This week’s cybersecurity headlines are proof that vulnerabilities should be patched the moment they are reported. Here are the top headlines this week that re-emphasize the need to heed security warnings by law enforcement.
Scandinavian Hotel Chain-Nordic Choice Has The Hardest Time Checking Guest In
Having caused much disruption in Ireland’s Health Service Executive (HSE) and the US-based Broward County Public Schools, the Conti ransomware group has now targeted a Scandinavian hotel chain. While the hotel – Nordic Choice, has no plans to negotiate with the attackers, it suspects a theft of its guests’ personally identifiable information (PII). As a result of the attack, guests are also struggling to check in because the reservations system at over 200 Nordic Choice locations remains affected. All procedures related to check-in, new room key creation, check-out, etc., were affected, which compelled the hotel staff to escort guests to their rooms.
While Nordic Chain mentions nothing about its ransomware protection measures and strategies for the coming days, it blames Conti for the disruption. Shortly after the attack, the concerned Norwegian authorities were informed, and data theft notifications were sent out to all former, current, and future customers. The possible guest information lost in the breach includes their names, phone numbers, email addresses, travel dates, etc.
Passports Frauds Are Tricky But Attackers Are Skilled
Passport is considered the most high-assurance identity document worldwide, and Onfido’s 2022 Identity Fraud Report indicates a rapid increase in passport frauds since the pandemic. The report calls passports the adversaries’ favorite ID to forge, hence the most frequently attacked identity document. Apparently, the attackers prefer a one-sided passport page more than a double-sided ID card. Onfido’s report covers identity theft data collected over a year from 1st October 2020 to 1st October 2021.
Yet another revelation of the Onfido research suggests that the attackers prefer creating a complete ID rather than meddling with a genuine one, which was true for 90% of the ID frauds. While modern ID cards come with robust fraud detection features, the attackers have upscaled their attack methods as well, wherein they employ sophisticated strategies of forgery. Since fake IDs are a gateway to many organized crimes like terrorist financing and money laundering, it is essential to have meticulous cybersecurity methods in place, both for online and offline scenarios.
Equity Enterprise Permira Could Acquire Mimecast
Renowned cybersecurity organization Mimecast is in negotiations with the private equity organization Permira about its takeover by the latter in an all-cash transaction amounting to around $5.8 billion. While Mimecast looks forward to this merger with Permira, it also plans to look for alternate acquisition proposals till 6th January till then. The deal with Permira is to be finalized in the first half of 2022, where Mimecast would receive $80 for each of its outstanding ordinary shares.
Permira plans to privatize the cybersecurity enterprise and has been in discussions with McAfee to acquire the enterprise and privatize it in a $14 billion deal. The private equity organization also engaged in negotiations for acquiring Symantec back in 2019. This deal was to be signed for over $16 billion in collaboration with Advent International. Since October, Permira’s acquisition proposal has been a welcome gesture for Mimecast as the organization has been looking for potential buyers.
With over 1700 employees, 40,000+ customers, and annual revenue of around $150 million, Mimecast is doing quite well for itself. It looks forward to the Permira acquisition and hopes to provide strengthened cybersecurity services to its shareholders with the support and collaboration of Permira.
December 2021 Android Security Update Patches 46 Vulnerabilities
A total of 46 moderate to critical severity vulnerabilities were patched in the December 2021 Android security updates. An information leakage bug was detected in the media framework, which needed no other execution privilege for remote information disclosure – this was the most severe vulnerability patched. In addition, two additional information disclosure flaws in the media framework, namely CVE-2021-0967 and CVE-2021-0964, were also patched. Two high severity flaws in the framework leading to privilege elevation and information disclosure were fixed along with ten other security loopholes in the System, including privilege elevation and remote code execution.
The second part of the Android Security Bulletin fixes 31 other vulnerabilities affecting Qualcomm closed-source components. These include a bug in the media framework, two in MediaTek components, three in Kernel and Qualcomm components, and 22 others in the Qualcomm closed-source components. All devices running with cybersecurity patch levels of 2021-12-05 and beyond will function with fixes to all 46 vulnerabilities. Further, the patch level of 2021-12-05 fixes 85 other bugs in Pixel devices.
Grafana Labs Releases Emergency Security Update
Cybersecurity experts at Grafana Labs recently detected a critical vulnerability dubbed CVE-2021-43798 in its main product – the Grafana dashboard. This compelled the organization to release an emergency security update so that its global clients do not have to bear the unpleasant consequences. Post investigation, the flaw was identified as a path traversal attack wherein adversaries could read files going beyond the Grafana application’s folder.
The enterprise notified that all self-hosted Grafana servers with 8.x versions of the software could be affected. Therefore, the organization urgently released the patches Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7. Fortunately, the cloud-hosted Grafana dashboards remained unaffected by the vulnerability as they were already protected with additional cybersecurity measures.
While Grafan has released a patch, several researchers claim that the vulnerability is being exploited in attacks already, and there are between 3,000 to 5,000 Grafana servers active currently.
Kaseya Developers Patch Multiple Vulnerabilities
Kaseya developers have released patches for a series of vulnerabilities in its storage technologies. These include two critical flaws related to remote code execution and two unauthenticated SQL injection vulnerabilities (dubbed CVE-2021-43035) in the Kaseya Unitrends Backup Appliance. All the flaws were rated a CVSS score of 9.8 and were present in the Kaseya Unitrends Backup Appliance software versions from 10.0.x-10.5.4.
All users are advised to ensure ransomware protection by getting the patched software version 10.5.5. Kaseya mentions the release of patches for ten other less severe vulnerabilities in the 10.5.5 version in its security alert. As per reports, the cybersecurity consultancies DIVD and CyberOne were the first to identify Kaseya’s backup software flaws.