InfoSec Dot - Issue #15. 🛫 Airport SQL Flaw | 🌐 SaaS Breach Alert | 🛡️ Cyber Defense Tips

In partnership with

Hi there

Welcome to this Thursday's quick update edition of InfoSec Dot! 

Since our last comprehensive Monday newsletter, several significant developments have unfolded in the cybersecurity landscape. This quick update provides the latest happenings since last Monday, ensuring you're always in the loop with the most current cybersecurity news.

In this edition, we're covering a some urgent cybersecurity developments. From a newly discovered SQL injection flaw in airline security systems to evolving threats in the SaaS landscape, we explore the intricate challenges facing today's digital defenses. Stay tuned for our in-depth Monday issue for more extensive analyses and insights.

The Daily Newsletter for Intellectually Curious Readers

• We scour 100+ sources daily

• Read by CEOs, scientists, business owners and more

• 3.5 million subscribers

Sign up today!

🗓️ What’s New

Ongoing Cyber Attack Targets Transport for London

Transport for London (TfL) is currently managing a cyber attack affecting its internal systems, with no evidence of compromised customer data or impact on TfL services. Employees have been advised to work from home as a precaution. TfL’s CTO, Shashi Verma, assured that extensive security measures are in place and ongoing collaboration with national agencies continues to monitor and address the situation. Read More (2 Mins Read)

RansomHub hits 210 victims in just 6 months

The cybercrime group RansomHub has claimed 210 victims since its inception in February, aiming to dominate the ransomware scene. This group, attracting affiliates from defunct groups like LockBit and ALPHV, targets a wide range of sectors, including critical infrastructure. The U.S. security agencies have issued advisories detailing the tactics and mitigation strategies against RansomHub's operations, which utilize a variety of tools including Mimikatz, Cobalt Strike, and Metasploit for network penetration and data exfiltration. Read More (3 Mins Read)

North Korea Targets Crypto Industry with Sophisticated Social Engineering: FBI

North Korea has intensified its cyberattacks on the cryptocurrency sector, using advanced social engineering tactics to deploy malware and steal digital assets. The attacks target employees in the decentralized finance and cryptocurrency industries, exploiting personal and professional information to craft believable scenarios for phishing. The FBI advises heightened vigilance and outlines specific mitigation strategies for companies at risk, emphasizing the need for robust verification processes and security practices. Read More (4 Mins Read)

Crypto Vulnerability Allows Cloning of YubiKey Security Keys

Yubico has issued a security advisory for a moderate vulnerability found in Infineon’s cryptographic library affecting several YubiKey and YubiHSM models. The flaw could potentially allow attackers, with physical access to the devices, to recover private ECDSA keys. Affected products include older versions of YubiKey 5, YubiKey Bio, and YubiHSM 2. Updated firmware versions address these issues, enhancing security for FIDO and other use cases relying on ECDSA. Read More (4 Mins Read)

Changes to the OSCP Certification

Offensive Security has announced updates to the OSCP certification effective November 1, 2024. The changes include an updated exam to better align with current cybersecurity challenges and the introduction of the OSCP+ certification, which will expire after three years. Holders of the OSCP+ can maintain their certification through continuing education or by passing a recertification exam. The standard OSCP certification remains valid for life without the need for renewal. Read More (5 Mins Read)

SaaS Data Breaches Affect One-Third of Organizations in 2024

A recent report highlights that 31% of organizations have experienced a SaaS data breach this year, up from 26% last year. Despite increased security budgets and initiatives, many companies struggle with decentralized SaaS deployments, leading to significant security gaps. The report, by AppOmni, stresses the need for better visibility and continuous monitoring of SaaS connections to improve security. Read More (3 Mins Read)

SQL Injection Vulnerability Discovered in Airport Security Systems

Security researchers have identified a SQL injection vulnerability in the FlyCASS system used by airlines to manage security credentials, potentially allowing unauthorized access to sensitive areas including cockpits. This flaw highlights significant risks in the security protocols governing access to secure areas in airports. The Department of Homeland Security has intervened, ensuring that the vulnerability is patched and no longer poses a threat. Read More (4 Mins Read)

🔗 Quick Links

• Playing Around with AWS-Vault for Fun & Profit

• Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information

• How to ensure cybersecurity strategies align with the company’s risk tolerance

• A macro look at the most pressing cybersecurity risks

• Managing low-code/no-code security risks

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot