WME Security Briefing 03 May 2024

WME Cybersecurity Briefings No. 008

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack

Overview

  • The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from the Nation-State cyberattack.
  • The hack was discovered earlier this week, and it exposed sensitive information on projects relevant to national security.
  • MITRE and the federal government are working on an assessment of the extent of the intrusion and information that potentially has been accessed

Impact

  • National Security Considerations: The breach could have serious impacts on U.S. national security since some of the projects hosted on MITRE have a classified nature.
  • Intellectual Property Theft: Critical research data and intellectual property theft could undermine technological advantages.
  • Increased Threat Landscape: This emphasizes an increase in threat levels by Nation-State actors using cyberspace to attack the Critical Infrastructure Sectors.

Recommendation

  • Immediate Security Review: Organizations, especially those linked to national security, should conduct immediate reviews of their security posture and enhance detection capabilities.
  • Strengthen Access Controls: Implement more stringent access controls and monitoring systems to detect and respond to unusual activities.
  • Collaboration and Reporting: Encourage increased collaboration between public and private sectors to share threat intelligence and improve response strategies.

Ukraine’s Critical Infrastructure Under Attack

Overview

  • In a series of severe cyberattacks, Ukraine’s critical infrastructure has turned into prime targets. Usually, these are basically aimed at disrupting supplies to energy and government operations. Just lately, as they have sought to do it, trying to influence public opinion through compromised radio stations broadcasting false news about the health of President Zelenskyy.

Impact

  • These cyber-attacks include the following aims:
  • Disrupt the energy sector by homing cyberattacks with a missile strike, especially in the eastern and southern Ukraine.
  • Deployed malware such as WhisperGate to wipe data across government networks, potentially causing long-term damage to state functions.
  • Manipulating information includes false news bulletins which have led, in some cases, to evoking unrest and even panic among people.

Recommendation

  • Given the sophisticated nature of these threats, which often exploit vulnerabilities in widely used software, organizations are advised to:
  • Make sure that all these systems are continuously updated for the existing vulnerabilities to be patched.
  • They should have programs for regular audit and training of their employees in spotting such phishing attempts and other social engineering attempts.
  • Making sure that you have strong incident response techniques in place to be able to contain and minimize any intrusions rapidly.

Comprehensive Alert on TangleBot Malware Threat

Overview

  • The TangleBot malware campaign, for example, has now been found to target Android users in the U.S. and Canada with SMS phishing using COVID-19 themes. It uses text messages about new protocols or vaccine scheduling to deceive people into downloading a Flash player update that is actually malware.

Impact

  • Data theft: Access to personal and financial data through control over contacts, SMS, call logs, and financial applications.
  • Device Control: Manage control functions of a device, including Internet access, camera, microphone, and GPS.
  • Privacy Breach: Recording features – audio and video, Sensitive user activities are captured when the user does not permit this.
  • Delayed detection: The data could be stolen, but due to the non-immediate use of the data by the victims, detection and response are tough.

Recommend

  • Be wary of those links sent through SMSs from dubious sources, especially on updates or COVID-19 information.
  • For example: “Software Updates: Ensure the software of the device is updated through authorized channels, especially those of security applications.”.
  • Education on Smishing Attacks: Learn the dangers of this type of SMS phishing and the typical lures used.

Vulnerabilities in PAN-OS Versions

Overview

New findings from Palo Alto Networks detail critical security vulnerabilities in many PAN-OS versions operating on their network security appliances. Exploitation of these vulnerabilities could allow the attacker to gain unauthorized access to and control of the affected device.

Impact

Vulnerabilities are affected by the following versions of PAN-OS:

  • CVE-2024-0007: Stored Cross-Site Scripting (XSS) in the Panorama web interface can affect versions up to 10.1.5.
  • CVE-2024-0008: Insufficient session expiration in the web interface impacts versions up to 10.2.4.
  • CVE-2024-0009: The IP Address is not checked properly in GlobalProtect Gateway for versions up to 10.2.3.
  • CVE-2024-0010 and CVE-2024-0011: These are reflected XSS vulnerabilities impacting the GlobalProtect Portal and the Captive Portal Authentication, up to version 10.1.10.

Recommendation

  • For vulnerabilities with XSS and session expiration, update to PAN-OS versions 10.1.6 and above.
  • Make sure you have updated to version 10.2.4 or later to fix the IP verification issues.
  • This ensures that organizational security systems are safeguarded against possible exploits that may compromise the integrity of the network and data security.

References

You can consult the Palo Alto Networks website for the latest information and details about this security advisory.

North Korea’s Lazarus Group Advances Cyber Threats with “Operation Dreamjob” and LightlessCan Malware

Overview

Recent reports showed that North Korea’s state-sponsored Lazarus Group has been behind a sophisticated cyber attack campaign. Operation Dreamjob is the newest from them, and it is yet another one that’s pretending to recruit professionals by sending fake job offers on LinkedIn. Some key tools in these attacks include the new “LightlessCan” malware, symbolizing further development in the group’s cyber arsenal.

Impact

Activities by the Lazarus Group have mainly been in the technology and aerospace sectors, with notable breaches reported in both Europe and the United States. The arrival of the LightlessCan malware, an advanced backdoor able to run many commands invisibly, means the opponents have intensified the technical capabilities and stealth of the attacks. This shows the successful breach through social engineering tactics like fake recruitment and underscores continued threats of the state-sponsored actors on the world’s cybersecurity.

Recommendation

  • Employee Awareness: Regular training programs for identification of Phishing and Social Engineering attempts.
  • System updates make sure that all software is up to date to be protected from known system vulnerabilities.
  • Network Monitoring: Deploy high-level monitoring tools that sniff out and nullify any abnormal activities at their early stages.
  • Verification Processes: We need to establish strict protocols on how to verify these job-related communications, especially those from social media sites such as LinkedIn.

Windows Management Experts

Now A Microsoft Solutions Partner for:

✓ Data & AI

✓ Digital and App Innovation

✓ Infrastructure

✓ Security

The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.

Know More

Why not reach out to us at WME?

Contact us and let us transform your business’s security into a strategic advantage for your business. Be sure, with WME, you’re just beginning a path toward a more streamlined and secure future.

Contact Us

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=