Top news stories this week
- Conceal-and-fine. SEC fines four companies for failing to accurately report their cybersecurity incidents.
- Warning. Former UK PM David Cameron and UK Security Minister address rising cyber threats from China and Russia.
- Info spill. Sensitive database of United Nations exposed online.
- Digital dilemma. Internet Archive faces another cyber breach amid restoration efforts.
- In the red. Casio forced to delay release of financial results due to ransomware attack.
- FortiJump! XHackers actively exploit Fortinet and Veeam zero days.
1. SEC fines four companies for failing to accurately report their cybersecurity incidents
The Securities and Exchange Commission (SEC) imposed penalties on four companies for making misleading disclosures linked to the 2019 SolarWinds data breach. Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast were all charged over their responses to cybersecurity incidents.
So What?
Organizations should ensure that they meet their incident reporting requirements. As these requirements can be complex, it is important to seek advice and support from knowledgeable legal experts.
[Researcher: Milda Petraityte]
2. Former UK PM David Cameron and UK Security Minister address rising cyber threats from China and Russia
The former British Prime Minister David Cameron said the US, UK, and allies should strengthen defenses against Chinese cyber threats but still cooperate on issues such as climate change at Recorded Future’s Predict 2024 conference on 22 October. Speaking at the same conference, the UK Security Minister Dan Jarvis highlighted plans to reform the Computer Misuse Act, adding that China presented a more complex long-term challenge for the UK compared to Russia.
So what?
Countries have a delicate balance to strike between guarding against sophisticated cyber threats and fostering international cooperation on crucial global issues.
[Researcher: Waithera Junghae]
3. Sensitive database of United Nations exposed online
The database of the United Nations Trust Fund to End Violence against Women has been left openly accessible online. The sensitive information containing 115,141 files related to violence against women and girls was stored in clear text without access controls, exposing the victims, UN staff and various multi-million dollar projects.
So what?
The lack of protection of sensitive information jeopardises the safety and wellbeing of exposed individuals, while scammers could also use this information to attempt payment diversion fraud. Organizations should ensure that databases storing sensitive information are access-controlled on a need-to-know basis and encrypted at rest.
[Researcher: Milda Petraityte]
4. The Internet Archive mocked by hackers during restoration efforts
While responding to a cyber attack, the Zendesk account of the US-based non-profit The Internet Archive was compromised. The threat actor used their access to this customer service platform to send emails from the organization's account, mocking their containment and recovery efforts, and claimed access to over 800,000 support tickets due to unrotated API keys.
SO WHAT?
When dealing with a security incident, it's crucial for organizations to reset all active logins and tokens, and refresh security keys. This helps prevent attackers from using stolen credentials to access systems.
[Researcher: Aditya Ganjam Mahesh]
5. Casio forced to delay release of financial results due to ransomware attack
Casio have been forced to delay the release of their second-quarter earnings after a ransomware attack earlier this month. The attack rendered many of the company’s systems as unusable and has led to extensive business disruption, including limited access to the company’s accounting data.
SO WHAT?
A well-tested business continuity plan that secures data using immutable backups will minimize business disruption in the event of a cyber incident.
[Researcher: David Broome]
6. Software vulnerabilities in Fortinet and Veeam exploited in the wild
Fortinet have disclosed a critical fault in their FortiManager application (CVE-2024-47575), which is being actively exploited by hackers. The flaw, dubbed ‘FortiJump’ allows attackers to take over FortiManager devices and it is suspected to have been leveraged as a zero day since June.
Separately, a critical remote code vulnerability (CVE-2024-40711) in Veeam’s backup and replication tool has been exploited in ransomware attacks. This comes after Veeam had released a patch for the critical flaw in September. CISA has added the vulnerability to its catalogue of known exploits.
So what?
Threat actors will target popularly used tooling. If your organisation uses either of the impacted products it is crucial to deploy patches, in a timely manner, according to Fortinet and Veeam advisories.
[Researcher: Adelaide Parker]