Canary Trap’s Bi-Weekly Cyber Roundup – Canary Trap
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news.
In this week’s round-up, we cover several critical cybersecurity developments impacting various industries. We’ll explore a major vulnerability in the WordPress Plugin Jetpack, a serious breach at Central Tickets affecting 1 Million Users, and Microsoft Deprecating two VPN Protocols in Windows Server. Additionally, Microsoft’s latest Threat Intelligence report points out a new favorite target for cybercriminals, and Cisco investigates breach after stolen data is up for sale online.
-
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
Automattic has released patches for 101 versions of the widely-used WordPress security plugin, Jetpack, to address a critical vulnerability that has been present since 2016. The flaw, discovered during an internal security audit, affects all Jetpack versions from 3.9.9 onward and was traced back to a specific issue with the Contact Form feature.
The vulnerability, which has yet to receive a CVE identifier, potentially allows any logged-in user to access forms submitted by site visitors. To mitigate the risk, Automattic has issued updates for all affected Jetpack versions, ranging from 3.9 to 13.9, ensuring that every iteration is covered.
Given the scope of the issue, Automattic took the proactive step of automatically updating sites running the vulnerable versions. Website administrators are urged to verify their Jetpack version and apply the latest update if it hasn’t already been installed.
While there is no current evidence of exploitation, the widespread use of Jetpack—installed on over four million websites—makes it a significant target for threat actors. Automattic cautions that attackers may now attempt to exploit the flaw, emphasizing the importance of swift patch deployment.
-
Central Tickets Confirms Data Breach as Hacker Leaks Data of 1 Million Users
In July 2024, Central Tickets, a London-based discount theater ticketing platform, suffered a significant data breach that exposed sensitive user information, including names, emails, phone numbers, and hashed passwords. The breach was detected not by the company itself but by the Metropolitan Police in September 2024, when they noticed activity related to the stolen data on the dark web.
The breach involved a staging database used for testing purposes, separate from the company’s main website and application infrastructure. Although this database was isolated, it still contained personal information that was accessed by unauthorized actors. Upon discovery, Central Tickets took immediate steps to secure the database, enforced a forced password reset for all users, and launched a comprehensive investigation into the incident. They also notified the Information Commissioner’s Office (ICO) within the 72-hour requirement under GDPR regulations. CEO Lee McIntosh issued a formal apology to affected users, emphasizing the company’s commitment to enhancing its cybersecurity measures to prevent future breaches.
The hacker behind the breach, known by the alias “0xy0um0m,” reportedly accessed Central Tickets’ systems on July 2, 2024. The hacker attempted to sell access to the compromised database and other sensitive infrastructure for $3,000 and later leaked data affecting over 1 million users on Breach Forums. The leaked information included full names, IP addresses, admin logs, referral codes, email addresses, phone numbers, password hashes, and details about events attended by customers.
Central Tickets was criticized for only becoming aware of the breach through law enforcement rather than their own monitoring efforts. This delay increased the risk of fraud and phishing attacks for affected users.
Central Tickets has urged users to be vigilant against phishing attempts and to monitor their accounts closely for any suspicious activity. The breach highlights the critical importance of regular password updates, enabling multi-factor authentication, and exercising caution with unsolicited communications.
This incident is part of a broader trend of increasing cyberattacks on online ticketing platforms. The Central Tickets breach, though not as extensive as the May 2024 Ticketmaster hack that affected up to 560 million users, underscores the vulnerabilities within the ticketing industry. As these platforms handle sensitive personal and financial information, they remain high-value targets for cybercriminals, emphasizing the need for enhanced cybersecurity measures across the sector.
-
Microsoft Deprecates PPTP and L2TP VPN Protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in upcoming versions of Windows Server, urging administrators to transition to more secure alternatives. For over two decades, these protocols have been widely used to provide remote access to corporate networks and Windows servers. However, evolving cybersecurity threats and increased sophistication in attack techniques have rendered PPTP and L2TP less secure.
PPTP, for instance, is susceptible to offline brute force attacks on captured authentication hashes. L2TP itself lacks encryption unless combined with IPsec, but improper L2TP/IPsec configurations can introduce vulnerabilities that attackers might exploit. Given these limitations, Microsoft is now advocating for the adoption of more robust protocols, specifically Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2), which offer enhanced security and performance.
Microsoft clarified that deprecation does not imply immediate removal. While PPTP and L2TP will no longer be in active development and might eventually be phased out, administrators will have ample time—potentially several years—to migrate to the recommended protocols. Future versions of Windows RRAS Server will not accept incoming connections using PPTP and L2TP, although outgoing connections using these protocols will still be supported.
To support this transition, Microsoft released a detailed support bulletin in June, guiding administrators on configuring SSTP and IKEv2 for optimal security and performance. This move aligns with Microsoft’s broader strategy to modernize network security and reduce the risk of vulnerabilities in increasingly complex digital landscapes.
-
Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly
Microsoft’s latest Threat Intelligence report highlights a growing trend: cybercriminals are increasingly targeting educational institutions, from K-12 schools to universities. The report identifies the sector as an “industry of industries” due to the vast amount of sensitive data it holds, including financial records, health information, and other private data that make it a prime target for cyberattacks.
The combination of valuable data and inherent vulnerabilities in educational institutions has attracted a wide range of attackers, from cybercriminals using sophisticated malware techniques to nation-state actors engaged in espionage. Microsoft’s analysis reveals that these institutions face unique challenges, such as limited security staffing, complex IT environments, remote learning setups, reliance on open email systems, and insufficient funding for cybersecurity. Compounding these issues is the presence of users as young as six years old, who may lack awareness of safe cybersecurity practices, increasing the risk of network compromises.
According to Microsoft’s findings, educational institutions experience an average of 2,507 attempted cyberattacks per week. Universities, in particular, are at higher risk due to their open culture of information sharing and collaboration. Among the most active threat actors targeting the education sector are nation-state groups like Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, and Moonstone Sleet, along with the emerging threat Storm-1877.
To mitigate these risks, Microsoft recommends that educational institutions adopt a robust security framework that includes maintaining core cyber hygiene, enhancing cyber awareness across all levels of the organization, and strengthening overall security posture. Key strategies include centralizing the technology stack, implementing better monitoring to identify vulnerabilities, and scaling cybersecurity efforts to meet the growing threat landscape.
-
Cisco Investigates Breach After Stolen Data for Sale on Hacking Forum
Cisco is currently investigating claims of a security breach following reports that a threat actor has started selling stolen data on a hacking forum. The allegations, brought forth by a known cybercriminal named “IntelBroker,” suggest that Cisco’s developer data and sensitive company information may have been compromised.
A Cisco spokesperson confirmed the company’s awareness of the situation, stating, “We have launched an investigation to assess this claim, and our investigation is ongoing.” The investigation was initiated in response to IntelBroker’s claims that he, along with two other individuals known as “EnergyWeaponUser” and “zjj,” breached Cisco on October 6, 2024.
The data allegedly stolen includes a variety of sensitive information, such as GitHub and GitLab projects, source code, hardcoded credentials, API tokens, SSL certificates, Docker builds, customer documentation, and confidential Cisco documents, among other items. IntelBroker posted samples of this data on a hacking forum to validate the breach.
IntelBroker’s history includes similar incidents in June when he leaked data from high-profile companies like T-Mobile, AMD, and Apple, allegedly sourced from a third-party managed services provider specializing in DevOps and software development. It remains unclear if the Cisco breach is linked to those earlier attacks. Cisco’s investigation continues, and the company has not yet confirmed whether the breach is related to vulnerabilities in their systems or those of a third-party vendor.
References:
Share post:
Source link
lol
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s round-up, we cover several critical cybersecurity developments…