This week’s cybersecurity headlines have had significant updates related to recent acquisitions, patches, and adversary actions. Here are the most important of those cyber news headlines:
Apache Fixes Severe Vulnerabilities
In an abundance of caution, Apache has released patches for two cybersecurity vulnerabilities in its HTTP server. Adversaries actively exploited the vulnerabilities related to path traversal and file disclosure until 29th September, when Apache discovered the same in Apache HTTP Server 2.4.49.
Using the path traversal flaw (dubbed as CVE-2021-41773), attackers could map URLs to external files, often not protected by ‘require all denied.’ The second vulnerability was detected in processing HTTP/2 requests (dubbed as CVE-2021-41524), which could be used to launch denial-of-service (DoS) attacks on the server. However, Apache’s timely move and insistence on users getting the patches as soon as possible is an indicator of the cybersecurity awareness that’s slowly making its way into organizations’ priorities.
Arizona Opens New Cyber Command Center
Over the last fifteen years, the Arizona government has lost around $1.6 billion to data breaches, and the compromised records exceed 10.9 million. With such a massive loss of assets and threat to citizens’ identities, the Ducey administration has opened a new Cyber Command Centre called the Arizona Information Sharing and Analysis Center (AZ-ISAC). The AZ-ISAC (previously known as the Arizona Cyber Information Program) aims at striking a balance between the cyber threat detection and response measures of local, state, and federal agencies.
This cybersecurity merger of the public and private sectors will see several departments working towards ransomware protection. These entities include the Arizona Department of Homeland Security, the Arizona Department of Administration, the FBI’s Cyber Crimes Task Force, the Arizona National Guard Cyber Response Team, the Arizona Department of Public Safety, and the Arizona Counter Terrorism Information Center. The creation of this fusion center in Arizona ensures that data breaches are tackled at their roots and detect existing cybersecurity loopholes that might expose citizens’ details.
Arctic Wolf Acquires Habitu8
The cybersecurity company Arctic Wolf recently acquired the security training platform Habitu8, giving the former access to around 60-70% of the latter’s customers. The deal terms remain undisclosed, but this news comes just 60 days after Arctic Wolf secured $150 million in Series F funding.
Habitu8 is a start-up founded in 2017 that uses live-action videos to impart cybersecurity awareness. Its Learning Platform will now be merged with Arctic Wolf’s Managed Security Awareness offering, thereby creating a training and security awareness program delivered as a concierge service. Arctic Wolf views this acquisition as a leap in imparting cyber-risk awareness as Habitu8’s training does not subscribe to the dull approach that most other organizations follow. Its use of modern high quality and on-demand experiences which are engaging and retainable ensure that people do not forget the training concept as soon as they receive them. Both companies are hopeful that this acquisition will be an effective solution for all customers.
Coinbase Global Inc. Customers Affected By Data Breach
Coinbase Global Inc. recently sent out a data breach notification to around 6,000 customers, informing them of an intrusion that happened between March and May 2021. The adversaries exploited a flaw in the company’s SMS account recovery process and gained access to user accounts. Soon after, they transferred funds to crypto wallets outside of Coinbase.
Coinbase has approached customers with reimbursements of their stolen funds, but this is no assurance of email security as the adversaries already have their phone numbers, email addresses, and passwords. The company says it has no evidence of the data being compromised from its servers in its defense. However, the flaw is now fixed, and one can only hope that Coinbase and other exchanges take cybersecurity seriously because the attackers won’t be keeping away from the crypto world!
A Global Cybersecurity Resurgence?
Global cybersecurity concerns are increasing, and the latest arrest of two cyber criminals by Europol is evidence. These threat actors were arrested in Ukraine recently and have been behind laundering some 5-70 million euros from entities across the European Union, the USA, France, and Ukraine. The accused have been involved in a series of ransomware attacks since April 2020, where they threatened victims of leaking their data if the ransom wasn’t paid.
Seven property searches were conducted along with these arrests, which revealed that the threat actors owned over $1.3 million in cryptocurrencies, $375,000 in cash, and two expensive luxury vehicles. This investigation saw Europol collaborate with Interpol’s Cyber Fusion Centre, the French National Cybercrime Centre of the National Gendarmerie, the FBI’s Atlanta Field Office, and the Cyber Police Department of the National Police of Ukraine.
Too many major ransomware attacks have happened in the recent past, including the Colonial Pipeline and JBS attacks. World governments are worried about this emerging cyberthreat, and therefore US president Biden had urged Russian President Putin to impose restrictions on their state-sponsored threat actor groups. The October Cybersecurity Awareness Month will witness president Biden convene a meeting of 30 nations with hopes of combating the growing number of cybercrimes.
Google Fixes 41 Unexploited Vulnerabilities in October
On the fifth of every month, Google releases its security updates, and this month, it has fixed 41 vulnerabilities affecting Android versions 8.1 to 11, all of which range between high and critical severity. While the high-severity flaws include denial of service, remote code execution, elevation of privilege, and information disclosure issues, the critical severity flaws affect Qualcomm’s WLAN component and include a remote code execution issue.
Fortunately, none of these 41 vulnerabilities were exploited before the release of the patches. Newer Android versions that support the update are still safe if they get the patches on time, but devices that have reached end-of-life remain at risk. Such users must either consider changing their device or getting a third-party Android distribution application that delivers the monthly cybersecurity patches.