Weekly Security News – 3rd June 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Cisco Releases May 2024 ASA, FMC, and FTD Software Security Advisory

Cisco has released six security advisories that cover six vulnerabilities in its semi-annual bundle of Cisco Adaptive Security Appliance Software (ASA), Firepower Management Center (FMC) Software, and Firepower Threat Defense (FTD) Software Advisories. The one high impact advisory concerns a SQL injection vulnerability, which when exploited, could allow an authenticated, remote attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least ‘Read Only’ user credentials. The five medium impact advisories included in the bundle address five bypass vulnerabilities. A remote, unauthenticated attacker could exploit some of these vulnerabilities to access otherwise controlled areas of an affected system.

TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust performance and advanced features for gaming and other demanding applications, and based on the number of user reviews the product has on online stores, it appears to be a popular choice among gamers. Arbitrary command execution on routers can lead to hijacking routers, data interception, changing DNS settings, and potentially breaching internal networks.

Cyber Attacks

BBC suffers data breach impacting current, former employees

The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. As per the reports, the incident impacted roughly 25,000 people, including current and former employees of Britain’s national public service broadcaster. The compromised data includes Full names, National Insurance numbers, Dates of birth, Sex, Home addresses. The announcement published on BBC’s pension website clarifies that the data security incident did not expose people’s telephone numbers, email addresses, bank details, financial information, and ‘myPension Online’ usernames and passwords.

Pirated Microsoft Office delivers malware cocktail on systems

Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes remote access trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs. AhnLab Security Intelligence Center (ASEC) has identified the ongoing campaign and warns about the risks of downloading pirated software. The Korean researchers discovered that the attackers use multiple lures, including Microsoft Office, Windows, and the Hangul Word Processor, which is popular in Korea.

Articles

Personal Information of 44,000 Compromised in First American Cyberattack

First American Financial Corporation this week revealed that the personal information of 44,000 individuals may have been compromised in a December 2023 cyberattack. The financial services firm initially disclosed the incident on December 21, when it announced that it had taken certain systems offline as a containment measure, after identifying unauthorized activity on its network. The next day, First American announced that it had taken its email systems offline as well and cautioned that First American Title and FirstAm.com subsidiaries were also impacted. One week later, the financial services firm said that it had started bringing some of its systems online, but full restoration was only announced on January 8, 2024.

New Research Warns About Weak Offboarding Management and Insider Risks
A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks. Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to remove access quickly and thoroughly for departing employees introduces serious insider threats, leaving a company vulnerable to multiple kinds of risks, such as data breaches, intellectual property theft, and regulatory non-compliance. Today, where SaaS applications are easily onboarded and are commonly used by users within and beyond the organization, effective offboarding procedures are non-negotiable to prevent instances of data leaks and other cybersecurity issues. Let’s explore insider risk management and user offboarding in more detail, looking at their security risks and discussing best practices for ensuring a secure organization.