This Week in Cybersecurity — 16 September

Ivanti is the gift that keeps on giving, more fake coding tests, and frustrating days for TfL employees

Ivanti keeps on giving

Last Friday, CISA added another Ivanti vulnerability to their Known Exploited Vulnerabilities Catalog. CVE-2024–8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance, was released last Tuesday. Only three days later, Ivanti updated their advisory to include confirmed observations of exploitation.

This marks yet another serious vulnerability from Ivanti in recent times, raising further questions about the overall security posture of their products.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active…www.cisa.gov

Developments in the cyberattack against Transport for London (TfL)

While the attack was first detected on September 1st, TfL have now confirmed that customer data was compromised during the attack. One detail related to the compromised data is that approximately 5,000 customers could have had their Oyster card refund data, bank account number and sort codes accessed by the threat actor.

On Friday, a 17-year-old was arrested in the investigation into the cyberattack. The male suspect is thought to have been involved in the attack. TfL has emphasized that the impact on their transportation services has been minimal. Their employees might not agree with this though, as all 30,000 of them are now required to show up in-person to change their password.

TfL requires in-person password resets for 30,000 employees after hack
​Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify…www.bleepingcomputer.com

WordPress requiring 2FA for plugin developers

Starting October 1st, WordPress will enforce two-factor authentication for all plugin and theme developers with accounts that have commit access. Another security layer that is being added it the usage of SVN passwords, a dedicated password required to perform commits.

Given the popularity of WordPress, and its history with various security issues, steps like this to elevating the security of WordPress as a product are always welcome, and 2FA should be a given in 2024.

WordPress.org to require 2FA for plugin developers by October
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required…www.bleepingcomputer.com

Lazarus Group Targets Developers with Fake Coding Tests

A seemingly trendy way of compromising businesses seems to be through the deception of workers though malicious job opportunities, and Lazarus has now joined the party. The North Korean state-sponsored hacking group has been targeting software developers with a sophisticated campaign involving fake coding tests.

During this recent attack, Lazarus masquerades as recruiters, often from well-known companies, and reaches out to developers through platforms like LinkedIn. The developers are then tasked with finding bugs in code that contains hidden malware, which then compromises their machine when executed.

Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of…www.reversinglabs.com

Patch Tuesday!

This past week also saw Microsoft’s Patch Tuesday updates, which included fixes for 79 different vulnerabilities. Four of them have either already been exploited, or the vulnerability itself has been publicly disclosed. Two of the more critical vulnerabilities are:

• CVE-2024–38018: A remote code execution vulnerability in SharePoint Server.

• CVE-2024–38216: A privilege escalation vulnerability in Azure Stack Hub.

These vulnerabilities are critical, especially for organizations that rely heavily on Microsoft’s enterprise solutions.

Security Update Guide - Microsoft Security Response Center
Edit descriptionmsrc.microsoft.com

The UK Labels Data Centers Critical Infrastructure

The UK has designated data centers as Critical National Infrastructure, in an attempt to boost Cybersecurity. This designation comes in the wake of the CrowdStrike incident, that among other things disrupted doctors’ practices across the UK.

By classifying data centers as critical infrastructure, the UK government aims to strengthen their cybersecurity defenses and prioritize resources to protect them.

https://www.cnbc.com/2024/09/12/uk-labels-data-centers-critical-infrastructure-to-boost-cybersecurity.html

Big settlement after 23andMe data breach

In October 2023, 23andMe revealed that unauthorized access to customer profiles occurred through compromised accounts. Hackers exploited credentials stolen from other breaches to access 23andMe accounts.

23andMe told BleepingComputer in December that data for 6.9 million customers, including information on 6.4 million U.S. residents, was downloaded in the breach. The DNA testing giant has now agreed to pay $30 million to settle a lawsuit over the data breach.

While this settlement resolves some legal issues, it highlights the growing cost of cybersecurity failures.

23andMe to pay $30 million in genetics data breach settlement
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the…www.bleepingcomputer.com