This Month in Cybersecurity - April 2024

Welcome to the “This Month in Cybersecurity - April 2024” edition. :wave:

This month highlighted some critical cybersecurity developments that reminded us of the importance of staying well informed. We’ve seen everything from exposed server credentials to sophisticated phishing attacks, with each incident pointing to the complexity of cybersecurity threats. At Passbolt, we just want to contribute a small part in keeping the community up-to-date with these curated and crucial updates. Let’s dive in!

1. Microsoft employees exposed internal passwords in security lapse

Microsoft resolved a security issue where an unprotected Azure cloud server exposed internal files and credentials. This server was related to Bing operations and contained sensitive data, including passwords. Discovered by SOCRadar researchers, the flaw was reported in February and secured by March. Microsoft acknowledged the credentials were temporary and limited to internal networks. This incident adds to a series of recent security lapses at Microsoft, involving exposed logins and breaches by hackers.

Date: Apr 9, 2024
Source: Tech Crunch
Author: Zack Whittaker

2. Cisco Duo warns third-party data breach exposed SMS MFA logs

Cisco Duo has reported a data breach involving a third-party telephony provider that handled their SMS and VoIP multi-factor authentication (MFA) messages. The breach occurred after a phishing attack allowed hackers to access and download MFA message logs for certain Duo accounts between March 1 and March 31, 2024. The logs contained phone numbers, carrier and location data, and timestamps, which could potentially be used in targeted phishing attacks. Cisco Duo has taken steps to mitigate the impact and advises impacted customers to be vigilant against possible SMS phishing or social engineering attacks exploiting this breach.

Date: Apr 15, 2024
Source: Bleeping Computer
Author: Bill Toulas

3. Open Source Security (OpenSSF) and OpenJS Foundations issue alerts for social engineering takeovers of open source projects

The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social engineering takeover attempts. They recently intercepted a social engineering attack similar to the XZ Utils backdoor, signaling a broader threat to open source projects. This attempt involved suspicious emails from individuals seeking maintainer status on widely-used JavaScript projects without adequate involvement or credibility. These tactics resemble those used in prior security breaches, aiming to subtly gain elevated privileges. The foundation, supported by the Linux Foundation and other entities, stressed the importance of vigilance and adherence to security best practices such as strong authentication and clear code readability.

Date: Apr 15, 2024
Source: OpenJS Foundation
Author: Robin Bender Ginn and Omkhar Arasaratnam

4. Delinea scrambles to patch critical flaw after failed responsible disclosure attempt

Delinea, a provider of privileged access management (PAM) solutions, addressed a critical authentication bypass vulnerability in their Secret Server SOAP API after it was publicly disclosed by researcher Johnny Yu. Although there were delays in acknowledging Yu’s repeated disclosure attempts since February, Delinea responded by initially blocking affected endpoints for cloud customers and releasing indicators of compromise. Subsequently, the company developed and released patches for both its cloud and on-premises solutions. Delinea has reported no evidence of data compromise or exploitation of the vulnerability and is continuing to monitor the situation closely, providing updates as necessary.

Date: Apr 16, 2024
Source: Security Week
Author: Eduard Kovacs

5. LastPass users targeted in phishing attacks good enough to trick even the savvy

LastPass users were targeted by a sophisticated phishing campaign called CryptoChameleon, which used phone calls, SMS, and emails to deceive users into giving up their master passwords. This advanced phishing kit allowed attackers to mimic real URLs and single sign-on pages, effectively bypassing multi-factor authentication to hijack accounts. The attacks, which targeted a variety of services, collected a significant amount of legitimate user data. In response, LastPass and others recommend verifying communications directly with service providers and using robust multi-factor authentication to prevent such scams.

Date: Apr 18, 2024
Source: Ars TECHNICA
Author: Dan Goodin

6. GitLab affected by GitHub-style CDN flaw allowing malware hosting

Both GitHub and GitLab are vulnerable to a flaw that allows threat actors to misuse their comment features to distribute malware. This vulnerability enables the uploading of malicious files to their CDNs, which are then falsely associated with reputable open source projects, making the links appear trustworthy. BleepingComputer demonstrated how easy it is to exploit this by uploading benign files renamed as executables under popular project URLs on GitLab, mimicking legitimate software updates. Despite the seriousness of this issue, currently, there are no measures in place for companies to manage or delete these maliciously attached files.

Date: Apr 22, 2024
Source: Bleeping Computer
Author: Ax Sharma

7. Police Chiefs call for solutions to access encrypted data in serious crime cases

European police chiefs are concerned that the widespread use of end-to-end encryption (E2EE) by tech companies like Meta is hindering law enforcement’s ability to tackle serious crimes such as child sexual abuse and terrorism. This “going dark” issue is exacerbated by privacy enhancements that prevent the monitoring of activities on platforms like Messenger and Instagram. While encryption offers significant privacy benefits, it also limits investigative capabilities. Law enforcement urges tech companies and governments to develop solutions that balance public safety with privacy and cybersecurity, suggesting that adaptable and innovative technical solutions can address these challenges.

Date: Apr 23, 2024
Source: The Hacker News
Author: Newsroom

Conclusion

And that wraps up our “This Month in Cybersecurity - April 2024” edition. :tada:

This month highlighted the challenges and strategic advances in the field of cybersecurity and data privacy. Each story we’ve shared shed light on the importance of maintaining vigilance in the increasingly connected world.

We hope you’ve enjoyed reading these short updates and feel free to share any interesting articles you come across in the “In the News” section of the passbolt community forum: In the news - Passbolt community forum :heart: :star2: