Hello folks, welcome to the Ethical Empire. I hope you guys are doing well! Here are some of the most significant cyber security news stories from the past week.
1. CISA Warns of Widespread Cisco Vulnerability Exploited by Ransomware:
- The News: The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning about a critical vulnerability (CVE-2020-3259) in Cisco ASA/FTD firewall appliances. This vulnerability, known for over two years, is actively exploited by the Akira ransomware group to encrypt data and demand ransom payments.
- Impact: This vulnerability affects thousands of organizations globally, potentially leaving them susceptible to ransomware attacks.
- Source: https://www.cisco.com/c/en/us/products/security/technical-alliance-partners/cyware.html
- Action: Patch affected Cisco devices immediately and considered additional security measures like multi-factor authentication.
2. Leader of Zeus and IcedID Malware Gangs Pleads Guilty:
- The News: Evgeniy Bogachev, the alleged leader of the notorious Zeus and IcedID malware operations, pleaded guilty to conspiracy to commit computer fraud and related charges. He faces up to 40 years in prison.
- Impact: This marks a significant victory for law enforcement in the fight against cybercrime, potentially disrupting the operations of these major malware groups.
- Source:https://thehackernews.com/search/label/Zeus
3. Eight Vulnerabilities Disclosed in the AI Development Supply Chain:
- The News: Researchers uncovered eight vulnerabilities in the open-source software used to build artificial intelligence and machine learning models. These vulnerabilities could be exploited by attackers to manipulate or steal sensitive data used in AI development.
- Impact: This highlights the growing security risks associated with AI development and the need for robust security practices throughout the development process.
- Source:https://www.securityweek.com/eight-vulnerabilities-disclosed-in-the-ai-development-supply-chain/
4. Ex-Employee’s Credentials Used in US Government Agency Hack:
- The News: An unnamed US government agency was hacked after attackers gained access through the compromised credentials of a former employee. This incident serves as a reminder of the insider threat and the importance of proper access control measures.
- Impact: The full details of the breach are still unknown, but it highlights the need for vigilant security practices within government agencies.
- Source:https://www.securityweek.com/ex-employees-admin-credentials-used-in-us-gov-agency-hack/
5. EU Watchdog Urges Rejection of Meta “Pay for Privacy” Scheme:
- The News: The European Data Protection Board (EDPB) urged the Irish Data Protection Commission to reject Meta’s proposed “pay for privacy” scheme, which would allow users to pay for additional privacy features on Facebook and Instagram.
- Impact: This decision could have significant implications for other companies considering similar data monetization models and the future of online privacy.
- Source:https://www.securityweek.com/facebook-parent-meta-hit-with-record-fine-for-transferring-european-user-data-to-us/
6. BMW security lapse exposed sensitive company information, researcher finds:
- The News: A security lapse at BMW exposed sensitive company information, including private keys, internal data, and login credentials.
- Impact: The data was exposed for an unknown amount of time and it is not known if it was accessed by anyone else. This could have led to a data breach or other security incidents.
- Source: https://techcrunch.com/2024/02/14/bmw-security-lapse-exposed-sensitive-company-information-researcher-finds/
- Action: BMW should take steps to improve its security practices to prevent similar incidents from happening in the future. This could include things like:
- Regularly auditing and monitoring cloud storage configurations
- Implementing strong password policies and multi-factor authentication
- Educating employees about cybersecurity best practices
Never forget to check out our YouTube channel, ETHICAL EMPIRE, and keep reading our exciting blogs. Until next time, stay curious, stay secure, and keep exploring the fascinating world of cyber security. See you soon, bye!