Zscaler calls investigators in amid breach speculation
Zscaler has engaged independent investigators to assess potential breaches after taking an exposed test environment offline. This isolated server, not linked to Zscaler's broader systems and containing no customer data, reportedly posed no threat to customer or corporate security. The cloud security firm confirmed ongoing monitoring and further updates pending the investigation's conclusion. This follows unverified claims on X (formerly Twitter) by a threat actor named IntelBroker, who alleged access to another unnamed cybersecurity company's sensitive data for $20,000. Despite these rumors, Zscaler has found no evidence of a breach.
An employee refuted these claims on Mastodon, urging the public to disregard any unofficial breach announcements as unreliable. IntelBroker has previously claimed breaches involving companies like General Electric and Home Depot. This incident occurs shortly after Zscaler reported blocking 2 billion phishing attempts via its Zero Trust Exchange, highlighting the effectiveness of AI in rapidly identifying cybersecurity threats.
Independent investigators are now examining Zscaler's systems for any signs of compromise. While investigating the rumors, Zscaler identified an isolated test environment accessible from the internet. This environment, however, contained no customer data and was disconnected from Zscaler's main systems. As a precaution, Zscaler took it offline for further analysis. Zscaler maintains there has been no impact on customers or its internal systems due to this isolated incident.
New BIG-IP Next Central Manager bugs allow device takeover
F5 addressed critical vulnerabilities in BIG-IP Next Central Manager that could give attackers full control of managed devices. These flaws allowed attackers to inject malicious code, letting them create hidden accounts and take complete control.
These vulnerabilities, identified as an SQL injection (CVE-2024-26026) and an OData injection (CVE-2024-21793), were found in the BIG-IP Next Central Manager API. Attackers could use these to execute malicious SQL statements remotely on unpatched devices, enabling unauthorized access and system control.
Eclypsium, a supply chain security firm, reported these flaws and demonstrated a proof-of-concept exploit. They highlighted that compromised instances could harbor invisible rogue accounts, allowing persistent, undetected access within a victim’s network. F5 has advised administrators unable to update immediately to limit access to the Next Central Manager to trusted users over secure networks. Although over 10,000 F5 BIG-IP devices are potentially exposed, there have been no reported exploitations of these vulnerabilities yet.
Google fixes fifth Chrome zero-day exploited in attacks this year
Google Chrome patches critical security hole (CVE-2024-4671) actively exploited by attackers. This is the fifth zero-day vulnerability fixed by Google this year. The flaw affects how Chrome displays content and could allow attackers to take control of your device.
The fix is included in Chrome versions 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux. Users should see the updates over the next few days or weeks. Additionally, this year has seen four other zero-day vulnerabilities patched, with three discovered during the Pwn2Own hacking contest in March. These vulnerabilities span out-of-bounds memory access, type confusion, and additional use-after-free issues, all of which could lead to remote code execution or data corruption through crafted HTML pages.
LockBit leader unmasked and sanctioned
An international operation led by the UK's National Crime Agency exposed and penalized a leader of the former top cybercrime group in the world.
The leader of what was once the world’s most damaging cybercrime group, Dmitry Khoroshev, has been unmasked and sanctioned by the UK, US, and Australia, following a major international disruption campaign led by the National Crime Agency. Known as LockBitSupp, Khoroshev, who enjoyed anonymity until now and even offered a $10 million reward for anyone who could reveal his identity, is now facing asset freezes and travel bans.
The actions against him are part of an extensive investigation into the LockBit group by the NCA, FBI, and other global partners within the Operation Cronos taskforce. This group provided ransomware-as-a-service to its affiliates, aiding them in launching over 7,000 attacks worldwide, notably affecting hospitals and healthcare companies. Despite recent efforts to rebuild, LockBit is operating at a reduced capacity due to this investigation, significantly lowering the global threat they pose.
Sanctions Minister Anne-Marie Trevelyan remarked on the collaborative efforts to curb such hostile cyber activities that threaten global security, highlighting the direct action taken against cyber-criminals like Khoroshev. Meanwhile, Security Minister Tom Tugendhat emphasized the clear message to cyber criminals that they are not untouchable and will face justice.
