The CyberWire Daily Briefing
"Hackers target recently disclosed LiteSpeed Cache vulnerability."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 24 August 2024, 2335 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/162
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 08.23.24
Announcement
N2K Pro members now have exclusive access to Pro Academy.
As part of N2K’s commitment to your professional growth, we’re thrilled to introduce N2K’s Pro Academy–an exclusive benefit to our N2K Pro community. With this expansion, N2K Pro provides all the resources you need to stay current, prepare for certification exams, advance your cybersecurity skills, and network with industry peers– all in one cost-effective platform. Learn more and subscribe today.
Summary
As part of N2K’s commitment to your professional growth, we’re thrilled to introduce N2K’s Pro Academy–an exclusive benefit to our N2K Pro community. With this expansion, N2K Pro provides all the resources you need to stay current, prepare for certification exams, advance your cybersecurity skills, and network with industry peers– all in one cost-effective platform. Learn more and subscribe today.
At a glance.
- Hackers target recently disclosed LiteSpeed Cache vulnerability.
- Halliburton sustains cyberattack.
- Chinese threat actor exploited Cisco zero-day.
- Hackers target recently disclosed LiteSpeed Cache vulnerability.
- Halliburton sustains cyberattack.
- Chinese threat actor exploited Cisco zero-day.
Hackers target recently disclosed LiteSpeed Cache vulnerability.
Hackers have begun exploiting a critical privilege-escalation vulnerability (CVE-2024-28000) in the LiteSpeed Cache plugin for WordPress, BleepingComputer reports. Technical details for the flaw were disclosed on Wednesday, and a patch has been issued. LiteSpeed Cache has more than 5 million installations, and BleepingComputer notes that as of yesterday only about 30% were running a patched version.
WordPress security company Wordfence has blocked thousands of attacks targeting the flaw over the past two days. Wordfence explained in a blog post yesterday that the vulnerability "makes it possible for unauthenticated threat actors to spoof their user ID, making it possible for the attacker to create new administrative user accounts."
If you're on the front line, we've got your back.Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Hackers have begun exploiting a critical privilege-escalation vulnerability (CVE-2024-28000) in the LiteSpeed Cache plugin for WordPress, BleepingComputer reports. Technical details for the flaw were disclosed on Wednesday, and a patch has been issued. LiteSpeed Cache has more than 5 million installations, and BleepingComputer notes that as of yesterday only about 30% were running a patched version.
WordPress security company Wordfence has blocked thousands of attacks targeting the flaw over the past two days. Wordfence explained in a blog post yesterday that the vulnerability "makes it possible for unauthenticated threat actors to spoof their user ID, making it possible for the attacker to create new administrative user accounts."
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Halliburton sustains cyberattack.
Reuters reports that Halliburton, the world's second largest oil company, sustained a cyberattack on Wednesday that disrupted systems at its Texas headquarters. A company spokesperson told the Record, "We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact. We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue."
Reuters notes that the US Department of Energy said yesterday that the incident hasn't impacted any energy services.
See what cybercriminals know about your organization and customersDigital identities go beyond just usernames and passwords, meaning cybercriminals have increased access to sensitive data they can use against you. Last year alone, SpyCloud researchers and data scientists recaptured and analyzed more than 43.7 billion distinct identity records. Use our free tool to see your organization’s darknet footprint, including breach exposures and malware-exfiltrated data that put your business at risk of account takeover and ransomware. Check your exposure now.
Reuters reports that Halliburton, the world's second largest oil company, sustained a cyberattack on Wednesday that disrupted systems at its Texas headquarters. A company spokesperson told the Record, "We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact. We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue."
Reuters notes that the US Department of Energy said yesterday that the incident hasn't impacted any energy services.
Digital identities go beyond just usernames and passwords, meaning cybercriminals have increased access to sensitive data they can use against you. Last year alone, SpyCloud researchers and data scientists recaptured and analyzed more than 43.7 billion distinct identity records. Use our free tool to see your organization’s darknet footprint, including breach exposures and malware-exfiltrated data that put your business at risk of account takeover and ransomware. Check your exposure now.
Chinese threat actor exploited Cisco zero-day.
Researchers at Sygnia warn that the China-aligned threat actor Velvet Ant exploited a zero-day vulnerability (CVE-2024-20399) affecting on-premises Cisco Switch appliances. The flaw, which was patched last month, "allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system." Velvet Ant exploited the vulnerability to "deploy tailored malware, which runs on the underlying OS and is invisible to common security tools."
DMV Rising, D.C.’s Premier Conference for Cyber Execs.The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Researchers at Sygnia warn that the China-aligned threat actor Velvet Ant exploited a zero-day vulnerability (CVE-2024-20399) affecting on-premises Cisco Switch appliances. The flaw, which was patched last month, "allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system." Velvet Ant exploited the vulnerability to "deploy tailored malware, which runs on the underlying OS and is invisible to common security tools."
The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Notes.
Today's issue includes events affecting , and China the United States.
Sponsored EventsUpcoming Cyber Security Summits (Multiple Cities, Aug 20 - Sep 6, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/20 in Detroit, 8/22 in Portland, 8/27 in San Antonio and 9/6 in Chicago! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, City of Detroit, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!Step into the heart of excitement at the Finance & Accounting Technology Expo! (New York, NY, Oct 29 - 30, 2024) FATE is the leading expo in the finance industry, bringing together experts, innovators, and professionals like yourself to connect, explore and expand! There will be over 70 technologies, more than 60 learning sessions, incredible networking with over 1000 finance and accounting professionals -- and great keynote speakers. Our keynote speakers range from Shark Tank Judge Daymond John to CFO Glenn Hopper and even a TechStack of Sports panel, bringing you CFOs of some of the most recognized brands in sports sharing how technology powers their decisions and their growth! This premier event will leave you with the latest insights, strategies, and tools necessary to excel in the dynamic landscape of finance, accounting, and technology. And the best part is that – it's FREE! Use Code: wko735 and reduce your ticket price to $0. Register here today!Selected Reading
Today's issue includes events affecting , and China the United States.
Attacks, Threats, and Vulnerabilities
SolarWinds left hardcoded credentials in helpdesk product (The Register) Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches (Sygnia) Sygnia uncovers the China-Nexus group ‘Velvet Ant’ leveraging a zero-day exploit (CVE-2024-20399) on Cisco Switch appliances, escalating evasion tactics to maintain long-term network persistence.
SolarWinds left hardcoded credentials in helpdesk product (The Register) Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches (Sygnia) Sygnia uncovers the China-Nexus group ‘Velvet Ant’ leveraging a zero-day exploit (CVE-2024-20399) on Cisco Switch appliances, escalating evasion tactics to maintain long-term network persistence.
Products, Services, and Solutions
YouTube Launches AI Tool to Recover Hacked Accounts (Infosecurity Magazine) YouTube’s new AI troubleshooting tool is designed to help users recover and secure their accounts after they’ve been hacked
YouTube Launches AI Tool to Recover Hacked Accounts (Infosecurity Magazine) YouTube’s new AI troubleshooting tool is designed to help users recover and secure their accounts after they’ve been hacked
Legislation, Policy, and Regulation
FAA Proposes New Aircraft Cybersecurity Rules (Infosecurity Magazine) The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems
FAA Proposes New Aircraft Cybersecurity Rules (Infosecurity Magazine) The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems
Litigation, Investigation, and Law Enforcement
Telecom company hit with $1 million penalty over AI-generated fake Biden robocalls (The Record) Lingo Telecom failed to follow federal rules for caller ID information when it sent calls to voters on January 21, two days before the New Hampshire primary, the FCC said Wednesday.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
Telecom company hit with $1 million penalty over AI-generated fake Biden robocalls (The Record) Lingo Telecom failed to follow federal rules for caller ID information when it sent calls to voters on January 21, two days before the New Hampshire primary, the FCC said Wednesday.
For a complete running list of events, please visit the Event Tracker.
Events
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!
DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.
SecureWorld Detroit (Novi, Michigan, USA, Sep 18, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Comments
Post a Comment
Please leave a comment about our recent post.