experiencing an ongoing distributed denial-of-service (DDoS) attack on its website since Friday BaFin is responsible for regulating banks, financial, and insurance service providers in Germany The agency has taken necessary security precautions and defensive measures, including taking its public website offline, but assures that its crucial systems are unaffected The website hosts consumer and regulation information, important documents, a database of registered companies, job vacancies, and a platform for whistleblowers BaFin's IT team is working to restore public access to the website, but it is unclear when this will be accomplished

Swedish insurer Trygg-Hansa fined $3 million for exposing sensitive data of hundreds of thousands of customers Investigation initiated after a customer alerted authorities about the accessibility of backend database Backend database could be accessed without authentication, allowing browsing of private documents of other individuals Approximately 650,000 customers affected by the data exposure Data was exposed for more than two years, increasing the risk of exploitation by cybercriminals At least 202 cases of personal information exposure confirmed, but more cases may exist Insurer's failure to address the issue despite receiving reports indicates a severe shortfall in data security and risk mitigation measures Swedish Authority for Privacy Protection imposed an administrative penalty of $3 million on the insurer.

Nonprofit organization Freecycle confirms a massive data breach affecting over 7 million users. Stolen data, including usernames, User IDs, email addresses, and hashed passwords, was put up for sale on a hacking forum. Threat actor claims to have full access to member information and forum posts, including the credentials of Freecycle's founder and executive director. Users are advised to change their passwords and be aware of potential delays in the password reset process. Freecycle has reported the breach to the appropriate authorities. Users are cautioned to remain vigilant of phishing emails and be cautious of spam.