News Express

• UK National Cybersecurity Center launches network elastic audit program

in the first half of 2024, ransom payments for ransom attacks hit a new high, with a total of over 3.2 billion yuan.

• Pan-micro issues an official announcement on the security risks of E-Cology H2 remote command execution.

• US chip giant MicroCore technology delays partial order delivery due to network attacks

• Emerging phishing tools abuse legitimate APIs to launch spam SMS attacks

• Privacy information of half Chilean citizens was leaked due to improper configuration of social security fund database

• Many Microsoft macOS applications face the risk of library injection attacks

• The Android Chrome browser will add the sensitive content protection feature.

• CrowdStrike "blue screen downtime" event may bring more market opportunities to Palo Alto

british National Cybersecurity Center launches network elastic audit program

recently, the British National Center for Network Security (NCSC) officially launched the network elastic audit (CRA) program, which aims to find qualified network elastic audit suppliers to strengthen network security assessment for key industries.

The plan was first announced at the CYBERUK conference on May this year. Catherine H, head of NCSC's professional program, said: "This new program ensures that suppliers can conduct independent network evaluation framework (CAF) audits and will initially focus on supporting key national industries."

it is reported that the CRA plan aims to meet the common requirements of all regulatory agencies and ensure that suppliers can meet these requirements. If suppliers join the program and meet the additional requirements of regulatory agencies, they will be eligible to audit in specific industries. At present, NCSC is cooperating with major government departments and regulatory agencies to integrate various elements. With the launch of the CRA program, NCSC will continue to monitor and promote the program to better understand the network elasticity in the UK.

Original link:

https://www.infosecurity-magazine.com/news/ncsc-opens-cyber-resilience-audit/

ransom payments for ransom attacks hit a new high in the first half of 2024, with a total of over 3.2 billion yuan.

According to the latest report of Chainalysis, a blockchain analysis company, ransom software attackers earned more than 3.2 billion yuan (US $0.4598 billion) of ransom income from victims in the first half of 2024. This figure has increased by about 2% compared with the same period in 2023; If this trend continues, the annual income of ransomware in 2024 may set a record.

Although law enforcement departments have dealt a major blow to large RaaS operators (such as LockBit), ransomware activities are still on the rise. This is mainly due to attackers turning to large organizations and demanding higher ransom. Among them, Dark Angels blackmail software group received the largest ransom of blackmail software recorded in 2024, which was about 75 million US dollars. It is said that the ransom was paid by a Fortune 50 company, which was attacked in early 2024. In addition, another obvious sign of the change in the strategy of blackmail software attackers is the significant increase in median ransom payments. From less than US $99000 at the beginning of 2023 to US $500000 in June 2024, an increase of more than five times.

The report shows that although the total amount of ransom has increased, the number of injured organizations choosing to pay ransom has actually decreased. The total number of ransomware payment events decreased by 27.27 year on year.

Original link:

https://www.bleepingcomputer.com/news/security/ransomware-rakes-in-record-breaking-450-million-in-first-half-of-2024/

pan-Micro Announces security risks of E-Cology H2 remote command execution

on August 20th, Pan Micro, a collaborative management application service provider, issued a security notice, disclosing information about remote code execution vulnerabilities e-cology. The announcement shows that the vulnerability allows attackers to obtain the administrator access token through e-cology-10.0 the foreground, and then use JDBC deserialization to implement remote code execution.

It is understood that e-cology is an enterprise-level collaborative management platform launched by pan-Micro Network Technology Co., Ltd. It integrates office automation, knowledge management, customer relationship management, human resources management and other multi-functional modules, it provides a comprehensive digital working space for enterprises. The remote code execution vulnerability of this announcement mainly affects the version of e-cology-10.0.

Because the vulnerability may be exploited in network attacks and attack and defense drills, relevant users should take measures to protect it as soon as possible. Currently, pan-Micro has released security patches to fix the above vulnerabilities. Enterprises can log on to the system for online updates or download and install them for protection.

Original link:

https://www.weaver.com.cn/cs/security/edm20240815_kdielfrovkewpiiuyrtewtw.html

network attack

recently, Microchip Technology, a well-known US chip manufacturer, disclosed a serious cyber security incident. The company said that the attack occurred last weekend and had affected the operation of some of the company's business systems, resulting in a decline in the production capacity of some manufacturing facilities and failure to meet customer orders on time.

At present, Weixin technology has formally submitted the Incident documentation to the US Securities and Exchange Commission (SEC). After evaluation, the company confirmed on August 19 that it had been invaded by the unauthorized party, some servers and business operations are disturbed. In response to this situation, MicroCore technology has taken emergency measures such as shutting down some systems and isolating affected systems.

The products of MicroCore technology are widely used in many fields such as industry, automobile, consumer electronics, aerospace and national defense, communication and computing, with about 123000 customers. At present, MicroCore technology is working closely with external network security experts to comprehensively evaluate the scope and impact of the attack and strive to restore the affected IT systems.

Original link:

https://www.bleepingcomputer.com/news/security/microchip-technology-discloses-cyberattack-impacting-operations/

emerging phishing tools abuse legitimate APIs to launch spam SMS attacks

recently, SentinelLabs, a network security company, released a report revealing that Xeon Sender, a cloud tool, is being used by cyber criminals to launch large-scale SMS spam and phishing attacks through the API of legitimate SaaS providers.

The report shows that Xeon Sender was first identified in 2022 and spread through Telegram and various hacker forums. An obvious feature of Xeon Sender is that it can use APIs of multiple different SMS providers to send batch messages, verify the login credentials of Nexmo and Twilio accounts, and verify the validity of phone numbers. Due to its ease of use and the wide availability of required certificates, Xeon Sender may be used by a large number of medium and low-level cyber criminals, posing a serious security threat.

In addition, Xeon Sender mainly relies on Python libraries of specific providers, which makes it difficult for network security teams to track and prevent their abuse. The report recommends that organizations strictly monitor API usage, pay close attention to changes in SMS sending permissions, guard against abnormal phone number uploads, and strengthen monitoring and control of legal service abuse.

Original link:

https://www.infosecurity-magazine.com/news/xeon-sender-enables-sms-spam/

half of Chilean national privacy information was leaked due to improper configuration of social security fund database

according to Cybernews, the network security news platform, Caja Los Andes, Chile's largest social security and pension fund institution, recently suffered a major data leakage accident, causing sensitive information of more than 10 million Chilean citizens to be exposed, it accounts for more than half of the country's total population. Preliminary investigations showed that the accident was caused by improper configuration of an Apache Cassandra database of the agency.

The report shows that the number of people affected this time is more than twice the total number of members reported by Caja Los Andes last year, which indicates that the leaked database also includes family members of members, information about users or deceased persons who have changed their service providers. The leaked information covers a wide range, including not only personal identity information (such as name, date of birth, address and telephone number), but also financial-related data (such as credit line, place of payment and credit usage). This configuration error causes any Internet user to access the user data stored in it, which may pose serious privacy and security risks to affected individuals.

Caja Los Andes said that measures have been taken to urgently fix the database with vulnerabilities. However, analysts believe that the incident may bring serious legal and economic consequences. According to the current laws of Chile, the agency will face a fine of 4% of last year's income and will also face large-scale potential litigation.

Original link:

https://www.scmagazine.com/brief/database-misconfiguration-exposes-over-half-of-chilean-populations-data

vulnerability warning

many Microsoft macOS applications face the risk of library injection attacks

recently, the Cisco Talos security research team revealed that 8 Microsoft popular applications on the macOS platform have Library injection attack defects. These defects allow attackers to steal application permissions and infringe on user sensitive data, posing a serious threat to the privacy and security of macOS users.

The study found that these applications enabled the "com.apple.security.cs.disable-library-validation" permission, which was originally used to load third-party developer signatures. However, this permission may be abused, allowing attackers to inject arbitrary libraries and execute malicious code. Attackers can use the existing permissions of these applications to bypass the macOS permission model and perform malicious operations without additional user verification, thus sending emails, recording, taking photos, or recording videos without authorization.

Currently, Microsoft has updated Teams and OneNote to remove the problematic permissions. However, as of the reporting date, Excel, Outlook, PowerPoint, and Word still have risks. Security experts suggest that users should update Microsoft applications to the latest version in a timely manner and pay close attention to Microsoft's subsequent security announcements. Experts also called on macOS to introduce stricter permission control mechanisms, such as adding user confirmation steps to load third-party plug-ins to improve system security.

Original link:

https://www.infosecurity-magazine.com/news/microsoft-apps-macos-exposed/

industry Trends

the Android Chrome browser will add the sensitive content protection feature.

A few days ago, an X user with account @ Leopeva64 posted a tweet saying that the Android Chrome browser is testing a new feature called sensitive content protection, you can mask sensitive data when users share the screen. According to introduction, after this function is enabled, if there are sensitive form fields (such as credit card and password) on the page, during screen sharing, screen recording and similar operations, the entire content area is blocked. Currently, this function is still in the testing stage and is only applicable to Android V or later.

In the Chromium Commit proposal, the developer proposes to add sensitive_content / features.[cc | h] and create a feature file for sensitive_content, which can be added through the Chrome and WebView experimental Flag.

Original link:

https://www.ithome.com/0/789/784.htm

CrowdStrike blue screen downtime may bring more market opportunities to Palo Alto

on August 19th, Palo Alto released the fourth quarter performance report of fiscal year 2024 as of July 31st. The company's revenue in the fourth quarter increased by 12% year on year to $2.189 billion, slightly higher than the market expectation of $2.16 billion; Net profit under the Non-GAAP standard was $0.522 billion, up 8% year-on-year; Diluted earnings per share was $1.51, higher than the market expectation of $1.41.

Previously, the performance of Palo Alto attracted much attention due to the global "blue screen downtime" event caused by its main competitor CrowdStrike due to improper system update. After the blue screen incident, on the one hand, the market speculated that CrowdStrike's customers might turn to competitors including Palo Alto, on the other hand, it believed that the incident would lead to a negative impact on the entire network security industry. Nikesh Arora, CEO of Palo Alto, said in a telephone conference after the financial report that some customers began to reevaluate their choices after Microsoft's blue screen time. He stressed that Palo Alto's security software update method is "completely different" from CrowdStrike ".

KeyBanc Capital Markets, Royal Bank of Canada Capital Markets, JMP Securities and other institutions all maintained the "overweight" rating of Palo Alto.

Original link:

https://m.thepaper.cn/newsDetail_forward_28466480