EPA warns of critical risks in drinking water infrastructure
A report from the EPA’s Office of Inspector General (OIG) reveals vulnerabilities in over 300 U.S. drinking water systems, potentially affecting service for 110 million people. Among 1,062 systems assessed, 97 systems serving 27 million individuals had critical or high-severity issues. Exploitable flaws could lead to denial-of-service attacks, physical infrastructure damage, or compromised customer information. The OIG went on to say that if a threat actor were to exploit any of the vulnerabilities they discovered not only would service be disrupted but it could cause irreparable physical damage to the drinking water infrastructure.
Four million WordPress sites exposed
Described as “one of the most serious vulnerabilities ever discovered in their 12-year history,” researchers warn of a critical flaw, tracked as CVE-2024-10924, in the Really Simple Security Plugin for WordPress sites. With a CVSS score of 9.8, the vulnerability affects over 4 million sites, allowing attackers to gain full administrative access to those with two-factor authentication enabled by exploiting improper error handling in the plugin’s REST API. Users are strongly urged to upgrade to version 9.1.2, where the issue has been patched.
Sextortion scams bypass Microsoft security filters
Sextortion scams are getting more sophisticated. Threat actors are exploiting the Microsoft 365 Admin Portal to send sextortion emails, using the legitimate “o365mc@microsoft.com” address which is able to bypass spam filters and reach users’ focused inboxes. By manipulating browser tools to bypass character limits in the Message Center’s “Share” feature, scammers send detailed extortion, claiming to have ‘caught your spouse cheating’ or ‘include pictures of your home’ demanding Bitcoin payments. Microsoft is aware of the issue and investigating, but server-side restrictions have not yet been implemented.
Foreign attack on Library of Congress
The Library of Congress has confirmed a cyber breach involving an alleged foreign actor into the unauthorized access of emails between congressional offices and library staff, including those from the Congressional Research Service, between January and September 2024. While the breach did not impact the House or Senate IT networks, or the U.S. Copyright Office systems, the library is working to determine which specific communications were compromised.
Huge thanks to our sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
AI company out quarter of a million in cyber attack
AI company iLearningEngines reported a cyberattack that resulted in the theft of a $250,000 wire payment. In an SEC filing, the company explained the hacker accessed its network, misdirected the payment, and deleted several email messages. The company says the wire payment has not been recovered. iLearningEngines provides automation tools to more than 1,000 companies in various sectors including, healthcare, education and retail.
Phobos ransomware operator extradited to U.S.
A Russian national linked to the Phobos ransomware operation, was extradited from South Korea to face cybercrime charges in the U.S. The Phobos ransomware-as-a-service gang, which has been active since 2020, is responsible for breaches of over 1,000 entities globally, including schools, hospitals, and nonprofits, resulting in over $16 million in ransom payments. The accused was identified by the Justice Department as a key administrator and is accused of facilitating the distribution of ransomware, extorting victims, and profiting from the attacks. He faces a 13-count indictment with the potential for 20 years in prison per wire fraud charge if convicted.
Palo Alto responds to fourth exploited flaw
Palo Alto Networks (PAN) issued an advisory about a critical unauthenticated remote code execution vulnerability (CVE-2024-0012) in its Expedition firewall management tool, which is under active exploitation. This marks the fourth vulnerability in Expedition to be exploited in just a week, following two additional critical flaws added to CISA’s Known Exploited Vulnerabilities catalog. PAN has released patches to address the issue, which affects exposed firewall management interfaces, and the company says it is actively working to mitigate the threats.
Oklahoma medical center hit by ransomware
Great Plains Regional Medical Center in Oklahoma is notifying over 133,000 individuals about a ransomware attack that compromised personal data in early September. The attackers accessed and encrypted files, exfiltrating sensitive information, including names, Social Security numbers, health insurance details, and medical records. According to Security Week no threat actor has taken credit for the attack.