Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma
Daily Archives: July 22, 2024
A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution
A vulnerability has been discovered in Cisco Secure Email Gateway that could allow for remote code execution. Cisco Secure Email Gateway is an email security product that uses signature analysis and machine learning to identify and block malicious emails before they reach recipients inboxes. Successful exploitation could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.
exim-4.98-2.el8
FEDORA-EPEL-2024-0f1d365d9d
Packages in this update:
exim-4.98-2.el8
Update description:
This is an update enabling SRS support.
This is new version of exim fixing CVE-2024-39929.
Ransomware Groups Fragment Amid Rising Cybercrime Threats
Europol also said that multi-layered extortion tactics in ransomware are becoming more common
Meet the Shared Responsibility Model with New CIS Resources
Looking to harden cloud services you might be using with the CIS Benchmarks? Here are some new resources to help you meet the shared responsibility model.
USN-6904-1: PyMongo vulnerability
It was discovered that PyMongo incorrectly handled certain BSON.
An attacker could possibly use this issue to read sensitive information
or cause a crash.
xdg-desktop-portal-hyprland-1.3.3-2.fc39
FEDORA-2024-295a735fbc
Packages in this update:
xdg-desktop-portal-hyprland-1.3.3-2.fc39
Update description:
Update to 1.3.3
https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
xdg-desktop-portal-hyprland-1.3.3-2.fc40
FEDORA-2024-61c5b8951b
Packages in this update:
xdg-desktop-portal-hyprland-1.3.3-2.fc40
Update description:
Update to 1.3.3
https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
Snake Mimics a Spider
4 “Low-Priority” Online Threats That Can Inflict Serious Brand Damage
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Companies constantly face a multitude of threats online. Understandably, there is no way for them to deal with all of the attacks given their limited resources and the time-consuming nature of continuous threat detection and prevention. As such, some threats are prioritized over others, depending on their urgency. This leads to threats being classified as “low-priority”, especially when it comes to brand protection. Some are even ignored altogether, especially by organizations that do not consider themselves big enough to be targeted by a brand attack.
To be clear, these “low-priority” threats are not necessarily petty or negligible attacks. Despite that, most companies pay little to no attention to them because they are perceived to have no serious impact on their economic and reputational well-being. But in reality, brand attacks have been surging in 2024. This article will dive into these threats and explain why companies should think to the contrary and take them more seriously.
Website Impersonation
Website impersonation attacks used to be primarily aimed at large and well-known organizations, but were not always limited to them. This is because it would take time and resources for malicious actors to create a spoofed version of a brand’s website, therefore making less sense to invest in attacking a relatively unknown and small target. In addition, the impact of a website impersonation attack on a small company would be minuscule if the brand being impersonated is virtually unknown. But this has all changed with the rise of generative AI, making cloning websites considerably faster, easier, and drastically cheaper.
As such, organizations today cannot downplay the threat of website impersonation. A 2024 report from Memcyco titled the “State of Digital Impersonation Fraud Resilience” shows that 40% of customers who have become victims of scams that involve website impersonation stop doing business with the brand. This raises the question about company responsibility for their customers and what happens if customers get scammed using a third-party site disguising as their own. For many customers, it doesn’t matter if the business had nothing to do with the emergence of the spoofed site. If they fall for a scam associated with a brand, they are highly likely to walk away.
The Memcyco report also says that around two-thirds of enterprises only discover the existence of sites impersonating their brands because of victim incident reports. Customers are frustrated that they serve as the “threat intel” and businesses are clueless about the problem unless customers inform them. To avoid the unwanted consequences of website impersonation, organizations need to implement solutions that do not rely entirely on customer feedback. It is important to have a proactive solution in place that continuously scans the internet for possible impersonation attempts and promptly alerts customers about these fake sites.
Fabricated Product Reviews and Ratings
The problem of fake product reviews and ratings is mostly addressed with a customer-centric approach. Proposed regulations, like the Trade Regulation Rule on the Use of Consumer Reviews and Testimonials of the FTC, seek to eliminate fake reviews and thereby avoid misleading customers. Meanwhile, companies usually view the problem as the need to comply with regulatory requirements to avoid fines or legal entanglements.
Most enterprises do not interpret fake reviews and ratings as a cyberattack that can cause serious reputational ramifications. As such, they usually have no systematic way of spotting and resolving their emergence. Enterprises can moderate reviews posted on their websites, but they have no control over those posted on online marketplaces such as Amazon. Also, they usually belatedly learn about smear campaigns (through fake reviews) against their brands. They only learn about them once a fake review or a viral YouTube video, for example, has already accumulated a significant number of views.
It is crucial to take online reviews seriously, as 85% of consumers trust them as much as they trust personal recommendations. It would be impractical for organizations to have a team continuously looking for and responding to negative reviews. However, they can use AI-powered reputational management solutions to quickly find and address fabricated reviews.
Social Media Impersonation
There’s a popular TikTok user, Ben Palmer, who gained fame on social media by pretending to be a customer representative for various major companies. One of his hit videos shows him pretending to be Chipotle’s customer rep, interacting with customers sardonically. In an interview, Palmer noted how companies rarely respond to customer comments and complaints on social media, so he took the opportunity to impersonate the companies’ staff and humorously exchanged messages with customers.
So far, no company has expressed offense over what Palmer is doing. However, his social media trolling demonstrates how easy it is for anyone to hijack the customer service or social media accounts of well-known establishments even without actually taking over their social media accounts. Palmer made many laughs with lines such as “Sometimes us major corporations like to promise things we can’t deliver.” However, things would not be a laughing matter if Palmer used the chance to defraud customers or spread misinformation about companies.
Organizations should consider social media an important part of their online presence. It is a must to create and regularly check social media accounts. Otherwise, threat actors can sneak in and engage in various forms of cybercrime. They can scam customers, steal personal data, inflict brand damage, or perform other adversarial actions similar to what they can do through website impersonation.
Fake News
More than two years ago, the stocks of pharmaceutical company Eli Lilly and Company dropped 4.37% following the spread of fake news. A number of news outlets quickly relayed the announcement that Eli Lilly was going to drop the price of insulin to zero. This was actually fake news that started from a fake Eli Lilly Twitter account, which posted “We are excited to announce insulin is free now.” Many believed the announcement because the imposter Eli Lilly Twitter account that posted it bore the blue check (verified) mark.
False information spreads quickly, but attempts to rectify or debunk it tend to be slow. Organizations are aware of this phenomenon, but almost no one is adequately prepared to deal with it. Even conglomerates fail to arrest fake news quickly enough to avoid damage. Before Eli Lilly, there had been several high-profile cases of fake news sinking stock prices.
It is rare for organizations to have specific mechanisms or protocols in place to anticipate fake news that can affect their brands. In most cases, such mechanisms are lumped with reputational management systems. However, it makes perfect sense to craft a systematic approach to dealing with fake news. The ways it affects organizations are unpredictable. Nobody would have guessed that “positive” news about Eli Lilly would end up being injurious.
Underestimated Threats
Rarity puts the attacks listed above low in the priority list of threats organizations anticipate. Most enterprises do not encounter them as often as they deal with common attacks such as malware and phishing. It is important to emphasize, though, that brand attacks are not low-impact attacks. They can cause serious brand damage that results in significant financial losses and reputational disaster. It is advisable for CISOs from all organizations, small or large, to get acquainted with the gravity of these attacks and come up with a contingency plan to avoid getting caught flat-footed with undesirable outcomes.