[ad_1]
LockBit takes credit for hacking South African pension fund
Despite law enforcement’s takedown of LockBit’s infrastructure on February 19, the ransomware gang has claimed last month’s attack on South Africa’s government workers pension fund. Officials from South Africa’s Government Employees Pension Fund (GEPF) initially reported that “no data breach had occurred,” but have now confirmed that pension fund systems were compromised and that they are “extremely concerned” about the data leaked by LockBit on Monday. Despite the continued posting from LockBit, experts say last month’s takedown does appear to have slowed down the group, at least for now.
CISA’s OT attack response team understaffed
The US Government Accountability Office (GAO) has conducted a study focusing on CISA’s operational technology (OT) cybersecurity services, and found that some of the agency’s teams are understaffed. At the time of the study, CISA had just four employees and five contractors on its threat hunting and incident response team, which the GAO said was not enough to respond to significant OT cyberattacks in multiple locations at the same time. Most non-federal entities in the study cited positive experiences with CISA’s OT cyber services, but one significant issue appears related to insufficient staff. Finally the report found that between 2019 and May 2023, CISA was only able to fulfill 125 of 572 architecture design review requests from OT organizations.
US and Russia accuse each other of potential election cyberattacks
An annual report from the US Office of the Director of National Intelligence asserts that China and Russia are poised to undermine US national interests by promoting authoritarianism and spreading disinformation. The report says, “Moscow views US elections as opportunities and has conducted influence operations for decades and as recently as the US midterm elections in 2022.” Meanwhile, Russia’s Foreign Intelligence Service (SVR), says that the US plans to interfere with its own presidential elections, set to take place March 15-17. Despite providing no evidence, the SVR accused the Biden administration of having plans to strike Russian voting systems and impede vote counting.
In related news, Google has restricted its AI chatbot, Gemini, from responding to election-related queries. The shift shines a light on concerns about how generative AI could be weaponized to influence the election process by providing inaccurate or misleading responses.The update is already live in the US and has begun rolling out in India and all major countries where elections are taking place.
(SecurityWeek and TechCrunch)
Acer confirms employee data leak
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company’s attendance data. On Tuesday, a threat actor known as ‘ph1ns’ published a link to the stolen Acer database for free on BreachForums. The threat actor said their attack was purely focused on data theft and they did not deploy ransomware or make an attempt to extort the company. Acer confirmed the data was that of their employees but clarified that no customer data was impacted. The computer maker notified Philippine authorities and an investigation is ongoing.
Huge thanks to our sponsor, Vanta
‘Magnet Goblin’ exploits Ivanti bug in mere hours
As we’ve been covering on Cyber Security Headlines, threat actors have swarmed to flaws in Ivanti edge devices as of late and one threat actor, dubbed “Magnet Goblin,” was the fastest to capitalize. Within one day of the release of a proof-of-concept (PoC) exploit for a command injection vulnerability in Ivanti Connect Secure and Policy Secure gateways (CVE-2024-21887), Magnet Goblin had malware containing the exploit in-hand. Magnet Goblin has been exploiting one-days in public-facing services typically running on Linux. Experts say organizations need to ensure they have endpoint protections in place on Linux servers (and not just Windows devices) and will need to patch vulnerabilities quickly as threat actors are now whipping up one-day exploits at unprecedented rates.
JetBrains fires back at Rapid7 over vuln disclosures
Cybersecurity firm Rapid7 recently criticized JetBrains, the company behind the popular TeamCity CI/DC platform, over allegations of silent patching. JetBrains fired back in a blog post this week accusing Rapid7 of being “entirely unethical and harmful” to its customers. JetBrains said Rapid7 released enough information about two TeamCity vulns for low-skilled attackers to exploit them in ransomware attacks just hours after patches went live. JetBrains say they support timely vuln disclosure but only provide enough details for customers to take appropriate actions. OWASP weighed in acknowledging the merits of both sides but noted that it would be “sensible” for details about serious vulnerabilities to have a publication delay to limit potential harm. Seeing this kind of public war of words is a rarity in the infosec community which typically abides by agreed-upon norms.
You should probably patch that (Patch Tuesday edition)
In its March 2024 Patch Tuesday release, Microsoft issued fixes for 60 security flaws including two maximum severity HyperV vulns (CVE-2024-21407 and CVE-2024-21408) that could lead to code execution and denial-of-service attacks. Microsoft also flagged a serious flaw in Open Management Infrastructure (OMI) (CVE-2024-21334), assigning the bug 9.8 out of 10 severity score. Microsoft’s updates also cover code execution issues in Microsoft Exchange Server and a Microsoft Azure Kubernetes bug that could lead to credential theft. None of the documented issues are under active attack.
Meanwhile on Tuesday, Siemens published security advisories for a whopping 214 vulnerabilities affecting their products. 157 of these flaws relate to Siemens Simatic RF160B mobile reader. A critical vulnerability in the Sinema Remote Connect Server that could lead to code execution has also been addressed. Also of note, Siemens detailed vulnerabilities in Fortinet’s FortiOS and Fortigate firewalls which integrate with Siemens’ switches, routers and industrial application hosting platform.
Adobe also rolled out fixes for code execution flaws in the oft-targeted Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge and Adobe Lightroom.
Schneider Electric chipped in with its own advisories detailing high severity flaws in its Easergy T200 RTUs for medium voltage and low voltage public distribution network management systems.
Finally, SAP flagged 3 High severity vulnerabilities as ‘hot news’ in its March security update. The issues affect Chromium browser in Business Client, Build Apps, and NetWeaver AS Java.
(SecurityWeek [1][2][3][4] and Bleeping Computer)
Google paid $10 million in bug bounty rewards last year
In 2023, Google awarded $10 million to researchers in 68 countries for finding and reporting security flaws in the company’s products. Android flaws accounted for $3.4 million in bug bounty payouts while Chrome browser bugs accounted for $2.1 million. In 2023, Google increased the maximum reward amount for Android critical vulnerabilities while tripling payouts for Chrome sandbox escape exploits. Though Google’s 2023 bounty payout total was roughly $2 million less than 2022, the tech giant’s bounty program continues to showcase the importance of community participation in Google’s security efforts.
[ad_2]
——————————————————–