Apache fixes critical OFBiz remote code execution vulnerability in their CRM and ERP software, dated September 5th
Apache OFBiz is a suite of customer relationship management (CRM) and enterprise resource planning (ERP) business applications that can also be used as a Java-based web framework for developing web applications.
Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.
In early August, CISA warned that the CVE-2024-32113 OFBiz vulnerability (patched in May) was being exploited in attacks, days after SonicWall researchers published technical details on the CVE-2024-38856 pre-authentication RCE bug.
The article discusses the hidden risks of using generative AI (genAI) tools, particularly related to intellectual property and data privacy. While AI chatbots like ChatGPT have been widely adopted for research and writing tasks, they often fail to credit original authors, which can lead to ownership issues and privacy violations. For example, researchers like Timothée Poisot worry that their work, used without permission, could affect important policy decisions.
Generative AI tools rely on vast datasets, often scraped from the internet, which might include copyrighted content without the creators’ knowledge. This creates problems around plagiarism and compensation, especially for early-career scientists. AI’s lack of transparency makes it difficult to track how specific data or research is used.
To protect intellectual property, researchers can take steps such as opting out of AI training sets or using tools that prevent their work from being misused. However, the legal landscape around AI and intellectual property is still evolving, with countries like the U.S. and the EU taking different approaches to regulation. For example, the EU’s AI Act aims to increase transparency and enforce opt-out options for data use, while the U.S. focuses more on fostering technological innovation.
North Korean threat actors were targeting developers through LinkedIn job scams, using coding challenges to deliver COVERTCATCH malware, which infects macOS systems by deploying a second-stage payload for persistence. This tactic is part of broader campaigns such as Operation Dream Job, where social engineering and recruitment lures were used to deliver malware like RustBucket. Once inside, the hackers steal user credentials and access cloud environments, often targeting cryptocurrency firms.
MIT researchers release repository of AI risks | Kyle Wiggers | August 14, 2024
This article highlights the risks of using Artificial Intelligence (AI) by diverse entities, leading to the creation of an AI risk repository for over seven hundred risk categorizations by MIT researchers. The repository is essential for policymakers and researchers to use. A lot of existing frameworks cover just a portion of the existing risks hence the creation of a comprehensive risk repository. This risk repository is meant to serve as a foundation for further research and evaluation of how well diverse risks are being addressed. https://techcrunch.com/2024/08/14/mit-researchers-release-a-repository-of-ai-risks/
This article discusses the role that cybersecurity and IT audit in an organization is gaining prominence such that they have been separated from the IT department. The implementation of a separate audit program has come about due to the increasing significance of independent IT audit helping organizations uphold credible practice in compliance with regulations. Boards of directors are attaching greater importance to IT auditing due to increasing internal control, reputational impact, and cost-effectiveness. Modern cyber threats are becoming refined, and organizations must find ways to mitigate these threats. One sure way is an independent audit because it provides an unbiased, credible, and reliable assessment of an organization’s cybersecurity position. It gives the board of directors a complete understanding of the organization in decision-making. The first step in risk management is having an independent audit which presents the board of directors with the potential risk faced by the organization and how to respond effectively to the risk. This may be done by either reducing the risk, transferring the risk, or accepting the risk. Independent IT audit provides an important steppingstone in decision-making and provides transparency about the organization’s risk.
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named “Rocinante”.
This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks, with all this exfiltrated information to perform device takeover (DTO) of the device, by leveraging the accessibility service privileges to achieve full remote access on the infected device.
Russian Cyber Militants Responsible for Damage to Critical Assets: US offers $10 million
Unit 29155 consists of Russian General Staff Main Intelligence Directorate (GRU) members, who have been held responsible for multiple computer network operations against global targets. Their targets include government, financial services, transportation, energy, and healthcare; targeting NATO (North Atlantic Treaty Organizations) members in Europe and the U.S. The WhisperGate malware has been used by Unit 29155 to conduct multiple website defacements, infrastructure scanning, and data exfiltration including multiple Ukrainian victim organizations in January 2022. WhisperGate is a type of malware that is capable of corrupting a system’s master boot record, displaying a fake ransomware note, and encrypting files (disrupting and damaging targeted computer systems). The FBI has observed 14,000 instances to date that have been performing domain scanning across 26 NATO members. Since early 2022, the primary focus of these cyberattacks has been targeting and disrupting aid to Ukraine.
This article discusses a recent malware campaign that has been injecting malicious code into online retailers and skimming credit card information from customers. The malware injects a simple line of code onto the online stores and when a customer goes to check out, they are seamlessly referred to a fake payment window that will capture their credit number, expiration date, and CVC in real time. The stolen data is then stored in the criminal’s database. Several different online retailers were identified as compromised. This compromise has serious implications for the confidentiality of customer’s data. The compromise is also very difficult to detect for the average customer. Antivirus browser extensions would be a viable mitigation strategy in this scenario. Antivirus software or browser extensions could provide warnings to the customer and detect or block the malicious code from gathering any sensitive customer information. In addition to credit card information, the malware could also be used to gather certain PII such as addresses, dates of birth, emails, and phone numbers. The article ends by providing a list of known online retailers that have been compromised. It is important for online shoppers to remain diligent when making purchases and consider implementing antivirus extensions to their browser and software.
Lowes Employees fall prey to a phishing attack
Malwarebytes recently identified a sophisticated phishing campaign aimed at Lowe’s employees. In this attack, cybercriminals created fake websites designed to mimic the official Lowe’s benefits portal, MyLowesLife. To carry out the campaign, the attackers registered domains that closely resembled MyLowesLife, using common misspellings or typographical errors (known as typosquatting) to deceive employees. Additionally, the attackers bought Google Ads for these fraudulent domains, ensuring they would appear prominently in search results when employees searched for the legitimate MyLowesLife portal. When unsuspecting employees clicked on these fake websites, they were prompted to enter their login credentials, which the attackers then harvested for malicious purposes, such as accessing sensitive employee information or corporate systems.
A critical SQL injection vulnerability was discovered in FlyCASS, a web-based application used by smaller airlines participating in the Cockpit Access Security System (CASS) and known Crewmember programs. The vulnerability allowed attackers to gain administrator access, manipulate employee lists, and potentially bypass security screening for both pilots and flight attendants. This posed a significant risk to aviation security as unauthorized individuals could have gained access to commercial aircraft cockpits.
The article involves a musician who has been charged with fraudulently obtaining $10 million in streaming royalties using AI and bots. The musician is accused of fabricating the amount of music streams on streaming services by employing AI and automated bots. Due to this manipulation, it appeared as though more people were listening to their music than there actually were. Royalties are paid by streaming services based on how many times a song is played. The musician obtained larger money than they were rightfully due by manipulating the stream counts. The AI and bots were most likely programmed to generate fake plays or streams of the musician’s tracks, giving the impression that the music was more popular than it really was. The musician faces serious legal repercussions and financial fines as a result of the numerous charges brought against him in connection with this illegal behavior.
The article discusses Highline Public Schools in Washington state which closed all schools and canceled activities following a cyberattack that compromised their technology systems. The district is working with third-party, state, and federal partners to restore and secure its systems, while ensuring student safety remains the priority. The incident highlights the growing threat of cyberattacks on public schools, but it’s unclear if personal data was exposed. IT-related issues here involve system breaches and potential data compromise, emphasizing the need for robust cybersecurity in education. A breach in their IT system had interfered with all three categories of Confidentiality, Integrity and Availability. Even though the school is still unsure of what data had been stolen, the risk of import PII being leaked is already a huge security risk.
For this week’s reading I chose an article by EY’s Risk Management Leader, Scott McCowan. The article outlines a process to decide when to respond and when to accept risk. According to Scott McCowan, organizations should make use of an integrated risk management wheel. Organizations should begin by gathering information on their current internal and external assurance functions, as well as fully understanding the risk thresholds that the board/executives have set. The risk management wheel begins by plotting your risk ecosystem on an X-axis, and the rusk universe on the Y-axis. Then determine where there are gaps (where assurances are below par) and where you are over-responding (where there may be an excess of assurances). By quantifying risk in this way, you can narrow down risks into 4 quadrants. If the assessed risk is high and the assurance structure is high, you should evaluate the risk independently and evaluate the mitigations in place. If the assessed risk is high and the assurance is low, the response is likely to improve the overall process. This should be noted and the cost effectiveness should be weighed. If the assessed risk is low and the assurance is high, the risk is likely to be overmanaged, and resources should most likely be allocated elsewhere. If the risk is low and the assurance is low, technology should be leveraged to track risk indicators. Meaning the risk should be monitored, but expensive mitigations should not be implemented unless the risk grows. The article ends by stressing the importance of a coordinated risk response, as a disjointed response could become a larger threat than the risk itself.
Parth Tyagi says
Apache fixes critical OFBiz remote code execution vulnerability in their CRM and ERP software, dated September 5th
Apache OFBiz is a suite of customer relationship management (CRM) and enterprise resource planning (ERP) business applications that can also be used as a Java-based web framework for developing web applications.
Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.
In early August, CISA warned that the CVE-2024-32113 OFBiz vulnerability (patched in May) was being exploited in attacks, days after SonicWall researchers published technical details on the CVE-2024-38856 pre-authentication RCE bug.
News Article – https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/?&web_view=true
CVE – https://nvd.nist.gov/vuln/detail/CVE-2024-45195
Lili Zhang says
The article discusses the hidden risks of using generative AI (genAI) tools, particularly related to intellectual property and data privacy. While AI chatbots like ChatGPT have been widely adopted for research and writing tasks, they often fail to credit original authors, which can lead to ownership issues and privacy violations. For example, researchers like Timothée Poisot worry that their work, used without permission, could affect important policy decisions.
Generative AI tools rely on vast datasets, often scraped from the internet, which might include copyrighted content without the creators’ knowledge. This creates problems around plagiarism and compensation, especially for early-career scientists. AI’s lack of transparency makes it difficult to track how specific data or research is used.
To protect intellectual property, researchers can take steps such as opting out of AI training sets or using tools that prevent their work from being misused. However, the legal landscape around AI and intellectual property is still evolving, with countries like the U.S. and the EU taking different approaches to regulation. For example, the EU’s AI Act aims to increase transparency and enforce opt-out options for data use, while the U.S. focuses more on fostering technological innovation.
https://www.nature.com/articles/d41586-024-02838-z
Steven Lin says
North Korean threat actors were targeting developers through LinkedIn job scams, using coding challenges to deliver COVERTCATCH malware, which infects macOS systems by deploying a second-stage payload for persistence. This tactic is part of broader campaigns such as Operation Dream Job, where social engineering and recruitment lures were used to deliver malware like RustBucket. Once inside, the hackers steal user credentials and access cloud environments, often targeting cryptocurrency firms.
Steven Lin says
https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
Clement Tetteh Kpakpah says
MIT researchers release repository of AI risks | Kyle Wiggers | August 14, 2024
This article highlights the risks of using Artificial Intelligence (AI) by diverse entities, leading to the creation of an AI risk repository for over seven hundred risk categorizations by MIT researchers. The repository is essential for policymakers and researchers to use. A lot of existing frameworks cover just a portion of the existing risks hence the creation of a comprehensive risk repository. This risk repository is meant to serve as a foundation for further research and evaluation of how well diverse risks are being addressed.
https://techcrunch.com/2024/08/14/mit-researchers-release-a-repository-of-ai-risks/
Daniel Akoto-Bamfo says
The Importance of Independent IT Audit
This article discusses the role that cybersecurity and IT audit in an organization is gaining prominence such that they have been separated from the IT department. The implementation of a separate audit program has come about due to the increasing significance of independent IT audit helping organizations uphold credible practice in compliance with regulations. Boards of directors are attaching greater importance to IT auditing due to increasing internal control, reputational impact, and cost-effectiveness. Modern cyber threats are becoming refined, and organizations must find ways to mitigate these threats. One sure way is an independent audit because it provides an unbiased, credible, and reliable assessment of an organization’s cybersecurity position. It gives the board of directors a complete understanding of the organization in decision-making. The first step in risk management is having an independent audit which presents the board of directors with the potential risk faced by the organization and how to respond effectively to the risk. This may be done by either reducing the risk, transferring the risk, or accepting the risk. Independent IT audit provides an important steppingstone in decision-making and provides transparency about the organization’s risk.
https://www.isaca.org/resources/news-and-trends/industry-news/2024/the-importance-of-independent-it-audit
Justin Chen says
Data Breach News
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named “Rocinante”.
This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks, with all this exfiltrated information to perform device takeover (DTO) of the device, by leveraging the accessibility service privileges to achieve full remote access on the infected device.
https://thehackernews.com/2024/09/rocinante-trojan-poses-as-banking-apps.html
Lily Li says
Russian Cyber Militants Responsible for Damage to Critical Assets: US offers $10 million
Unit 29155 consists of Russian General Staff Main Intelligence Directorate (GRU) members, who have been held responsible for multiple computer network operations against global targets. Their targets include government, financial services, transportation, energy, and healthcare; targeting NATO (North Atlantic Treaty Organizations) members in Europe and the U.S. The WhisperGate malware has been used by Unit 29155 to conduct multiple website defacements, infrastructure scanning, and data exfiltration including multiple Ukrainian victim organizations in January 2022. WhisperGate is a type of malware that is capable of corrupting a system’s master boot record, displaying a fake ransomware note, and encrypting files (disrupting and damaging targeted computer systems). The FBI has observed 14,000 instances to date that have been performing domain scanning across 26 NATO members. Since early 2022, the primary focus of these cyberattacks has been targeting and disrupting aid to Ukraine.
https://cybernews.com/security/russian-cyber-militants-responsible-for-damage-to-critical-assets/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a#:~:text=Since%20early%202022%2C%20the%20primary,European%20Union%20(EU)%20countries.
Charles Lemon says
This article discusses a recent malware campaign that has been injecting malicious code into online retailers and skimming credit card information from customers. The malware injects a simple line of code onto the online stores and when a customer goes to check out, they are seamlessly referred to a fake payment window that will capture their credit number, expiration date, and CVC in real time. The stolen data is then stored in the criminal’s database. Several different online retailers were identified as compromised. This compromise has serious implications for the confidentiality of customer’s data. The compromise is also very difficult to detect for the average customer. Antivirus browser extensions would be a viable mitigation strategy in this scenario. Antivirus software or browser extensions could provide warnings to the customer and detect or block the malicious code from gathering any sensitive customer information. In addition to credit card information, the malware could also be used to gather certain PII such as addresses, dates of birth, emails, and phone numbers. The article ends by providing a list of known online retailers that have been compromised. It is important for online shoppers to remain diligent when making purchases and consider implementing antivirus extensions to their browser and software.
https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign?web_view=true
Aaroush Bhanot says
Lowes Employees fall prey to a phishing attack
Malwarebytes recently identified a sophisticated phishing campaign aimed at Lowe’s employees. In this attack, cybercriminals created fake websites designed to mimic the official Lowe’s benefits portal, MyLowesLife. To carry out the campaign, the attackers registered domains that closely resembled MyLowesLife, using common misspellings or typographical errors (known as typosquatting) to deceive employees. Additionally, the attackers bought Google Ads for these fraudulent domains, ensuring they would appear prominently in search results when employees searched for the legitimate MyLowesLife portal. When unsuspecting employees clicked on these fake websites, they were prompted to enter their login credentials, which the attackers then harvested for malicious purposes, such as accessing sensitive employee information or corporate systems.
https://www.malwarebytes.com/blog/news/2024/09/lowes-employees-phished-via-google-ads?utm_source=tldrinfosec
Rohith says
A critical SQL injection vulnerability was discovered in FlyCASS, a web-based application used by smaller airlines participating in the Cockpit Access Security System (CASS) and known Crewmember programs. The vulnerability allowed attackers to gain administrator access, manipulate employee lists, and potentially bypass security screening for both pilots and flight attendants. This posed a significant risk to aviation security as unauthorized individuals could have gained access to commercial aircraft cockpits.
https://www.securityweek.com/cisa-responds-after-disclosure-of-controversial-airport-security-bypass-vulnerability/
Sara Sawant says
The article involves a musician who has been charged with fraudulently obtaining $10 million in streaming royalties using AI and bots. The musician is accused of fabricating the amount of music streams on streaming services by employing AI and automated bots. Due to this manipulation, it appeared as though more people were listening to their music than there actually were. Royalties are paid by streaming services based on how many times a song is played. The musician obtained larger money than they were rightfully due by manipulating the stream counts. The AI and bots were most likely programmed to generate fake plays or streams of the musician’s tracks, giving the impression that the music was more popular than it really was. The musician faces serious legal repercussions and financial fines as a result of the numerous charges brought against him in connection with this illegal behavior.
https://www.bleepingcomputer.com/news/security/musician-charged-with-10m-streaming-royalties-fraud-using-ai-and-bots/?&web_view=true
Haozhe Zhang says
The article discusses Highline Public Schools in Washington state which closed all schools and canceled activities following a cyberattack that compromised their technology systems. The district is working with third-party, state, and federal partners to restore and secure its systems, while ensuring student safety remains the priority. The incident highlights the growing threat of cyberattacks on public schools, but it’s unclear if personal data was exposed. IT-related issues here involve system breaches and potential data compromise, emphasizing the need for robust cybersecurity in education. A breach in their IT system had interfered with all three categories of Confidentiality, Integrity and Availability. Even though the school is still unsure of what data had been stolen, the risk of import PII being leaked is already a huge security risk.
Haozhe Zhang says
Source:https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack/
Elias Johnston says
For this week’s reading I chose an article by EY’s Risk Management Leader, Scott McCowan. The article outlines a process to decide when to respond and when to accept risk. According to Scott McCowan, organizations should make use of an integrated risk management wheel. Organizations should begin by gathering information on their current internal and external assurance functions, as well as fully understanding the risk thresholds that the board/executives have set. The risk management wheel begins by plotting your risk ecosystem on an X-axis, and the rusk universe on the Y-axis. Then determine where there are gaps (where assurances are below par) and where you are over-responding (where there may be an excess of assurances). By quantifying risk in this way, you can narrow down risks into 4 quadrants. If the assessed risk is high and the assurance structure is high, you should evaluate the risk independently and evaluate the mitigations in place. If the assessed risk is high and the assurance is low, the response is likely to improve the overall process. This should be noted and the cost effectiveness should be weighed. If the assessed risk is low and the assurance is high, the risk is likely to be overmanaged, and resources should most likely be allocated elsewhere. If the risk is low and the assurance is low, technology should be leveraged to track risk indicators. Meaning the risk should be monitored, but expensive mitigations should not be implemented unless the risk grows. The article ends by stressing the importance of a coordinated risk response, as a disjointed response could become a larger threat than the risk itself.
https://www.ey.com/en_us/insights/risk/when-to-respond-and-when-to-accept-risk