The Daily Decrypt The Digital Security Collective

In today's episode, we explore a critical GitHub Enterprise Server vulnerability (CVE-2024-4985) that allows authentication bypass and the necessary updates for protection (https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html), EPA's enforcement actions against water utilities lacking cybersecurity measures (https://www.cybersecuritydive.com/news/epa-enforcement-water-utilities-cyber/716719/), and newly discovered security flaws in the Python package llama_cpp_python (CVE-2024-34359) and Firefox's PDF.js library (CVE-2024-4367), highlighting potential risks and the importance of vigilant security practices (https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html).



00:00 Cybersecurity Threats to US Water Utilities



01:02 Deep Dive into Water Utility Cybersecurity Flaws



03:26 Strategies for Enhancing Cybersecurity in Water Utilities



04:49 EPA's Enforcement Actions and the Importance of Cybersecurity



06:38 GitHub Enterprise Server's Critical Security Flaw



08:00 Emerging Cybersecurity Threats and Updates



Tags: GitHub, Enterprise Server, CVE, SAML SSO, cybersecurity, vulnerability, GitHub updates, EPA, cyberattacks, water utilities, vulnerabilities, security enforcement, Checkmarx, Llama Drama, Mozilla, PDF.js



Search Phrases:




GitHub Enterprise Server CVE-2024-4985 vulnerability



SAML SSO security breach in GitHub



How to secure GitHub Enterprise Server



EPA cyberattack vulnerabilities in water utilities



Steps to mitigate water utility cyber threats



Llama Drama security flaw in llama_cpp_python



High-severity vulnerability in Mozilla PDF.js



Protecting systems from PDF.js exploits



Checkmarx reports on Llama Drama



Latest cybersecurity vulnerabilities December 2023




May22



The EPA has announced that over 70% of us water utilities inspected are vulnerable to cyber attacks due to outdated security measures like default passwords and single log-ins.



What specific vulnerabilities put major water utilities at risk. And how is the EPA planning to address them?



A high severity vulnerability in Mozilla's PDF dot JS have been uncovered allowing threat actors to execute arbitrary code and. Compromise millions of systems globally. What methods can users implement to help protect their systems from these vulnerabilities?



And finally an alarming get hub enterprise server vulnerability now threatens unauthorized administrative access through.



SAML single sign-on prompting crucial updates. From GitHub to prevent exploitation.



How can organizations secure their get hub enterprise server instances against this vulnerability?



You're listening to the daily decrypt.



The environmental protection agency or EPA announced that the majority of us water utilities.



The inspected are vulnerable to cyber attacks due to using default passwords and single log-ins.



And to get a little more specific over 70% of water utilities that were inspected since September of last year, failed to comply with the safe drinking water act. By commonly using single log-ins for multiple employees. And not revoking access for former employees.



So being a cybersecurity professional, it's really hard for me to even imagine using the same login as somebody else. This is such a terrible idea for many reasons.



Some of which are obvious and some of which might not be like, first of all, multiple people know your password.



Which is kept. Under wraps. Like if it's kept locked down, that's not a huge issue, but it's not being kept locked down. If this is a practice it's not being kept, locked down.



So what if one of the people who's using that log in?



Already has that password memorized and they decide to use it on a different site.



Maybe even with that same email address and that site gets breached.



And the email address is probably water company related.



So any attacker that comes across these credentials will ins

In today's episode, a UK engineering firm Arup was scammed of £20m through a deepfake incident where an employee fell victim to AI-generated video calls. The incident sheds light on the increasing sophistication of cyber attackers and the need for better awareness on deepfake technology. Meanwhile, the Jumio 2024 Online Identity Study reveals consumer concerns over deepfakes, with a call for more governmental regulation of AI to combat cybercrime. The US Justice Department exposed a scheme enabling North Korean IT workers to bypass sanctions, highlighting the risks associated with remote work and the importance of identifying potential threats. Original URLs: 1. https://www.theguardian.com/technology/article/2024/may/17/uk-engineering-arup-deepfake-scam-hong-kong-ai-video.2. https://www.helpnetsecurity.com/2024/05/20/consumers-online-identity-fraud/.3. https://www.helpnetsecurity.com/2024/05/17/north-korean-it-workers/



Arup, Engineering, Deepfake, Cyberattacks, deepfakes, generative AI, digital security, identity fraud



Search Phrases:




Arup deepfake cyber-attacks



How to protect companies from deepfake scams



Consumer awareness about deepfakes and generative AI



Collaborating to enhance digital security measures



Preventing identity fraud with advanced technology



North Korean IT workers evasion scheme



Sanctions evasion by North Korean IT workers



Identifying and protecting organizations from North Korean IT workers



Deceptive employment schemes by North Korean workers



US companies and North Korean IT worker sanctions




May21



The us justice department has uncovered a scheme involving north Korean. It workers evading sanctions by working remotely for us companies under assumed identities, which has resulted in millions of dollars generated for the DPRK.



What signs can help companies identify north Korean it workers posing as us freelancers.



Consumers consistently overestimate their ability to spot deep, fake videos with 60% believing they could detect one. Despite rising concerns over the risks posed by generative AI.



How can businesses and consumers collaborate to enhance digital security measures and prevent identity fraud in the face of increasing deep fake technology.



And in that same realm Arup,



which is a leading UK engineering firm. Fell prey to a 20 million euro, deep fake scam where AI generated video calls, duped a Hong Kong employee into transferring vast sums to criminals.



How can businesses protect themselves from sophisticated schemes?



Involving deep fake videos.



You're listening to the daily decrypt.



The us justice department has uncovered a scheme.



Where individuals from North Korea.



Are posing as us freelancers and getting jobs at us companies under these false identities.



These individuals will utilize us payment platforms, online job sites and proxy computers within the U S to deceive.



The United States employers. They particularly target fortune 500 companies. Like major television networks. Silicon valley tech firms. And they've even attempted infiltration of us government agencies.



So these individuals have been aided by.



A few different us citizens. Including one that would create accounts on us job sites and then sell them to north Koreans.



Or another us woman who operated a quote laptop farm, where she essentially just had a bunch of laptops and let. Adversaries remote in looking like they were in the United States.



This scheme ran from 2020 all the way to 2023. And amassed over $6.8 million for North Korea.



But. Officially both of the individuals who are responsible for all of these fake employments have been apprehended.



And are awaiting extradition to the United States for their trial.



So, obviously this is going to be pretty tough to spot.



Because first of all, resumes for these fraudulent. Applicants are going to look really good. So they're probably going to get the interview based on their resume

In today's episode, researchers unveiled a new security vulnerability dubbed SSID Confusion attack exploiting a flaw in the IEEE 802.11 Wi-Fi standard, allowing malicious actors to manipulate victims into connecting to rogue networks to eavesdrop on their traffic. The breach forum known as BreachForums was seized by law enforcement agencies, marking the second takedown within a year. Also, the Kimsuky hacking group has launched a social engineering attack targeting activists in North Korea and anti-North Korea sectors by impersonating individuals on Facebook Messenger to distribute malware. The episode further delves into the sophisticated malware that infected the Linux kernel.org infrastructure for two years, compromising encrypted password data and providing insights into the propagation tactics employed by the malware. Original URLs:



1. https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html



2. https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html



3. https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html



4. https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/



Search phrases: 1. Preventing SSID Confusion attack 2. Protecting network traffic from Wi-Fi spoofing 3. Law enforcement takedown of cybercrime forums 4. Fate of Baphomet and ShinyHunters 5. Kimsuky hacking group tactics 6. Social engineering attacks on Facebook Messenger 7. Malware targeting North Korean activists 8. Linux malware infection 9. Ebury malware impact on network security 10. Minimizing Ebury malware spread







[00:00:00] A new security vulnerability known as the SSI D confusion attack manipulates devices, and to connecting to a different, less secure network than intended. Potentially exposing users, traffic. How can the SSI D confusion attack be prevented? And what steps should users take to protect their network traffic from being intercepted through wifi spoofing.



 Law enforcement agencies in collaboration with the FBI and international partners from Australia, Iceland, New Zealand, Switzerland, the UK and Ukraine have taken down the cyber crime forum breach forums for the second time.



 The Kim Suki hacking group is leveraging fake Facebook accounts to launch social engineering attacks via messenger. Targeting activists in the north Korean human rights and anti north Korean sectors with malware delivered through decoy documents.



 The Linux operating systems, Colonel infrastructure was infected by malware revealing the theft of encrypted password data from over [00:01:00] 550 system users and allowing attackers to send spam from the servers.



How can organizations minimize the spread and impact of the Ebery malware to prevent disruptions to the network security?



 You're listening to the daily decrypt.



 Imagine connecting to your trusted wifi network only to find out later that an attacker intercepted your traffic.



Wifi is pretty important technology. Allows us to connect our devices to the internet wirelessly. We rely on different.



Coffee shops, vendor locations to connect to the internet and maybe in some areas where we are. Sell services. And to reliable, we'll use local wifi. I often have to use target wifi because the target in my area is in a cellular dead zone. So it's pretty crucial for. Day-to-day lives.



The SSI de confusion attack impacts all operating systems and wifi clients, including home and mesh networks using WEP w P a 3 8 [00:02:00] 0 2 11 X E a P and a M P E protocols. That's a lot of jargon for all the different security standards that come with wifi. The method involves downgrading victims to a less secure network by spoofing a trusted network name or SSI D so attackers can intercept to their traffic to carry out further attacks.



Now the SSI D stands for service set identifier, essentially the name of a wifi network.



It help

In today's episode, we discuss the exploitation of a new zero-day vulnerability (CVE-2024-4761) in Google Chrome, prompting emergency fixes from Google. Users are advised to update to Chrome version 124.0.6367.207/.208 to mitigate potential threats (https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html). Additionally, Apple has backported a patch to iOS 16 branch to fix CVE-2024-23296 and introduced a new Bluetooth tracker alert feature in iOS 17 to warn users about unknown Bluetooth trackers (https://www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/). The impact of return-to-office mandates at tech giants like Apple, Microsoft, and SpaceX on employee retention, particularly among senior talent, is also discussed, shedding light on the potential negative effects of such policies (https://arstechnica.com/information-technology/2024/05/rto-mandates-led-to-pronounced-exodus-of-senior-workers-at-top-tech-firms/).



00:00 The Great Tech Exodus: Navigating Return to Office Mandates



00:55 Deep Dive into Return to Office Policies and Their Impact



04:54 Exploring Apple's Cybersecurity Enhancements



07:15 Navigating the Threat Landscape: Google Chrome's Zero Day Vulnerability



Search Phrases: Apple, Cyber threats, iOS patches, Bluetooth tracker alert, Cybersecurity measures, CVE-2024-23296, MarketplaceKit vulnerability, Return-to-office mandates, Senior-level employees, Remote work, Workforce management, Employee morale, Attrition



may15



Return to office mandates at major tech companies like apple, Microsoft, and space X. Have led to a significant Exodus of senior level employees.



How can these tech companies manage their workforce effectively while avoiding the negative impact of return to office mandates?



On employee morale and attrition. .



In Apple's most recent update they've added.



A Bluetooth tracker alert.



To alert the user, if an unexpected Bluetooth tracker is in their proximity.



How else is apple enhancing cybersecurity measures. For iOS users. And finally an emergency fix has been rolled out by Google to address the new zero day vulnerability in Google Chrome. Which is being actively exploited in the wild posing, a serious threat to compromised hosts.



How can users protect themselves from the zero day vulnerability in Google Chrome?



You're listening to the daily decrypt. All right. Let's talk about return to office or RTO.



If you work in tech. Specifically cybersecurity. You've probably been impacted by this since the Dawn of COVID.



Or at least know somebody who's been impacted by this.



I personally work on a team of developers who were all hired remotely.



With no expectation set that they'll have to return to the office and.



They're all pretty peeved because now they're having to return to the office and we're losing good talent.



And the team's morale is just a little lower.



Because it's one thing to be hired with the expectation of moving to an office, which is actually how I was hired. And I did move closer to an office.



But it's another thing.



To be hired with the expectation of never having to, and then having to.



So a recent study conducted by researchers from the university of Chicago and the university of Michigan revealed that returned to office mandates at tech giants, like apple, Microsoft, and SpaceX have led to a significant Exodus of senior level employees.



And this study did pose a thought that I had never really considered as to why senior level.



Employees would be leaving specifically ones in management. And that's because they prefer not to manage teams that are inherently unhappy about policies at their. Company.



So if their whole team is upset about returning to office, That's going to directly impact their job satisfaction because there's nothing they can do. They can't change company policy. They can just. Make sure their leaders are aware that their teams are upset and

In today's episode, MITRE debuted EMB3D, a threat model enhancing cybersecurity of embedded devices through collaboration with industry experts. The model aligns with existing frameworks and suggests mechanisms to mitigate threats, aiming to fortify the security ecosystem. Separately, the Black Basta ransomware group's new social engineering tactics, combining email DDoS and vishing, have been exposed by CISA and FBI, underscoring the importance of vigilance against evolving attack vectors in cybersecurity. Lastly, LayerX's 2024 Browser Security Report sheds light on browser risks in enterprises, urging leaders to address vulnerabilities and recommending proactive security measures. For more information, visit https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/, https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/, and https://thehackernews.com/2024/05/the-2024-browser-security-report.html.



EMB3D, cybersecurity, embedded devices, collaborative efforts, Black Basta, campaign, vishing, ransomware, LayerX, browser extensions, AI-powered threats, enterprise



Search phrases:




EMB3D cybersecurity threat model for embedded devices



collaborative efforts in EMB3D model development



challenges in embedded device security



Black Basta social engineering campaign



Black Basta ransomware group access methods



protecting organizations from Black Basta vishing techniques



LayerX browser extensions security risks



AI-powered threats in browser security



mitigating browser-based risks in enterprise



protecting sensitive data in the enterprise




Transcript:



may14



​



Every web session is a security minefield with unmanaged devices, browser extensions, and AI powered threats posing significant risks. This was revealed



in the 2024 Browser Security Report by LayerX. What steps can security leaders take to mitigate these evolving browser based risks and protect sensitive data in the enterprise? Black Basta is at it again, utilizing a new social engineering campaign, combining email DDoS and vishing techniques to trick employees into downloading remote access tools.



What steps can organizations take to protect themselves from falling victim to these social engineering tactics?



And finally, MITRE has just released a new framework. called EMBED, which is a security threat model for embedded devices, which will provide a knowledge base of cyber threats to embedded devices, and the mechanisms required to mitigate them.



How will this model address the evolving challenges in embedded device security? You're listening to The Daily Decrypt.



LayerX has just released the annual browser security report for 2024, and it reveals that browsers have become a prime target for cyberattacks, leading to various threats like account takeovers, malicious extensions, and phishing attacks within enterprises. The report highlights that unmanaged devices and personal browser profiles are major risk factors, with 62 percent of the workforce using unmanaged devices and 45 percent using personal browser profiles,



which can increase the likelihood of data leaks or phishing incidents. Approximately 33 percent of all extensions in organizations are deemed high risk, with 1 percent confirmed. As malicious attackers exploit deceptive extensions to compromise user data and direct users to phishing sites.



Now browsers are in a very. unique position to be either very beneficial or very harmful to users because they sit between you and the websites that are trying to get your information.



And we, as users, don't treat browsers this way. We treat them just the same. like a window on our computer,



but they're responsible for communicating with the internet.



And so, yeah, they have the opportunity to implement security measures that can help protect us from these attacks that happen in the browser, or they have the opportunity to provide malicious extensions



and other mechanisms f

In today's episode, the discussion revolves around the efficacy of password protection methods, contrasting software and hardware encryption for data security. While software encryption comes with convenience, it can be prone to attack methods like brute force, making hardware-encrypted drives a more secure choice, especially for sensitive data protection. Additionally, insights are shared on the Biden administration's plans to hold the software industry accountable for insecure software, focusing on creating incentives for cybersecurity investment. Furthermore, Microsoft's recent cybersecurity overhaul showcases a shift towards prioritizing security over new features, highlighting the importance of executive accountability and incentive structures for ensuring robust security practices.



https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/, https://www.cybersecuritydive.com/news/white-house-software-accountable-security/715797/, https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/



Search Phrases:




data theft prevention methods



cybersecurity measures for data protection



Biden administration liability framework software industry



Microsoft cybersecurity initiative executives



software liability framework impact on industry



cybersecurity governance model Microsoft executives compensation




[00:00:00] Passwords versus encryption. How can individuals and businesses prevent data theft and hacking through proper encryption methods beyond simple password protection.



 The Biden administration seeks to establish a liability framework to hold the software industry accountable for insecure software and an effort to shift the security burden away from users and onto the industry. What measures are being taken by federal officials to incentivize longterm investment in cybersecurity through a software liability framework. And how will this shift impact the industry and consumers?



 Microsoft is leading a new cybersecurity initiative with the compensation for senior executives being linked to security standards, fostering a company wide security first approach that emphasizes accountability.



How has Microsoft revamped its cybersecurity governance model. And why is this [00:01:00] tying executive compensation to security? Promoting a stronger focus on cyber security within the company. You're listening to the daily decrypt.



 Password protection versus encryption. This is an interesting article from health net security titled how secure is the password protection? On your files and drives it. Discusses.



While password protection may be, can be lenient. It can be easily circumvented making it vulnerable to hacking attempts.



In some instances, password protection does use a form of encryption, and we're going to discuss a couple of different types of encryption in that software encryption and hardware encryption. And we'll go have a little bit of the differences there.



Software encryption is a way of protecting information on computers and systems online by turning readable data like texts in a document or a message into a scrambled unreadable format.



Imagine you have a letter that you want to send securely, you put it in a box and lock it with a key. You [00:02:00] send the locked box and the recipient uses a copy of the key to open it and read the letter. And software encryption. The box is the encryption technology and the letter is your data.



Many office applications. Do you offer software encryption to protect files? However software encryption has security drawbacks, such as being susceptible to brute force attacks and relying on a single point of failure, like a user's password or encryption keys.



Hardware encryption. Is similar to software encryption in that it protects data by converting it into a scrambled unreadable format. However, instead of using software to perform this process, hardware encryption relies on a physic