43% of UK Higher Education institutions attacked on a weekly basis and breaches at Casio and Internet Archive...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
Over 86,000 Fortinet Devices Still Vulnerable to Critical Exploit
A critical Fortinet vulnerability (CVE-2024-23113), disclosed in February 2024, is now being actively exploited, affecting more than 86,000 devices. The flaw, with a 9.8/10 severity rating, impacts FortiOS, FortiPAM, FortiProxy, and FortiWeb, and allows remote code execution without user interaction. Most affected devices are located in Asia, followed by North America and Europe. Administrators are urged to patch or mitigate the issue by removing fgfm daemon access to vulnerable interfaces.
Veeam Vulnerability Exploited in Ransomware Attacks
A recent critical Veeam Backup & Replication vulnerability (CVE-2024-40711) is being actively exploited by ransomware groups. The flaw allows remote code execution, enabling attackers to create rogue accounts and deploy ransomware, including Fog and Akira. The attacks use compromised credentials and target VPN gateways lacking multi-factor authentication. Veeam patched the vulnerability in September 2024, but attackers continue leveraging unpatched systems to exfiltrate data and infect servers.
Cyber Attacks
Casio Confirms Ransomware Attack and Data Theft
Casio has confirmed a ransomware attack where personal and confidential data of employees, job candidates, customers, and business partners were stolen. The attack, attributed to the Underground ransomware group, compromised information including employee records, customer service details, and sensitive company documents. However, Casio clarified that no payment card information was affected. Investigations are ongoing, and affected individuals are advised to be vigilant.
Internet Archive Data Breach Affects 31 Million Users
The Internet Archive was hacked, resulting in a data breach impacting 31 million users. The breach occurred between January and March 2020, and compromised data included emails, hashed passwords, IP addresses, and more. The Internet Archive has urged users to reset their passwords. It’s important to be cautious and monitor accounts for any suspicious activity if you’ve used this platform during that time.
In Other News...
Iranian Hackers Used ChatGPT to Target Industrial Control Systems
OpenAI revealed that Iranian hackers, particularly the group CyberAv3ngers, abused ChatGPT to plan attacks on industrial control systems (ICS). They targeted water utilities in Ireland and the U.S. using easily exploitable default credentials. The hackers used ChatGPT for reconnaissance, exploitation techniques, and vulnerability detection. However, OpenAI stated that ChatGPT did not provide them with any novel capabilities. The U.S. government has identified CyberAv3ngers as linked to Iran’s military.
ShadowLogic Attack Implants Codeless Backdoors in AI Models
Security firm HiddenLayer has uncovered a novel attack, dubbed ShadowLogic, that allows attackers to implant codeless backdoors in AI models by manipulating their computational graphs. This method works without altering model code or requiring the training phase, making it difficult to detect. ShadowLogic can affect a wide range of models, from image classifiers to large language models, and could enable highly targeted attacks across industries. The backdoors persist even after model fine-tuning.
Nearly Half of UK Higher Education Institutions Suffer Weekly Cyberattacks
Microsoft’s latest report reveals that 43% of UK higher education institutions face cyberattacks on a weekly basis, with an average of 2,507 attempts per week. These attacks exploit vulnerabilities in email systems, IoT devices, and phishing tactics. The education sector is a prime target due to limited cybersecurity budgets and sensitive student data, making it the third most attacked industry behind manufacturing and retail.