MSP cybersecurity news digest, October 14, 2024

Microsoft's October 2024 Patch Tuesday addresses 118 vulnerabilities, including five zero days, two of which are being actively exploited. Among these are three critical remote code execution flaws.

The update includes 28 elevation of privilege vulnerabilities, 43 remote code execution flaws and other categories of security issues. Notably, the two actively exploited zero-days involve a Windows MSHTML Platform spoofing vulnerability and a Microsoft Management Console (MMC) remote code execution flaw.

Microsoft also fixed a Curl vulnerability, a Hyper-V UEFI bypass issue and a Winlogon elevation of privilege flaw. These updates are crucial for securing systems.

Casio, with a revenue of $1.83 billion, suffered a cyberattack after an unauthorized actor accessed its networks, causing service disruptions.

The Japanese tech giant, known for its electronics, confirmed the breach and is investigating with external specialists. Casio has not disclosed whether any personal data or confidential information was stolen. The company has reported the incident to data protection authorities and implemented measures to block external access. The Underground ransomware group listed Casio on its dark web portal, leaking sensitive data allegedly stolen, including employee and financial information, patents, and legal documents. The claims remain unverified, as Casio has not responded to requests for comment.

This incident follows a previous breach a year ago that exposed customer data from 149 countries.

North Korean threat actors are targeting tech job seekers to deliver updated versions of BeaverTail and InvisibleFerret malware, in a campaign dubbed "Contagious Interview."

Researchers report that attackers pose as recruiters on job platforms, inviting developers to interviews and persuading them to download malware. The first infection stage involves the BeaverTail downloader, which targets both Windows and macOS systems, followed by the InvisibleFerret backdoor. Despite public disclosure, the campaign remains active, with attackers using fake video conferencing apps to infiltrate systems.

The malware steals browser passwords, cryptocurrency wallet data, and enables remote control of infected devices. This operation is likely financially motivated to support the North Korean regime.

ADT, a home and small business security company with 14,300 employees and an annual revenue of $4.98 billion, disclosed a breach after threat actors accessed its systems using stolen credentials.

The breach occurred through a third-party business partner, allowing attackers to steal encrypted employee account data. ADT terminated the unauthorized access and launched an investigation with third-party cybersecurity experts. The company has implemented countermeasures and is working with law enforcement to address the breach.

Although some internal systems were disrupted, ADT claimed that customer data and security systems were not compromised. This is ADT’s second breach in two months, following an August incident involving leaked customer data.

Several government agencies warned about scams linked to hurricanes Helene and Milton, targeting relief funds and sensitive data.

Hurricane Helene recently caused massive damage across Florida, Georgia, North Carolina, Tennessee and Virginia, while afterwards, Florida faced Hurricane Milton. The Federal Trade Commission (FTC) and Cybersecurity and Infrastructure Security Agency (CISA) have advised residents to be cautious of fraudulent charities, government impersonators and investment scams. The scammers are offering disaster relief in exchange for money or personal information. They are also promoting fraudulent investment opportunities related to rebuilding efforts. Experts have already observed phishing attempts and scams involving unlicensed contractors and too-good-to-be-true offers for flood-damaged properties.

Additionally, CISA cautions against malicious emails and social media messages following major disasters, urging people to verify sources before engaging.