Hackers backdoored Cisco ASA devices via two zero-days
Ring customers get $5.6 million in privacy breach settlement
Critical Forminator plugin flaw impacts over 300k WordPress sites
UnitedHealth confirms it paid ransomware gang to stop data leak
The recent disclosure indicates that the hacking group known as ArcaneDoor has been leveraging zero-day vulnerabilities in Cisco networking equipment to infiltrate government networks between November 2023 and January 2024
These zero-day vulnerabilities, tracked as CVE-2024-20353 and CVE-2024-20359, provide attackers with a means to gain unauthorized access to sensitive systems and data.
CVE-2024-20353: A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software could allow an unauthenticated remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
CVE-2024-20359: A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins which has been available in Cisco Adaptive Security Appliance (ASA), Software and Firepower Threat Defense (FTD) software could allow an authenticated local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability
ArcaneDoor's exploitation of these vulnerabilities underscores the significant risk posed by unpatched network infrastructure, particularly within critical government sectors. The group's activities highlight the importance of timely patching and proactive cyber security measures to mitigate the threat of sophisticated cyber attacks targeting essential infrastructure and sensitive government networks. Furthermore, it underlines the need for enhanced threat intelligence sharing and collaboration among government agencies, private sector organisations, and cyber security experts to effectively detect, respond to, and mitigate cyber threats targeting critical infrastructure and national security.
Ring customers have been awarded a $56 million settlement in response to a privacy breach. Following the allegations of inadequate security measures that led to unauthorized access to customers' home security cameras and personal information.
This breach highlights the potential risks associated with Internet-of-Things (IoT) devices but also stresses the importance of robust security protocols in safeguarding user privacy, as consumers increasingly rely on smart home devices for security and convenience.
It is imperative for companies like Ring to prioritise cyber security and implement severe measures such as including encryption, multi-factor authentication, and regular security audits, to protect user data from unauthorized access and exploitation.
This incident also highlights the importance of transparency, accountability, and regulatory compliance in maintaining consumer trust and safeguarding privacy in an increasingly connected world.
A critical security flaw has been uncovered in the Forminator plugin, affecting over 300,000 WordPress websites. Forminator plug is a popular Wordpress plugin which provides a drag-and-drop editor you can use to create many different types of forms, including contact forms, polls, and even quizzes. And this integrates with other third-party services such as google sheets, Trello and MailChimp to name a few. This comes after acritical vulnerability found in another WordPress plugin LayerSlider a few weeks back.
This vulnerability poses a significant threat to website security, potentially allowing remote attackers to execute arbitrary code and gain unauthorized access to sensitive data. Exploitation of this flaw could lead to severe consequences, including website defacement, data theft, and compromise of user information.
Currently tracked as the following three vulnerabilities:
CVE-2024-28890 – Insufficient validation of files during file upload, allowing a remote attacker to upload and execute malicious files on the site's server. Impacts Forminator 1.29.0 and earlier.
CVE-2024-31077 – SQL injection flaw allowing remote attackers with admin privileges to execute arbitrary SQL queries in the site's database. Impacts Forminator 1.29.3 and earlier.
CVE-2024-31857 – Cross-site scripting (XSS) flaw allowing a remote attacker to execute arbitrary HTML and script code into a user's browser if tricked to follow a specially crafted link. Impacts Forminator 1.15.4 and older.
The widespread use of the Forminator plugin across numerous WordPress sites amplifies the risk, making it an attractive target for malicious actors seeking to exploit vulnerabilities at scale. Website administrators are strongly urged to apply the latest patches and updates provided by the plugin developers promptly. Integrity360 would also like to advise organisations that use WordPress sites to use as few plugins as they can when building their website and even in some cases to only enable the plugins when they are needed.
The recent confirmation by UnitedHealth Group of paying a ransomware gang to prevent the leakage of sensitive data emphasises the gravity of the evolving threat landscape. This disclosure sheds light on the challenging decisions organisations face when mitigating the impact of ransomware attacks/ cyber treats.
Whilst paying the ransom may temporarily mitigate data exposure, it also raises ethical and security concerns, potentially fuelling the abundance of ransomware attacks and emboldening cybercriminals. Furthermore, the paying of the ransomware does not also mean that the threat actor will do as they say they will, you may be faced with the fact that you have paid for the data to not be leaked but the treat actors have leaked the data nevertheless or you never hear from them again once they take the money.
This incident serves as a stark reminder of the critical need for vigorous cyber security defences, proactive incident response strategies, and resilient data backup and recovery mechanisms to combat ransomware threats effectively. Organisations must prioritise cyber security investments, adopt comprehensive risk management practices, and collaborate closely with law enforcement and cyber security professionals to enhance their resilience against ransomware attacks and safeguard sensitive information from malicious exploitation.
Integrity360 would like to remind organisations to never pay a ransomware fee, as you may also face criminal action from the law. Law enforcement also do not encourage or endorse nor condone the payment of ransom demands, as Ransomware payments to the criminal groups behind these attacks perpetuates the threat and does not guarantee victims will regain access to their data.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Integrity360's flagship conference Security First comes to Stockholm in 2023!
Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.