The CyberWire Daily Briefing
"Attackers exploit Palo Alto Expeditions vulnerability."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondent. Accessed on 09 November 2024, 1516 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/213
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 11.08.24
Announcement
Upcoming webinar: What’s trending and tanking in cyber marketing.
Is your 2025 marketing strategy already outdated? Find out by joining leading voices in cybersecurity marketing as they unpack what 2025 holds for our industry. We'll discuss the trends shaping the marketing landscape, which channels are in and which are out, and where they find the most significant opportunities for success. Register now for our webinar on November 19th, 2024 at 12:00 PM.
Summary
Is your 2025 marketing strategy already outdated? Find out by joining leading voices in cybersecurity marketing as they unpack what 2025 holds for our industry. We'll discuss the trends shaping the marketing landscape, which channels are in and which are out, and where they find the most significant opportunities for success. Register now for our webinar on November 19th, 2024 at 12:00 PM.
At a glance.
- Attackers exploit Palo Alto Expedition vulnerability.
- TSA proposes new cybersecurity regulations for ground transportation.
- Oilfield supplier hit by ransomware.
- Attackers exploit Palo Alto Expedition vulnerability.
- TSA proposes new cybersecurity regulations for ground transportation.
- Oilfield supplier hit by ransomware.
Attackers exploit Palo Alto Expedition vulnerability.
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical vulnerability (CVE-2024-5910) affecting Palo Alto Networks’ Expedition tool is being exploited in attacks. Palo Alto issued a patch for the flaw in July. CISA hasn't shared details on the exploitation, but BleepingComputer notes that a Horizon3.ai researcher released a proof-of-concept exploit for the vulnerability last month.
CVE-2024-5910 is a missing authentication vulnerability that can allow "an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data." The flaw was assigned a CVSS score of 9.3.
Discover how forward-thinking SOCs are raising security standards with AI.Join Kieran Walsh (Senior SOC Engineer, Samsara) and Hela Lucas (Security Operations Engineer, Samsara) for a behind-the-scenes look at how they optimize security operations with AI.
They'll share how AI helped them:
- Slash response times
- Reduce manual effort, from incident management to reporting
- Boost efficiency while maintaining accuracy
- Combat alert fatigue
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical vulnerability (CVE-2024-5910) affecting Palo Alto Networks’ Expedition tool is being exploited in attacks. Palo Alto issued a patch for the flaw in July. CISA hasn't shared details on the exploitation, but BleepingComputer notes that a Horizon3.ai researcher released a proof-of-concept exploit for the vulnerability last month.
CVE-2024-5910 is a missing authentication vulnerability that can allow "an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data." The flaw was assigned a CVSS score of 9.3.
Join Kieran Walsh (Senior SOC Engineer, Samsara) and Hela Lucas (Security Operations Engineer, Samsara) for a behind-the-scenes look at how they optimize security operations with AI.
They'll share how AI helped them:
- Slash response times
- Reduce manual effort, from incident management to reporting
- Boost efficiency while maintaining accuracy
- Combat alert fatigue
TSA proposes new cybersecurity regulations for ground transportation.
The US Transportation Security Administration (TSA) is seeking public feedback on a proposed cybersecurity rule that would require certain pipeline, freight railroad, passenger railroad, and rail transit operators to establish comprehensive cyber risk management programs, Industrial Cyber reports.
TSA Administrator David Pekoske said in a statement, "TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure. The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation."
Fortify Your Cybersecurity Against Modern-Day Outlaws with CiscoIn our free eBook, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats, we delve into the attacker’s playbook and arm you with the knowledge and tools to bolster your secure access. Learn how to build powerful, secure identity access that protects your business, your data, and your workers—no matter where they are. Download the eBook now and take the first step in modernizing and galvanizing your secure access against identity-based threats.
The US Transportation Security Administration (TSA) is seeking public feedback on a proposed cybersecurity rule that would require certain pipeline, freight railroad, passenger railroad, and rail transit operators to establish comprehensive cyber risk management programs, Industrial Cyber reports.
TSA Administrator David Pekoske said in a statement, "TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure. The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation."
In our free eBook, Attack Vectors Decoded: Securing Organizations Against Identity-Based Threats, we delve into the attacker’s playbook and arm you with the knowledge and tools to bolster your secure access. Learn how to build powerful, secure identity access that protects your business, your data, and your workers—no matter where they are. Download the eBook now and take the first step in modernizing and galvanizing your secure access against identity-based threats.
Oilfield supplier hit by ransomware.
Texas-based oilfield supplier Newpark Resources has disclosed an October 29th ransomware attack that disrupted its IT services, the Record reports. The company said its "manufacturing and field operations have continued in all material respects utilizing established downtime procedures."
Newpark stated in an SEC filing that the incident "has caused disruptions and limitation of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems." The company added that it believes "this incident is not reasonably likely to materially impact the Company's financial conditions or results of operations."
Texas-based oilfield supplier Newpark Resources has disclosed an October 29th ransomware attack that disrupted its IT services, the Record reports. The company said its "manufacturing and field operations have continued in all material respects utilizing established downtime procedures."
Newpark stated in an SEC filing that the incident "has caused disruptions and limitation of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems." The company added that it believes "this incident is not reasonably likely to materially impact the Company's financial conditions or results of operations."
Notes.
Today's issue includes events affecting Germany, the Democratic People's Republic of Korea, and the United States.
The CyberWire will be taking a break on Monday for the US Federal holiday of Veterans Day. We'll be back as usual on Tuesday.
Sponsored EventsNew webinar: Next-generation firewalls (Virtual, on-demand, Nov 1 - 30, 2024) Watch this webinar to learn how you can increase protection of your enterprise cloud environment using a next-generation firewall (NGFW). Firewalls have been around awhile, but an NGFW raises the concept to a higher level. Hear what features and capabilities make an NGFW “next generation.” See how AWS Marketplace sellers can help implement an NGFW—or optimize your existing one—to protect your organization against modern cyberthreats and increase your security posture. Watch now.Upcoming Cybersecurity Summits (Multiple Locations, Nov 15 - Dec 17, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 11/15 in NY, 11/21 in Los Angeles, 12/6 in Scottsdale and 12/12 in Jacksonville! Learn about the latest threats and solutions from The IRS, IBM, Horizon3.ai & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)Visit Cloudflare at AWS re:Invent (The Venetian Hotel, Las Vegas, NV, Dec 2 - 5, 2024) See how Cloudflare’s connectivity cloud helps organizations connect, protect, and build applications. Experts will be on-site offering demos of rapid full-stack & AI deployments and excited to discuss how to modernize your applications and enhance your organization’s digital infrastructure.Selected Reading
Today's issue includes events affecting Germany, the Democratic People's Republic of Korea, and the United States.
The CyberWire will be taking a break on Monday for the US Federal holiday of Veterans Day. We'll be back as usual on Tuesday.
Attacks, Threats, and Vulnerabilities
North Korean hackers use new macOS malware against crypto firms (BleepingComputer) North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems.
Host of House panels getting briefed on major Chinese hacker telecom breaches (CyberScoop) The reported scope of the Salt Typhoon hacks has expanded in recent days and weeks, from the incoming president to top U.S. officials.
North Korean hackers use new macOS malware against crypto firms (BleepingComputer) North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems.
Host of House panels getting briefed on major Chinese hacker telecom breaches (CyberScoop) The reported scope of the Salt Typhoon hacks has expanded in recent days and weeks, from the incoming president to top U.S. officials.
Trends
Hacker-Powered Security Report: Firms Turn to Human Intelligence Amid Rising AI Threats (HackerOne) 67% of respondents believe an external, unbiased review of GenAI is the most effective way to uncover AI safety and security issues as AI red teaming gathers momentum
Hacker-Powered Security Report: Firms Turn to Human Intelligence Amid Rising AI Threats (HackerOne) 67% of respondents believe an external, unbiased review of GenAI is the most effective way to uncover AI safety and security issues as AI red teaming gathers momentum
Products, Services, and Solutions
AppOmni and Cisco Partner to Extend SaaS Security with End-to-End Zero Trust From Endpoint to the Application (BusinessWire) Cisco selects AppOmni to join its Global Price List as part of its SolutionsPlus Program for easy procurement by global customers and resellers
Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks (Permiso) Permiso, the leader in real-time identity security, has released a suite of three open-source tools that help security teams bolster their detection capabilities for a variety of different attacks. The P0 Labs team -- the threat research arm of Permiso -- has launched a total of ten open-source tools to date, developed from their ongoing threat research and observations from real-world attacks.
AppOmni and Cisco Partner to Extend SaaS Security with End-to-End Zero Trust From Endpoint to the Application (BusinessWire) Cisco selects AppOmni to join its Global Price List as part of its SolutionsPlus Program for easy procurement by global customers and resellers
Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks (Permiso) Permiso, the leader in real-time identity security, has released a suite of three open-source tools that help security teams bolster their detection capabilities for a variety of different attacks. The P0 Labs team -- the threat research arm of Permiso -- has launched a total of ten open-source tools to date, developed from their ongoing threat research and observations from real-world attacks.
Legislation, Policy, and Regulation
Germany drafts law to protect researchers who find security flaws (BleepingComputer) The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
Germany drafts law to protect researchers who find security flaws (BleepingComputer) The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
Events
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
The Cyber Guild Virtual Employer Roundtable (Virtual, Nov 12, 2024) The Cyber Guild Employer Roundtable is an innovative sequence of virtual events for business, technical and people leaders across all sectors and industries building a sustainable cyber ecosystem, and who are invested in driving inclusive workforce practices. A peer discussion on how an intentional approach to deploying innovative tools ensures the desired outcome of increased innovation, inclusion and alignment with NIST AI standards.
Beyond Earth Symposium (Washington, DC, USA, Nov 12 - 13, 2024) The acceleration of space innovations that will enable space migration is outpacing public policy and international law regimes. Beyond Earth Institute’s mission is to create a policy and legal framework to support the robust development of an in-space economy and the expansion of human civilization beyond Earth. At the Beyond Earth Symposium 2024, we will wrestle with the critical current issues of the day and delve into the bleeding edge issues that must be moved to the center of international debate. What we do in a post-ISS era is an urgent, immediate concern. Policies that can foster the creation of a lunar-based economy are equally important. Let’s be bold together! Join stakeholders from across the industry, government, and international sector for this third annual Beyond Earth Symposium. Momentum is building to transform policy and legal landscape to enable a space migration future. Dare to be part of this work.
SecureWorld Midwest Virtual Conference (Virtual, Nov 13, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
CYBERSAT24 (Reston, Virginia, USA, Nov 18 - 20, 2024) CyberSat Summit has been at the forefront of the satellite industry’s burgeoning cybersecurity landscape since the event’s launch in 2017. Initially run as a single annual event, it morphed into two separate events in recent years – CyberLEO and CyberSatGov. This was done in response to changing market conditions, most notably the huge growth of LEO satellites and the corresponding rise of commercial interest in space. While CyberSatGov and CyberLEO were successful independently, the continued demand for LEO architectures and the ever-increasing collaboration between government and industry meant that these conversations needed to happen under one roof. As a result, 2024 will feature a single CyberSat event in November, where for the first time in its 7-year history, we will nearly double the event’s content offerings to include two concurrent tracks – one track titled “Space Infrastructure” and the second track titled “Space Data & Technology.” The “Space Infrastructure” track will continue CyberSat’s legacy focus on the overall satellite cybersecurity ecosystem and the protection of tangible assets like ground systems and satellite components, while the new “Space Data & Technology” track will focus on emerging technologies and the protection of space’s intangible assets like data. Keynotes, and a handful of general sessions, will contain talks that apply to all attendees.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANS Holiday Hack Cybersecurity Challenge 2024: Snow-maggedon (Vienna, Nov 7 - Dec 2, 2024) Whether you're a first-time player or a seasoned participant, this year’s Holiday Hack brings exciting new features you won’t want to miss! We’ve introduced a new dynamic for this year: challenges will be gradually released in sync with the story, keeping the experience fresh and immersive. See challenges release dates and new features included.
The Cyber Guild Virtual Employer Roundtable (Virtual, Nov 12, 2024) The Cyber Guild Employer Roundtable is an innovative sequence of virtual events for business, technical and people leaders across all sectors and industries building a sustainable cyber ecosystem, and who are invested in driving inclusive workforce practices. A peer discussion on how an intentional approach to deploying innovative tools ensures the desired outcome of increased innovation, inclusion and alignment with NIST AI standards.
Beyond Earth Symposium (Washington, DC, USA, Nov 12 - 13, 2024) The acceleration of space innovations that will enable space migration is outpacing public policy and international law regimes. Beyond Earth Institute’s mission is to create a policy and legal framework to support the robust development of an in-space economy and the expansion of human civilization beyond Earth. At the Beyond Earth Symposium 2024, we will wrestle with the critical current issues of the day and delve into the bleeding edge issues that must be moved to the center of international debate. What we do in a post-ISS era is an urgent, immediate concern. Policies that can foster the creation of a lunar-based economy are equally important. Let’s be bold together! Join stakeholders from across the industry, government, and international sector for this third annual Beyond Earth Symposium. Momentum is building to transform policy and legal landscape to enable a space migration future. Dare to be part of this work.
SecureWorld Midwest Virtual Conference (Virtual, Nov 13, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
CYBERSAT24 (Reston, Virginia, USA, Nov 18 - 20, 2024) CyberSat Summit has been at the forefront of the satellite industry’s burgeoning cybersecurity landscape since the event’s launch in 2017. Initially run as a single annual event, it morphed into two separate events in recent years – CyberLEO and CyberSatGov. This was done in response to changing market conditions, most notably the huge growth of LEO satellites and the corresponding rise of commercial interest in space. While CyberSatGov and CyberLEO were successful independently, the continued demand for LEO architectures and the ever-increasing collaboration between government and industry meant that these conversations needed to happen under one roof. As a result, 2024 will feature a single CyberSat event in November, where for the first time in its 7-year history, we will nearly double the event’s content offerings to include two concurrent tracks – one track titled “Space Infrastructure” and the second track titled “Space Data & Technology.” The “Space Infrastructure” track will continue CyberSat’s legacy focus on the overall satellite cybersecurity ecosystem and the protection of tangible assets like ground systems and satellite components, while the new “Space Data & Technology” track will focus on emerging technologies and the protection of space’s intangible assets like data. Keynotes, and a handful of general sessions, will contain talks that apply to all attendees.
Comments
Post a Comment
Please leave a comment about our recent post.