Cyberhaven extension hacked, ZAGG data breach, Volkswagen cloud leak - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines – Episode Summary Hosted by CISO Series Release Date: December 30, 2024

The latest episode of Cyber Security Headlines by CISO Series delves into a series of alarming cybersecurity incidents impacting prominent organizations across various industries. Hosted by Steve Prentiss, the episode provides in-depth analysis of each breach, exploring the methods employed by threat actors, the affected entities, and the broader implications for cybersecurity practices.

1. Cyberhaven Chrome Extension Hijacked for Data Theft

Timestamp: [00:06]

Overview: Cyberhaven, a Palo Alto-based data loss prevention company, experienced a significant security breach on December 24, 2024. The breach occurred through a sophisticated phishing attack targeting an administrator account for the Google Chrome Store. As a result, at least five Chrome extensions associated with Cyberhaven were compromised.

Details: Threat actors injected information stealer code into a malicious version of the Cyberhaven extension. The malware was designed to siphon sensitive data from users, posing a severe risk to Cyberhaven's extensive clientele, which includes notable companies such as Snowflake, Motorola, Canon, Reddit, and MiraHealth.

Response: Cyberhaven's internal security team acted swiftly, removing the malicious package within an hour of detection. This rapid response likely mitigated further data loss and minimized the potential impact on customers.

Notable Quote: Steve Prentiss notes, “Cyberhaven's customers include Snowflake, Motorola, Canon, Reddit and MiraHealth as well as many others” ([00:06]).

2. ZAGG Data Breach Exposes Customer Credit Cards

Timestamp: [00:06]

Overview: ZAGG, a Utah-based manufacturer renowned for consumer electronics accessories, announced a data breach that compromised customers’ credit card information. The breach stemmed from a vulnerability in a third-party application used by ZAGG's e-commerce provider, BigCommerce Commerce.

Details: Between October 26th and November 7th, hackers infiltrated the Fresh Click app—a third-party application facilitating the creation of responsive websites for the BigCommerce platform. The attackers injected malicious code that specifically targeted and stole shoppers' credit card details.

Impact: Affected individuals are being notified about the unauthorized exposure of their financial information. The breach underscores the inherent risks associated with third-party applications in e-commerce environments.

3. Volkswagen Cloud Leak Exposes Sensitive Vehicle Data

Timestamp: [00:06]

Overview: Volkswagen software subsidiary Cariad suffered a significant breach involving Amazon Cloud storage. The breach, uncovered by Europe’s largest ethical hacker association, exposed sensitive information for approximately 800,000 electric vehicles across brands like Audi, Volkswagen, and Skoda.

Details: The compromised data included GPS coordinates, battery charge levels, and other vehicle status details. Experts caution that this data can potentially be linked to vehicle owners' personal credentials via VW Group's online services, increasing the risk of targeted attacks or privacy invasions.

Vulnerability: The data remained exposed for several months due to poor security configurations in the Amazon cloud storage system. Although only vehicles connected to the Internet and registered for online services were affected, the leak included high-profile customers such as German politicians, entrepreneurs, the Hamburg police force, and suspected intelligence service employees.

Security Measures: A Volkswagen representative stated that accessing the exposed data required bypassing multiple security mechanisms, necessitating significant technical expertise, thereby limiting the immediate risk.

Notable Quote: Prentiss shares, “The data stolen includes GPS coordinates, battery charge levels and other vehicle status details, but experts warn that such data can be easily connected to owners personal credentials” ([00:06]).

4. Four Faith Routers Exposed to New Exploit via Default Credentials

Timestamp: [00:07]

Overview: Researchers at Valncheck identified a high-severity flaw affecting Faith routers, specifically models F3X24 and F3X36. This vulnerability, classified as an operating system command injection bug (CVE-XXXX-XXXX) with a CVSS score of 7.2, is actively exploited in the wild.

Details: The exploit allows attackers to execute unauthorized commands on the router's operating system, potentially leading to complete device takeover. However, exploitation is contingent upon attackers either successfully authenticating or accessing the router through unchanged default credentials.

Manufacturer Background: Faith, a Beijing-based company, specializes in wireless communication technology, including 5G and AI solutions. The vulnerability highlights the critical importance of changing default credentials to bolster network security.

Notable Quote: Prentiss emphasizes, “This vulnerability has come under active exploitation in the wild” ([00:07]).

5. White House Criticizes Telecoms for SALT Typhoon Security Lapses

Timestamp: [00:07]

Overview: In a recent statement, the White House attributed the security breaches associated with the SALT typhoon hacks to inadequate cybersecurity measures within telecommunications companies. Deputy National Security Adviser Anne Neuberger addressed the vulnerabilities and the government's response.

Details: Neuberger highlighted that telecom companies failed to implement basic cybersecurity protocols across their IT infrastructures, facilitating the breaches. The Biden administration has been actively working on improving cybersecurity by distributing threat hunting guides and system hardening instructions to these companies.

Impact: Nine telecom companies have been affected by the SALT typhoon hacks, with the latest victim remaining unnamed. The White House also acknowledged ongoing challenges in ensuring that malicious actors have been fully eradicated from the telecom networks.

Additional Developments: Neuberger announced forthcoming cybersecurity updates to the Health Insurance Portability and Accountability Act (HIPAA), focusing on enhanced data protection measures for healthcare institutions.

Notable Quote: According to Prentiss, Neuberger stated, “the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure” ([00:07]).

6. HIPAA to Introduce Updated Cybersecurity Regulations

Timestamp: [00:07]

Overview: Anne Neuberger announced that HIPAA will undergo its first major security rule update in over a decade. The proposed regulations aim to strengthen data protection for healthcare institutions, addressing modern cybersecurity threats.

Key Changes:

Encryption Mandate: Healthcare entities will be required to encrypt all maintained healthcare data to safeguard against unauthorized access and breaches.
Network Monitoring: Continuous monitoring of networks for potential threats will become mandatory, ensuring proactive identification and mitigation of security incidents.
Compliance Checks: Regular compliance audits will be instituted to ensure that healthcare providers adhere to the new HIPAA security standards.

Implications: These updates signify a robust move towards enhancing data security within the healthcare sector, aligning with evolving technological landscapes and threat vectors.

Notable Quote: Prentiss relays Neuberger’s statement: “new cybersecurity rules covering how healthcare institutions protect user data will be proposed under the Health Insurance Portability and Accountability Act” ([00:07]).

7. Pro-Russian Hacking Group Targets Italian Infrastructure

Timestamp: [00:07]

Overview: The hacking group NoName57, identified as pro-Russian, has initiated a series of Distributed Denial of Service (DDoS) attacks targeting critical Italian infrastructure. Their primary targets include Malpensa and Linate airports near Milan, the Ministry of Foreign Affairs, and the Turin Transport Group.

Details: Despite the aggressive nature of these attacks, airport operations remained unaffected, illustrating the resilience and preparedness of the targeted institutions. The group justified their actions on their Telegram channel, claiming the attacks were retaliation against what they termed “Italian Russophobes.”

Context: Such cyberattacks highlight the geopolitical motivations driving certain hacking groups and the ongoing cyber warfare landscape affecting national infrastructure.

Notable Quote: Prentiss reports, “the attacks have had no impact on airport operations” ([00:07]).

8. Palo Alto Networks Addresses High-Severity PANOS Flaw

Timestamp: [00:07]

Overview: Palo Alto Networks has patched a critical vulnerability in its PANOS system, a flaw that could allow unauthenticated attackers to reboot firewalls by sending malicious packets through the data plane.

Details:

Vulnerability Details: The flaw, assigned a CVE number and a CVSS score of 8.7, posed a threat of denial-of-service (DoS) attacks on affected devices.
Affected Versions: PANOS versions 10.x and 11.x are susceptible, particularly if DNS security logging is enabled.
Mitigation: Palo Alto Networks urges users to apply the necessary patches immediately to prevent potential exploitation.

Impact: The vulnerability could potentially render firewalls inoperable, forcing them into maintenance mode and disrupting network security operations.

Notable Quote: Prentiss explains, “this flaw... could trigger denial of service on vulnerable devices” ([00:07]).

Additional Highlights:

Sponsored Segment: The episode includes a sponsorship message from ThreatLocker, promoting their proactive cybersecurity solutions designed to protect organizations from ransomware and supply chain attacks. ThreatLocker emphasizes their default deny approach and comprehensive audit capabilities, supported by a US-based team.
Call to Action: Listeners are encouraged to subscribe to the CISO Series on YouTube for original content, including demos, interviews, and live streams of the Week in Review.

Conclusion: This episode of Cyber Security Headlines underscores the escalating sophistication of cyber threats targeting various sectors, from data theft via browser extensions to vulnerabilities in cloud storage and critical infrastructure attacks. The discussions emphasize the urgent need for robust cybersecurity measures, proactive monitoring, and continuous updates to security protocols to safeguard against evolving threats.

For detailed stories behind these headlines and more, visit CISOsseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Monday, December 30, 2024. I'm Steve Prentiss. Cybersecurity Company's Chrome Extension hijacked for data Theft cyberhaven is a data loss prevention company based in Palo Alto. On December 24, it suffered a breach as a result of a successful phishing attack on an administrator account for the Google Chrome Store. This resulted in at least five Chrome extensions being compromised by threat actors who injected information stealer code through a malicious version of the Cyber Haven extension. Cyberhaven's customers include Snowflake, Motorola, Canon, Reddit and mirahealth as well as many others. The company's internal security team removed the malicious package within an hour of detection. Hackers steal Zag customer credit cards in third party breach the Utah based manufacturer of consumer electronics accessories including screen protectors, phone cases, keyboards and power banks is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third party application provided by the company's e commerce provider BigCommerce Commerce. In this incident, which occurred between October 26th and November 7th, the attacker breached the Fresh Click app provided by BigCommerce and injected malicious code that stole shoppers car details. FreshClick is a third party app not built by BigCommerce, but which helps create applications and responsive websites for the BigCommerce platform. Volkswagen software company Cariad suffers Amazon Cloud breach the breach, discovered by Europe's largest ethical hacker association, revealed that sensitive information for 800,000 electric vehicles from brands such as Audi, Volkswagen and Skoda were left exposed on a poorly secured and misconfigured Amazon cloud storage system. The data stolen includes GPS coordinates, battery charge levels and other vehicle status details, but experts warn that such data can be easily connected to owners personal credentials thanks to additional data accessible through VW Group's online services. The data had been vulnerable for months. However, a carrier representative said that the exposed data affected only vehicles connected to the Internet and which had been registered for online services. The representative continued saying that the data could only be accessed after bypassing several security mechanisms that required significant time and technical expertise. An investigation by the German magazine Spiegel shows that the list of affected customers includes German politicians, entrepreneurs, the entire fleet of the Hamburg police force and even suspected intelligence service employees. Four Faith routers exposed to new exploit due to default credentials According to researchers at Valncheck, this is a high severity flaw being an operating system command injection bug affecting router models F3X24 and F3X36 with a CVE number and a CVSS score of 7.2. The researchers say this vulnerability has come under active exploitation in the wild. However, the exploit only works if the attackers successfully authenticate themselves or if the router's default credentials have not been changed. For faith spelled F O U R F A I T H is a Beijing based manufacturer of wireless communication technology 5G and AI. Thanks to today's episode's sponsor, ThreatLocker. Do zero day exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with ThreatLocker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that is T H R E A T L O C K-E R.com White House blames Telcom's lax security for SALT typhoon the White House stated on Friday that as the US Government continues to assess the damage caused by the SALT typhoon hacks, the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure. Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, told reporters that the Biden administration has further zeroed in on how these companies can improve their cybersecurity, particularly by sharing threat hunting guides and instructions for hardening of systems. These guides, shared with telecom companies, have unearthed a new victim, bringing the total of affected telecom companies to nine, although the name of this ninth company has not been mentioned. Furthermore, the White House still cannot definitively say the actors have been removed from the telecom networks. HIPAA to be updated with cybersecurity regulations Additional news from Anne Neuberger's Friday press conference reveals that new cybersecurity rules covering how healthcare institutions protect user data will be proposed under the Health Insurance Portability and Accountability Act. Neuberger described this as the first update to HIPAA's security rule in over a decade and will require entities who maintain healthcare data to encrypt it. In addition, healthcare entities also will have to monitor their networks for threats and do compliance checks to see whether they are abiding by the new HIPAA rules. End quote Pro Russia hacking group targets Italian sites, including airports. The group NoName57 has launched a new series of DDoS attacks against Italian infrastructure, targeting the websites for Malpensa and Linate airports, both near Milan, as well as the site of the Ministry of Foreign affairs and the Turin Transport Group. According to Security affairs, the attacks have had no impact on airport operations. The hacking group stated on its Telegram channel that the attacks were their response to what they call Italian Russophobes. Palo Alto Networks fixes high severity PANOS flaw this flaw, which has a CVE number and a CVSS score of 8.7, could trigger denial of service on vulnerable devices, allowing an unauthenticated attacker to reboot the firewall by sending a malicious packet through its data plane, forcing the firewall into maintenance mode. The vulnerability affects pan OS versions 10 dot anything and 11 anything, but can be exploited only if DNS security logging enabled. Remember to subscribe to the CISO series on YouTube. We publish original demos, interviews and clips from our show and we host our Week in Review livestream there. If you enjoy the CISO series and you haven't checked it out, just search for ciso series on YouTube and you will find us. I'm Steve Prentiss reporting for the CISO series.
[07:46]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.

Cyber Security Headlines – Episode Summary Hosted by CISO Series Release Date: December 30, 2024

1. Cyberhaven Chrome Extension Hijacked for Data Theft

Timestamp: [00:06]

Notable Quote: Steve Prentiss notes, “Cyberhaven's customers include Snowflake, Motorola, Canon, Reddit and MiraHealth as well as many others” ([00:06]).

2. ZAGG Data Breach Exposes Customer Credit Cards

Timestamp: [00:06]

3. Volkswagen Cloud Leak Exposes Sensitive Vehicle Data

Timestamp: [00:06]

4. Four Faith Routers Exposed to New Exploit via Default Credentials

Timestamp: [00:07]

Notable Quote: Prentiss emphasizes, “This vulnerability has come under active exploitation in the wild” ([00:07]).

5. White House Criticizes Telecoms for SALT Typhoon Security Lapses

Timestamp: [00:07]

6. HIPAA to Introduce Updated Cybersecurity Regulations

Timestamp: [00:07]

Key Changes:

Encryption Mandate: Healthcare entities will be required to encrypt all maintained healthcare data to safeguard against unauthorized access and breaches.
Network Monitoring: Continuous monitoring of networks for potential threats will become mandatory, ensuring proactive identification and mitigation of security incidents.
Compliance Checks: Regular compliance audits will be instituted to ensure that healthcare providers adhere to the new HIPAA security standards.

Implications: These updates signify a robust move towards enhancing data security within the healthcare sector, aligning with evolving technological landscapes and threat vectors.

7. Pro-Russian Hacking Group Targets Italian Infrastructure

Timestamp: [00:07]

Context: Such cyberattacks highlight the geopolitical motivations driving certain hacking groups and the ongoing cyber warfare landscape affecting national infrastructure.

Notable Quote: Prentiss reports, “the attacks have had no impact on airport operations” ([00:07]).

8. Palo Alto Networks Addresses High-Severity PANOS Flaw

Timestamp: [00:07]

Details:

Vulnerability Details: The flaw, assigned a CVE number and a CVSS score of 8.7, posed a threat of denial-of-service (DoS) attacks on affected devices.
Affected Versions: PANOS versions 10.x and 11.x are susceptible, particularly if DNS security logging is enabled.
Mitigation: Palo Alto Networks urges users to apply the necessary patches immediately to prevent potential exploitation.

Impact: The vulnerability could potentially render firewalls inoperable, forcing them into maintenance mode and disrupting network security operations.

Notable Quote: Prentiss explains, “this flaw... could trigger denial of service on vulnerable devices” ([00:07]).

Additional Highlights:

Sponsored Segment: The episode includes a sponsorship message from ThreatLocker, promoting their proactive cybersecurity solutions designed to protect organizations from ransomware and supply chain attacks. ThreatLocker emphasizes their default deny approach and comprehensive audit capabilities, supported by a US-based team.
Call to Action: Listeners are encouraged to subscribe to the CISO Series on YouTube for original content, including demos, interviews, and live streams of the Week in Review.

For detailed stories behind these headlines and more, visit CISOsseries.com.