Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day – Cybersecurity News [November 18, 2024]

by DuoCircle

 

The wait is over! We’re here with this week’s round-up of the most pressing cybersecurity events and developments worldwide. The latest reports shed light on a significant data breach at a fintech giant, Finastra, efforts by the USDA to thwart phishing attacks with advanced authentication measures, a zero-day vulnerability impacting PAN-OS devices, VMware vCenter Server flaws being exploited post-patch, and a critical WordPress plugin vulnerability that puts millions of websites at risk. 

Fintech Giant Finastra Investigating Massive Data Breach

Reports from authentic news sources suggest the revelation of over 400 GB of sensitive information being exfiltrated allegedly by a threat actor who began auctioning this data on the hidden realms of the Internet, the Dark Web. This data breach is related to the incident at Global Fintech. Leader Finastra is still trying to cope with the massive data breach affecting its file transfer platform. As the internal investigation suggests, the breach impacts Finastra’s services, which cater to 45 of the world’s top 50 banks around the globe.

 

data breach

 

The company openly disclosed that the breach originated from compromised credentials. There were no signs of malware being deployed, ensuring optimal malware protection, and no customer files were tampered with. Presently, as a countermeasure, Finastra has migrated to an alternative secure file-sharing platform.

The detailed, thorough investigation reveals a complex timeline in relation to the cyberattack, to which the intruder has likely gained access as early as October. By November 8. the attacker (known by the pseudo name “abyss0” had disappeared from the cybercrime forums, leaving many questions unanswered. On the other side, Finastra is sharing Indicators of Compromise (IoCs) with affected clients (showcasing its commitment to transparency) and working diligently to cover the breach’s full scope.

 

USDA Eradicates Credential Phishing with FIDO Authentication

We might have, at some point in time, come across the cyberattack term called Credential phishing as it remains a dominant cyber threat in the market. In relation to this term, the attackers employ various social engineering tools, techniques, and tactics to somehow allegedly bypass the traditional MFA (Multi-factor authentication) methods to compromise systems and steal valuable data and information that can further be used to gain monetary benefits.

 

phishing

 

Successfully addressing this severe, persistent issue, the USDA has deployed FIDO (Fast Identity Online) authentication for nearly 40k employees, particularly benefiting those in environments unsuitable for standard PIV cards. Unlike the traditional heavy MFA (Multi-factor authentication) measure, FISO leverages cryptographic keys closely tied to end-point devices, which helps render stolen credentials that are useless to attackers.

This case study, which has been officially released by CISA, serves as a beacon for enterprises aiming to mitigate modern threats. The USDA emphasized continuous piloting of innovative solutions to always remain one step ahead of malicious actors. Also, in parallel, the organizations are encouraged to adopt FIDO authentication, which would help prevent account compromise even in the event that credentials are accidentally or intentionally disclosed. This proactive approach by the USDA demonstrated how robust identity systems can boost cybersecurity resilience in government and enterprise sectors alike.

 

Reconfigure PAN-OS to Mitigate Exploited Zero-Day RCE Flaw

A big celebrated name in the security market, Palo Alto Networks recently disclosed a critical zero-day remote code execution (RCE) vulnerability in its PAN-OS software. This vulnerability has been tracked under the identification number CVE-2024-0012 with a CVSS score of 9.3, which suggests the high-severity nature of the identified vulnerability.

 

security software

 

This security flaw enables ill-intent attackers to gain administrator privileges via successfully compromising and exploiting the web management interface. As a remediating effort, Palo Alto has issued a set of guidelines to mitigate potential risks in the future. One such effort suggests ensuring management interfaces are inaccessible from the Internet to eradicate occurrences such as compromises, providing relief to an extent.

The attackers exploited this flaw way before its detection within the organization. It is raising serious concerns among the subject-matter experts regarding the alleged exploitation timeline involved in the incident. The IoCs (Indicator of compromises) have been able to successfully procure the IP addresses and checksum linked to a web shell used in attacks. This critical incident underscores the importance of implementing best practices, such as network segmentation and restricted access to individuals, to be attack-proof against zero-day attacks.

 

VMware vCenter Server Flaws Now Exploited Allowing for Privileged Access

Broadcom has made esteemed headlines in relating to the release of an advisory that reveals the active exploitation of two VMware vCenter Server vulnerabilities, which are as follows:

 

malicious threat actor

 

At first, when the security bugs were identified, quick remediation patches were introduced into the systems, but the development failed to fully address these issues, which required a second range of security patches in October. The activities indicating compromised systems or information or any relevant suspicious exploitation were not reported back then. Still, recent developments confirm that unpatched systems are now on malicious threat actors‘ radar and can be exploited if existential risks are mitigated properly.

These vulnerabilities are a major concern for enterprises that are heavily dependent or reliant on VMware systems for their critical day-to-day business operations. This flaw allows attackers to positively execute arbitrary code and elevate privileges in a vertical and/or horizontal fashion. Broadcom advises immediately patching the vulnerabilities in order to safeguard systems from much more devastating effects, positively securing the vCenter management interfaces. This articulated news piece suggests the importance of timely updates or patches to the critical labeled applications and systems to minimize their exposure. 

 

 two-factor authentication (

 

Vulnerability Found in WordPress Plugin Leading to Unauthenticated Access

Recently, WordPress has identified a critical vulnerability labeled as an authentication bypass vulnerability in a plugin. This “Really Simple Plugin” plugin affects all ranges of versions, including 9.0.0 to 9.1.1. This critical security flaw has been tracked under the CVE identification of CVE-2024-10924. It is associated with the improper handling of the plugin’s two-factor authentication (2FA) REST API crucial systems, which the malicious threat actors can easily exploit to get a dominant hand over the sensitive systems. By exploiting this vulnerability, the attackers can gain privileged admin-level access to websites, even when 2FA is enabled.

A leading WordPress security provider, Wordfence, has flagged this as one of the most severe vulnerabilities in its entire history. WordPress has officially issued a patch to remediate the consequences of the flaw. Even then, the users must consider or are urged to upgrade to version 9.1.2 or later to safeguard valuable information on systems

Pin It on Pinterest

Share This