Cyber Threat Report: Cyber Security News for 02/08/24

Critical Shim Bug Impacts Every Linux Boot Loader Signed In The Past Decade 
There are currently 5 vulnerabilities in Shim that could allow a network attacker to bypass secure boot and take over a vulnerable Linux system. Read More

CISA, FBI Warns Of China-Linked Hackers Pre-Positioning For ‘Destructive Cyberattacks Against US Critical Infrastructure
The People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. Read More

DEF CON is Canceled! No, Really This Time – But The Show Will Go On
Longtime host Caesars ends the relationship at short notice. Read More

Ransomware Dominates Ot Security Incidents
Operational technology security incidents impacted 46% of organizations around the world during the past year, with ransomware accounting for nearly half of such incidents. Read More

Over 25$ Million Lost in Deepfake Conference Call Scam at Hong Kong Office of Multinational Firm
The scammers digitally recreated the company's chief financial officer and other employees in a convincing video conference call to trick the victim into making money transfers. Read More

Raspberry Pi Pico Cracks Bitlocker In Under A Minute
Windows encryption feature defeated by $10 and a YouTube tutorial. Read More

Medical Center Fined $4.75M in Insider ID Theft Incident
The U.S. Department of Health and Human Services Office for Civil Rights on Tuesday said the settlement with Montefiore Medical Center in the Bronx stems from "data security failures" at the organization that led to an employee stealing and selling patients' protected health information. Read More

Verizon Insider Data Breach Hits Over 63,000 Employees
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. Read More

HPE Investigates New Breach After Data For Sale On Hacking Forum
This investigation comes after HPE disclosed two weeks ago that the company's Microsoft Office 365 email environment was breached in May 2023 by hackers the company believed to be part of the Russian APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR). Read More

Clorox Says Cyberattack Caused $49 Million In Expenses
The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company's business operations Read More

Researchers At UC San Diego Reveal The Most Effective Way To Get Stubborn Employees To Change Their Passwords
A team of university computer scientists has analyzed the messaging for a campus-wide mandatory password change, in what is considered the first study of its kind to look at effective communications around password policies. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

The Shim team released version 15.8 to fix six vulnerabilities, with one critical (CVE-2023-40547) allowing remote code execution. This flaw occurs due to trusting attacker-controlled data during HTTP response parsing, potentially leading to full system compromise. Shim, crucial for Secure Boot in Linux, is susceptible to attacks like Man-in-the-Middle and EFI Variable manipulation via a live Linux USB. These issues, found by Bill Demirkapi from Microsoft's Security Response Center, affect Linux bootloaders signed in the past decade, urging immediate updates. Additionally, other patched vulnerabilities include problems like NULL pointer dereference and out-of-bounds issues.

Several government agencies, including CISA, NSA, and FBI, issued a warning about Volt Typhoon, a Chinese hacking group allegedly tied to the government. They're targeting critical infrastructure to cause physical damage, focusing on OT equipment like SCADA systems. Volt Typhoon has been in victim networks for at least five years, using tactics like hacking routers and exploiting network vulnerabilities. They're sneaky, doing just enough to avoid detection, and they keep hitting the same organizations. Infrastructure operators need to beef up security measures and report any attacks right away.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.