Good Morning, Security Gang!
Welcome to another episode of the CyberHub podcast. Host James Azar brings us the latest cybersecurity news and updates. Here are the key stories discussed:
PHP Vulnerability Leading to Ransomware Attacks
A recent PHP vulnerability (CVE-2024-4577) on Windows servers using Apache and PHP CGI is being exploited for ransomware attacks. The issue stems from the PHP implementation's failure to consider Windows best-fit behavior, allowing attackers to inject arguments and execute arbitrary code.
Action Items:
Patch Updates: Ensure all PHP versions on Windows are updated to the latest versions (8.1.29, 8.2.20, 8.3.10).
Security Monitoring: Monitor systems for web shell uploads and ransomware deployment attempts, particularly those utilizing the Tell You the Past ransomware.
Elevation of Privilege Vulnerability in Windows Error Reporting Service
The BlackPasta threat actor is exploiting a zero-day privilege escalation flaw in the Windows Error Reporting service (CVE-2024-26169). The exploit tool was found to be in use before the patch was released, indicating it was used as a zero-day.
Action Items:
Patch Application: Apply the March 2024 patch to mitigate this vulnerability.
Threat Detection: Implement monitoring for suspicious activities related to initial access vectors like QakBot and DarkGate.
Ransomware Epidemic
Ransomware attacks have surged by 75%, with over $1.1 billion paid to attackers in 2023. Financially motivated threat clusters, such as Cardinal and UNC4393, are leveraging legitimate Microsoft products as attack vectors.
Action Items:
Incident Response Plan: Ensure robust incident response plans are in place to handle ransomware attacks.
Employee Training: Educate employees about phishing and the use of legitimate tools as potential attack vectors.
Patch Tuesday Updates
Microsoft released fixes for 49 vulnerabilities, including several critical ones. The most significant is CVE-2024-30080, a remote code execution vulnerability in the Message Queuing service.
Action Items:
Immediate Patching: Patch all systems to address the listed vulnerabilities, especially CVE-2024-30080.
Service Checks: Verify that the Message Queuing service is not running unnecessarily and close TCP port 1801 if not in use.
ICS Vendor Vulnerabilities
Siemens, Schneider, and Aveva released advisories covering multiple vulnerabilities. These affect a range of ICS products, posing significant risks to critical infrastructure.
Action Items:
Vulnerability Management: Apply patches and mitigations provided by Siemens, Schneider, and Aveva.
Security Assessment: Conduct regular security assessments of ICS environments to identify and address vulnerabilities.
Browser Security Updates
Google and Mozilla announced updates to Chrome 126 and Firefox 127, fixing multiple high-severity memory safety vulnerabilities.
Action Items:
Auto-Update Browsers: Ensure all browsers are set to auto-update to the latest versions.
Patch Management Tools: Utilize patch management tools to enforce timely browser updates.
Apple VisionOS Update
Apple updated VisionOS to version 1.2, addressing several vulnerabilities, including the first specific to the Vision Pro headset.
Action Items:
Update VisionOS: Apply the latest VisionOS update to mitigate security risks.
Security Awareness: Stay informed about potential vulnerabilities in new and emerging technologies like VR headsets.
Pixel Security Update
Google rolled out a security update for Pixel devices, addressing a zero-day vulnerability (CVE-2024-3289) already exploited in the wild.
Action Items:
Immediate Update: Update Pixel devices to the latest firmware to address the zero-day vulnerability.
Continuous Monitoring: Monitor for updates and advisories from device manufacturers regularly.
CISA Impersonation Scams
Scammers are impersonating CISA employees to deceive victims into transferring money. This trend involves using government titles to legitimize scams.
Action Items:
Awareness Training: Educate employees and the public about the dangers of impersonation scams.
Verification Processes: Implement strict verification processes for any communication requesting money or sensitive information.
Snowflake Incident Victims
LendingTree and Pure Storage confirmed they were affected by the Snowflake incident, impacting telemetry data and business operations.
Conclusion
Stay informed, apply patches promptly, and continue to enhance your security posture. Join us again for more updates and insights on Monday at 9 a.m. Eastern. Have a great day and stay cyber safe!
👀 SHOW Supporters:
Today’s Episode is supported by our friends at Nudge Security free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub
✅ Story Links:
https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/
https://www.securityweek.com/chrome-126-firefox-127-patch-high-severity-vulnerabilities/
https://www.cybersecuritydive.com/news/pure-storage-snowflake-attack/718716/
https://therecord.media/lendingtree-quotewizard-cybersecurity-incident-snowflake
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Website: https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post