Iranian nationals charged with hacking U.S. companies and agencies
On Tuesday, four Iranian nationals (Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab) were indicted in a Manhattan federal court for conducting cyber-espionage campaigns against the U.S. Treasury and State departments, defense contractors and two New York-based companies. The men are accused of using spear-phishing and other techniques to harvest hundreds of thousands of account credentials. The threat actors remain at large, but their U.S.-based assets have now been frozen and the State Department is offering a reward of up to $10 million for any information about the men or their employers. They each face up to five years in prison for computer fraud conspiracy and up to 20 years in prison for each count of wire fraud.
(CyberScoop and SecurityWeek and Bleeping Computer)
Siemens working to fix device affected by Palo Alto firewall bug
Siemens is rushing to fix a bug we reported last week on Cyber Security Headlines, that is affecting its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) virtual next-gen firewalls. The bug in question is a maximum severity zero-day command injection vulnerability (identified as CVE-2024-3400) that affects multiple versions of PAN-OS. Palo Alto said a growing number of attacks are leveraging public proof-of-concept exploit code to deploy a novel Python backdoor. Siemens’ advisory references Palo Alto’s recommendation to disable GlobalProtect gateway and GlobalProtect portal, which they point out are disabled by default in Ruggedcom APE1808 deployments.
Russian hackers claim cyberattack on Indiana water plant
Over the weekend, the threat actor known as the Cyber Army of Russia posted a video on its Telegram channel showing how they hacked systems of the Tipton Wastewater Treatment Plant. Tipton provides the city of Tipton and surrounding areas with electric power, water, and wastewater collection and treatment. An Indiana official confirmed that the plant suffered a cyberattack on Friday evening. Tipton’s general manager, Jim Ankrum, said, “TMU experienced minimal disruption and remained operational at all times.” Security research firm Mandiant recently reported that the Cyber Army of Russia has ties to the Russian state actor, Sandworm, which was responsible for a separate attack on a water facility in Muleshoe, Texas that caused a tank to overflow.
Microsoft pulls fix for Outlook bug behind ICS security alerts
Microsoft has rolled back a fix for a known Outlook issue that was causing errant security alerts when opening ICS calendar files. Upon opening ICS files saved on their devices, Microsoft 365 users were seeing warnings that “Microsoft Office has identified a potential security concern” and that “This location may be unsafe”. The issue stemmed from a December update that addressed an Outlook information disclosure vulnerability (CVE-2023-35636). As a temporary workaround users can use a registry key to disable the false notifications. However, it’s important to note that this fix will also stop security prompts for all other potentially dangerous file types.
Huge thanks to our sponsor, Veracode
South Korean officials discover defense contractor hacks
On Tuesday, South Korean authorities warned that North Korean threat actors, Lazarus, Andariel, and Kimsuky, have been leveraging vulnerabilities in the networks of defense companies or their subcontractors’ to exfiltrate data. Earlier this year, South Korea defense agencies conducted special inspections and better secure critical networks. The operation discovered multiple companies that had been compromised since late 2022 but were unaware of the breaches prior to the inspections. Authorities recommend that defense companies and their subcontractors implement network security segmentation, periodic password resets, two-factor authentication for critical accounts, and blocking foreign IP accesses.
New research discovers vulnerability in archived Apache project
A vulnerability has been uncovered in an archived Apache project called “Cordova App Harness,” that could lead to software supply chain attacks. Attackers could use techniques such as Typosquatting, RepoJacking, and dependency confusion to insert vulnerable dependencies in open-source software. Ultimately, the issue could lead to execution of arbitrary code on the host machine where the vulnerable application is deployed. Researchers highlight the risk associated with dependencies on archived open-source projects that may not receive regular security updates. They recommend conducting regular code security scans, avoiding use of deprecated projects, following best practices for configuring dependencies, and providing security education to developers.
Cops may soon use AI to generate reports from body cams
Taser maker and police contractor, Axon, has announced a new product called “Draft One,” which leverages OpenAI’s GPT-4 large language model to generate police reports from body cam audio. Critics are quick to point out that this use of AI could potentially lead to baseless accusations due to “hallucination” and further institutional ills like racial bias. Further, because police aren’t AI experts, they may not be well positioned to spot issues with AI outputs. Axon asserts that it has adjusted the AI model to ensure it can’t go off the rails. Axon’s CEO, Rick Smith, points out, “If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25 percent of an officer’s time to be back out policing.”
CompTIA supports DoD’s efforts to bolster cyber skills
On Tuesday, IT certification and training organization, CompTIA, announced that eight of its certifications are included in the U.S. Department of Defense’s (DoD) efforts to create a more diverse workforce to protect the nation’s information and infrastructure. The certifications cover 31 work roles ranging from technical support and network operations to cyber forensics, cyber policy and strategy, system development and management. CompTIA certifications are vendor-neutral, internationally recognized and accredited by the American National Standards Institute (ANSI).