EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines – Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host/Author: CISO Series
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters
Release Date: November 19, 2024

1. EPA Warns of Critical Risks in Drinking Water Infrastructure

Host Lauren Verno kicks off the episode by highlighting a troubling report from the EPA’s Office of Inspector General. The report uncovers significant vulnerabilities within the United States' drinking water infrastructure:

Scope of Vulnerabilities:
- Over 300 drinking water systems assessed.
- Potential impact on 110 million people.
- 97 systems (serving 27 million individuals) identified with critical or high severity issues.

Lauren Verno emphasizes the severity:

"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)

The Office of Inspector General warns that exploitation of these vulnerabilities could not only disrupt water services but also cause irreparable physical damage to the infrastructure.

2. Four Million WordPress Sites Exposed

A significant security breach within the WordPress ecosystem is addressed next:

Vulnerability Details:
- Affected Plugin: Really Simple Security.
- Impact: Over 4 million WordPress sites are vulnerable.
- Severity: CVSS score of 9.8, labeled as "one of the most serious vulnerabilities ever discovered in their 12-year history."

Lauren Verno relays the urgency:

"Researchers warn of a critical flaw in the really simple security plugin for WordPress sites." (02:15)

The flaw allows attackers to gain full administrative access, even on sites with two-factor authentication enabled, by exploiting improper error handling in the plugin's REST API. Users are strongly urged to upgrade to version 9.1.2, where the issue has been patched.

3. Sextortion Scams Bypass Microsoft Security Filters

The podcast delves into the evolving tactics of sextortion scammers:

Method of Bypass:
- Exploiting the Microsoft 365 admin portal.
- Utilizing legitimate O365MC and Microsoft.com addresses.
- Manipulating browser tools to bypass character limits in the Message Centers Share feature.

Lauren Verno explains the sophistication:

"Sextortion scams are getting more sophisticated." (04:45)

These scams manage to bypass spam filters, landing in users' focused inboxes. The fraudulent emails often detailed extortion claims, such as alleging infidelity or presenting pictures of the victim's home, and demand Bitcoin payments.

While Microsoft is aware and investigating the issue, server-side restrictions to prevent such attacks have yet to be implemented.

4. Foreign Attack on Library of Congress

A concerning breach targeting a prestigious institution is covered:

Breach Details:
- Target: Library of Congress.
- Nature: Unauthorized access to emails between Congressional offices and Library staff, including those from the Congressional Research Service.
- Timeline: January to September 2024.

Lauren Verno reports:

"The Library is working to determine which specific communications were compromised." (06:50)

Notably, the breach did not affect the House or Senate IT networks or US Copyright Office systems. The Library is diligently assessing the extent of the compromised communications.

5. Sponsored Segment: Threat Locker

A brief mention of sponsorship introduces Threat Locker, a cybersecurity solution provider:

Lauren Verno shares:

"Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance." (07:30)

Threat Locker offers tools to protect organizations from zero-day exploits and supply chain attacks, with US-based support ensuring smooth onboarding and operation. For more information, listeners are directed to visit threatlocker.com.

6. Cyberattack on AI Company I Learning Engines

The episode highlights a significant breach affecting an AI firm:

Incident Overview:
- Company: I Learning Engines.
- Impact: Theft of a $250,000 wire payment.
- Method: Hackers accessed the network, misdirected the payment, and deleted several email messages.
- Recovery Status: The wire payment has not been recovered.

Lauren Verno notes:

"I Learning Engines provides automation tools to more than a thousand companies in various sectors including healthcare, education, and retail." (09:10)

The attack underscores the vulnerability of companies handling automation tools across diverse industries.

7. Phobos Ransomware Operator Extradited to US

A notable development in international cybercrime is discussed:

Details:
- Accused: Russian national linked to the Phobos ransomware operation.
- Extradition: From South Korea to the United States.
- Phobos Ransomware: Active since 2020, responsible for breaches of over 1,000 entities globally.
- Financial Impact: Over $16 million in ransomware payments.
- Charges: 13 count indictment, potential 20 years in prison per wire fraud charge.

Lauren Verno states:

"He is accused of facilitating the distribution of ransomware, extorting victims, and profiting from the attacks." (10:25)

This case highlights ongoing international efforts to combat ransomware activities.

8. Palo Alto Responds to Fourth Exploited Flaw

Security updates from Palo Alto Networks are covered:

Vulnerability Details:
- Affected Product: Expedition firewall management tool.
- Issue: Critical, unauthenticated remote code execution vulnerability.
- Exploitation: Active exploitation, marking the fourth vulnerability in Expedition within a week.
- Response: Palo Alto has released patches to address the issue and is actively mitigating threats.

Lauren Verno mentions:

"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)

The rapid succession of exploited flaws emphasizes the need for vigilant security measures.

9. Oklahoma Medical Center Hit by Ransomware

A significant ransomware attack impacts healthcare:

Incident Overview:
- Facility: Great Plains Regional Medical Center, Oklahoma.
- Affected Individuals: Over 133,000 notified.
- Compromised Data: Personal information including names, Social Security numbers, health insurance details, and medical records.
- Timeline: Early September 2024.
- Attackers' Claim: No threat actor has taken credit yet.

Lauren Verno reports:

"The attackers accessed and encrypted files, exfiltrating sensitive information." (13:05)

This attack highlights the ongoing threats to healthcare data security.

10. Upcoming Segment: Cybersecurity Talent and Gatekeeping

The episode teases an upcoming discussion on cybersecurity talent acquisition:

Lauren Verno states:

"In working in cybersecurity, you need an inquisitive mind with an eye for problem solving. Yet so many organizations are turning a blind eye to talent who lack technical degrees." (14:20)

Listeners are invited to tune into the next episode where the topic "Once you show me your diploma, I'll explain why we don't gatekeep" will be explored, addressing how organizations can broaden their criteria to attract diverse talent for their security programs.

Notable Quotes

Lauren Verno:

"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)
Lauren Verno:

"Sextortion scams are getting more sophisticated." (04:45)
Lauren Verno:

"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)

Conclusion

This episode of Cyber Security Headlines by CISO Series provides a comprehensive overview of critical cybersecurity issues impacting various sectors, from infrastructure and web platforms to healthcare and international cybercrime. The detailed discussions underscore the evolving nature of cyber threats and the importance of proactive security measures. Additionally, the episode highlights the ongoing challenges in talent acquisition within the cybersecurity field, setting the stage for an insightful future discussion.

For more in-depth coverage of these headlines, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Tuesday, November 19, 2024. I'm Lauren Verno. EPA Warns of Critical Risk in Drinking Water Infrastructure A report from the EPA's Office of Inspector General reveals vulnerabilities in over 300 US drinking water systems potentially affecting service for 110 million people now. Among the thousand and sixty two systems assessed, 97 systems serving 27 million individuals had critical or high severity issues. Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information. The OIG went on to say that if a threat actor were to exploit any of the vulnerabilities they discovered, not only would service be disrupted, but it could cause irreparable physical damage to the drinking water infrastructure. Four million WordPress sites exposed described as, quote, one of the most serious vulnerabilities ever discovered in their 12 year history. End quote Researchers warn of a critical flaw in the really simple security plugin for WordPress sites. With a CVSS score of 9.8, the vulnerability affects over 4 million sites, allowing attackers to gain full administrative access to those with two factor authentication enabled by exploiting improper error handling in the plugin's REST API. Users are strongly urged to upgrade to version 9.1.2, where the issue has been patched Sextortion Scams Bypass Microsoft Security Filters Sextortion scams are getting more sophisticated. Threat actors are exploiting the Microsoft 365 admin portal to send those emails using legitimate O365MC and Microsoft.com address, which is able to bypass spam filters and reach users focused inboxes by manipulating browser tools to bypass character limits in the Message Centers Share feature. Scammers send detailed extortion claiming to have caught your spouse cheating or include pictures of your home demanding Bitcoin payments. Microsoft is aware of the issue and investigating, but server side restrictions have not yet been implemented. Foreign Attack on Library of Congress the Library of Congress has confirmed a cyber breach involving an alleged foreign actor into the unauthorized access of emails between Congressional offices and Library staff, including those from the Congressional Research Service. Now that happened between January and September of this year. While the breach did not impact the House or Senate IT networks or the US Copyright Office systems, the Library is working to determine which specific communications were compromised. Thanks to today's episode sponsor Threat Locker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US Based support team. To learn more about how Threat Locker can keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O C K E R AI Company out Quarter of a million in cyberattack AI company I Learning Engines reported a cyber attack that resulted in the theft of a 250,000 doll wire payment. Now, in an SEC filing, the company explained the hacker accessed its network, misdirected the payment and then deleted several email messages. The company says the wire payment has not been recovered. I Learning Engines provides automation tools to more than a thousand companies in various sectors including healthcare, education and retail. Phobos ransomware operator extradited to US A Russian national linked to the Phobos ransomware operation was extradited from South Korea to face cybercrime charges in the U.S. the Phobos ransomware as a service gang, which has been active since 2020, is responsible for breaches of over 1,000 entities globally, including schools, hospitals and nonprofits, resulting in over 16 million in ransomware payments. The accused was identified by the Justice Department as a key administrator and is accused of facilitating the distribution of ransomware, extorting victims and profiting from the attacks. He faces a 13 count indictment with a potential of 20 years in prison per wire fraud charge if convicted. Palo Alto responds to fourth exploited Flaw Palo Alto Networks issued an advisory about a critical, unauthenticated remote code execution vulnerability and its Expedition firewall management tool, which is under active exploitation. This marks the fourth vulnerability in Expedition to be exploited in just a week, following two additional critical flaws added to CISA's known exploited vulnerabilities catalog. Palo Alto has released patches to address the issue, which affects exposed firewall management interfaces, and the company says it is actively working to mitigate the threats. Oklahoma Medical center hit by Ransomware Great Plains Regional Medical center in Oklahoma is notifying over 133,000 individuals about a ransomware attack that compromised personal data in early September. The attackers access and encrypted files exfiltrating sensitive information including names, Social Security numbers, health insurance details and medical records, according to Security Week. No threat actor has taken credit for the attack to be successful. In working in cybersecurity, you need an inquisitive mind with an eye for problem solving. Yet so many organizations are turning a blind eye to talent who lack technical degrees. How do we move past this kind of criteria to find the talent we need for our security programs. That's one of the segments we'll be digging into on this week's episode of the CISO Series podcast. Look for the episode Once you show me your diploma, I'll explain why we don't gatekeep and your favorite podcast app. I'm Lauren Verno reporting for the CISO series.
[08:06]
A
Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.

Cyber Security Headlines – Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host/Author: CISO Series
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters
Release Date: November 19, 2024

1. EPA Warns of Critical Risks in Drinking Water Infrastructure

Scope of Vulnerabilities:
- Over 300 drinking water systems assessed.
- Potential impact on 110 million people.
- 97 systems (serving 27 million individuals) identified with critical or high severity issues.

Lauren Verno emphasizes the severity:

"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)

The Office of Inspector General warns that exploitation of these vulnerabilities could not only disrupt water services but also cause irreparable physical damage to the infrastructure.

2. Four Million WordPress Sites Exposed

A significant security breach within the WordPress ecosystem is addressed next:

Vulnerability Details:
- Affected Plugin: Really Simple Security.
- Impact: Over 4 million WordPress sites are vulnerable.
- Severity: CVSS score of 9.8, labeled as "one of the most serious vulnerabilities ever discovered in their 12-year history."

Lauren Verno relays the urgency:

"Researchers warn of a critical flaw in the really simple security plugin for WordPress sites." (02:15)

3. Sextortion Scams Bypass Microsoft Security Filters

The podcast delves into the evolving tactics of sextortion scammers:

Method of Bypass:
- Exploiting the Microsoft 365 admin portal.
- Utilizing legitimate O365MC and Microsoft.com addresses.
- Manipulating browser tools to bypass character limits in the Message Centers Share feature.

Lauren Verno explains the sophistication:

"Sextortion scams are getting more sophisticated." (04:45)

While Microsoft is aware and investigating the issue, server-side restrictions to prevent such attacks have yet to be implemented.

4. Foreign Attack on Library of Congress

A concerning breach targeting a prestigious institution is covered:

Breach Details:
- Target: Library of Congress.
- Nature: Unauthorized access to emails between Congressional offices and Library staff, including those from the Congressional Research Service.
- Timeline: January to September 2024.

Lauren Verno reports:

"The Library is working to determine which specific communications were compromised." (06:50)

Notably, the breach did not affect the House or Senate IT networks or US Copyright Office systems. The Library is diligently assessing the extent of the compromised communications.

5. Sponsored Segment: Threat Locker

A brief mention of sponsorship introduces Threat Locker, a cybersecurity solution provider:

Lauren Verno shares:

"Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance." (07:30)

6. Cyberattack on AI Company I Learning Engines

The episode highlights a significant breach affecting an AI firm:

Incident Overview:
- Company: I Learning Engines.
- Impact: Theft of a $250,000 wire payment.
- Method: Hackers accessed the network, misdirected the payment, and deleted several email messages.
- Recovery Status: The wire payment has not been recovered.

Lauren Verno notes:

"I Learning Engines provides automation tools to more than a thousand companies in various sectors including healthcare, education, and retail." (09:10)

The attack underscores the vulnerability of companies handling automation tools across diverse industries.

7. Phobos Ransomware Operator Extradited to US

A notable development in international cybercrime is discussed:

Details:
- Accused: Russian national linked to the Phobos ransomware operation.
- Extradition: From South Korea to the United States.
- Phobos Ransomware: Active since 2020, responsible for breaches of over 1,000 entities globally.
- Financial Impact: Over $16 million in ransomware payments.
- Charges: 13 count indictment, potential 20 years in prison per wire fraud charge.

Lauren Verno states:

"He is accused of facilitating the distribution of ransomware, extorting victims, and profiting from the attacks." (10:25)

This case highlights ongoing international efforts to combat ransomware activities.

8. Palo Alto Responds to Fourth Exploited Flaw

Security updates from Palo Alto Networks are covered:

Vulnerability Details:
- Affected Product: Expedition firewall management tool.
- Issue: Critical, unauthenticated remote code execution vulnerability.
- Exploitation: Active exploitation, marking the fourth vulnerability in Expedition within a week.
- Response: Palo Alto has released patches to address the issue and is actively mitigating threats.

Lauren Verno mentions:

"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)

The rapid succession of exploited flaws emphasizes the need for vigilant security measures.

9. Oklahoma Medical Center Hit by Ransomware

A significant ransomware attack impacts healthcare:

Incident Overview:
- Facility: Great Plains Regional Medical Center, Oklahoma.
- Affected Individuals: Over 133,000 notified.
- Compromised Data: Personal information including names, Social Security numbers, health insurance details, and medical records.
- Timeline: Early September 2024.
- Attackers' Claim: No threat actor has taken credit yet.

Lauren Verno reports:

"The attackers accessed and encrypted files, exfiltrating sensitive information." (13:05)

This attack highlights the ongoing threats to healthcare data security.

10. Upcoming Segment: Cybersecurity Talent and Gatekeeping

The episode teases an upcoming discussion on cybersecurity talent acquisition:

Lauren Verno states:

"In working in cybersecurity, you need an inquisitive mind with an eye for problem solving. Yet so many organizations are turning a blind eye to talent who lack technical degrees." (14:20)

Notable Quotes

Lauren Verno:

"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)
Lauren Verno:

"Sextortion scams are getting more sophisticated." (04:45)
Lauren Verno:

"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)

Conclusion

For more in-depth coverage of these headlines, listeners are encouraged to visit CISOseries.com.