Cybersecurity News of the Week, November 3, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

I’m so glad we’ve almost got this election behind us. However, even as the election will soon be over, I don’t expect the disinformation campaigns to end. This week brings news of a Russian disinformation campaign in Georgia following last week’s story of a disinformation campaign in Pennsylvania. We can expect to see more fake stories like these from Russia, China, and Iran. Meanwhile, as The Wall Street Journal warns, even if the vote itself is secure, attacks on our election infrastructure will likely get worse. We need to stay suspicious, rule #3 in our guide How Hackable Are You? Don’t trust. Verify. And be aware of our own biases.

We’re in this together.

• Russia behind latest election disinformation video, US intel agencies say: Russian actors “manufactured” a bogus viral video that showed Haitians illegally voted several times in the state of Georgia, U.S. officials said on Friday. … That conclusion is “based on information available” to the U.S. intelligence community and “prior activities of other Russian influence actors, including videos and other disinformation activities,” the Office of the Director of National Intelligence, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), said in a joint statement. … The agencies noted that the state’s secretary of state, a Republican, had “already refuted” the clip’s claims. … The joint statement marks the second time in a week that the agencies have banded together to denounce Russian efforts to influence or undermine next week’s presidential election. They previously said Moscow was responsible for fabricating a video of a person tearing up ballots in the swing state of Pennsylvania.

• The Presidential Election Could Be a ‘Super Bowl’ for Hackers: Cybercriminals, some colluding with nation states, attempt to hack election networks and websites for notoriety and fortune. But they can’t touch voting machines or paper ballots. … Cybercriminals see the presidential election as a prime opportunity to gain infamy and reap profits by deploying ransomware, taking down websites and exploiting software vulnerabilities, security experts said. … Those tactics have already been attempted in this election cycle, and will probably continue after Election Day on Nov. 5, authorities and cyber researchers said.

From SecureTheVillage

• Upcoming Events

  • Collecting Health Info? – Your Risk is Increasing, Barry Weber (STV Advisory Board Member), Nov 7, 11:00 AM PT.

  • 9th Annual Official Los Angeles Cybersecurity Summit, Fairmont Century Plaza, November 21. Registration Code for Free Pass: CSS24-STV

  • A Reasonable Approach to Reasonable Security. January 30, 2025.  SecureTheVillage’s 5th Annual Reasonable Security Summit. Mark your calendars for this all-day hybrid event!!!

• Smaller business. Nonprofit: Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure ™.  Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.

• IT Service Provider / MSP: Grow revenues. Take your client’s security to the next level. If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure ™. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the assurance that you’re providing your clients with the reasonable IT security management they need. … The LA Cybersecure ™ Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.

• SecureTheVillage FREE Newsletters. Sign up or share with a friend!

  • Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.

  • Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.

• How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.

• Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village.TM. 

Cybersecurity Nonprofit of the Week … Cyber Readiness Institute

Our kudos this week to the Cyber Readiness Institute (CRI) and the great work they do helping our medium-size and smaller organizations manage their information security challenges. CRI’s Cyber Readiness Program helps organizations protect their data, employees, vendors, and customers. This free, online program is designed to help small and medium-sized enterprises become more secure against today’s most common cyber vulnerabilities. Their free Cyber Leader Certification Program is a personal professional credential for those who have completed the Cyber Readiness Program. Both are highly recommended. The Cyber Readiness Institute plays a major role in LA Cybersecure. Like SecureTheVillage, the Cyber Readiness Institute is a fellow-member of Nonprofit Cyber. Dr. Stahl is a proud member of CRI’s Small Business Advisory Council.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Ransomware. Pig Butchering. Trojan Horses. Be suspicious. Talk to your parents. Talk to your kids.

• They’re Giving Scammers All Their Money. The Kids Can’t Stop Them: One son couldn’t prevent his father from giving about $1 million in savings to con artists, including one posing as a female wrestling star. The two became estranged. … “There was nothing we could do to convince him,” Chris Mancinelli said of his father, who lost nearly $1 million in savings to a cast of online fraudsters. … When Chris Mancinelli walked into his father’s home for the first time after the 79-year-old man died last summer, he stopped to look at family photos displayed on the refrigerator door. Near a crayon drawing spelling out “grandpa” in rainbow colors were photos of his father’s three granddaughters at a swimming pool. … But one image jumped out: a photo of Alexa Bliss, a professional wrestling personality. … Mr. Mancinelli’s father, Alfred, was completely smitten with the star — or at least with the con artist impersonating her. He was convinced he was in a romantic relationship with Ms. Bliss, leading him to give up about $1 million in retirement savings (and his granddaughter’s college fund) to the impostor and a varied cast of online fraudsters he interacted with over several years. … When Mr. Mancinelli tried to intervene, moving his father’s last $100,000 to a safe account, Alfred sued him — his loyalty was to “Lexi.”

• The Alarming ‘Pig Butchering’ Cyber Scam Costing Victims Billions—Are You At Risk?: Today is Halloween, a time for ghouls, goblins and harmless pranks. But in the digital landscape, there’s a new trick with devastating consequences. A rapidly growing scam known as “pig butchering” has been targeting consumers, luring them into fake investment schemes through trusted online relationships. … These scams have become increasingly widespread, with recent reports indicating that billions of dollars are siphoned away from consumers worldwide. This issue is not only financially devastating for individuals but poses a significant risk to digital security at large. With scammers employing advanced social engineering tactics, ‘pig butchering’ has become a pressing concern. … By taking the time to build friendships or even romantic connections, scammers gain their victims’ confidence and eventually their money. As this scam continues to grow, it’s crucial to know how it works and what to watch out for before it’s too late.

• This nasty Android trojan is hijacking calls to your bank and sending them to hackers — how to stay safe: Imagine making a call to your bank after discovering fraudulent activity on one of your accounts, only for the person on the other end of the phone to be a hacker. Well, that is exactly what’s happening to victims of this updated Android banking trojan.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

The attack by China on AT&T, Verizon and other major telecom companies on our law enforcement wiretapping and surveillance system is back in the news this week. Senate Intelligence Committee Chairman Mark R. Warner (D-Virginia) calls it “one of the most serious breaches in my time on the Intelligence Committee.” Stay tuned as this story continues to unfold.

• Americans, your calls and texts can be monitored by Chinese spies: The U.S. government and the telecom companies need to share more information. … Last week, the Chinese hacking and spying operation known as “Salt Typhoon” was revealed to have targeted former president Donald Trump and his running mate, Sen. JD Vance of Ohio, as well as staffers for Vice President Kamala Harris’s campaign and for Congress. The Post has reported that the hackers were able to collect audio and text messages from their targets in a wide-ranging espionage operation, which likely began several months ago. … The Chinese hackers, who the United States believes are linked to Beijing’s Ministry of State Security, have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies — and the U.S. government believes they likely continue to have access to the system. … The officials I spoke with, most of whom were not allowed to speak on the record because the hack is being investigated by an interagency team, described a scramble inside the U.S. government to respond to the breach. Several officials told me that targets identified by the intelligence community also include senior U.S. government officials and top business leaders. … “It is much more serious and much worse than even what you all presume at this point,” Senate Intelligence Committee Chairman Mark R. Warner (D-Virginia) said. “It is one of the most serious breaches in my time on the Intelligence Committee.”

Kudos to the international coalition of law enforcement agencies — Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia — for bringing down a major malware platform.

• Malware targeting millions of people taken down by international coalition: A global operation has led to the takedown of servers of infostealers, a type of malware used to steal personal data and conduct cybercrimes worldwide. The infostealers, RedLine and META, taken down today targeted millions of victims worldwide, making it one of the largest malware platforms globally. An international coalition of authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium. … RedLine and Meta were able to steal personal data from infected devices. The data included saved usernames and passwords, and automatically saved form data, such as addresses, email addresses, phone numbers, cryptocurrency wallets, and cookies. After retrieving the personal data, the infostealers sold the information to other criminals through criminal market places. The criminals who purchased the personal data used it to steal money, cryptocurrency and to carry out follow-on hacking activities.

Several stories this week on cyber-attacks.

• Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations: Microsoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group. … Microsoft has issued a warning over a recent large-scale spear-phishing campaign that has been attributed to the notorious Russian state-sponsored threat actor tracked by the company as Midnight Blizzard. … According to the tech giant, the campaign has targeted thousands of users at more than 100 organizations in the government, defense, academia, NGO and other sectors, likely with the goal of collecting intelligence.  

• Over a thousand online shops hacked to show fake product listings: A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. … Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping anything. … According to HUMAN’s Satori Threat Intelligence team that discovered Phish n’ Ships, the campaign has impacted hundreds of thousands of consumers, causing estimated losses of tens of millions of dollars.

• North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack: Threat actors linked to North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. … The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces. … “This incident is significant because it marks the first recorded collaboration between the Jumpy Pisces North Korean state-sponsored group and a n underground ransomware network.”

• Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns: Chinese government-backed hackers have compromised at least 20 Canadian government networks over the last four years, Canada’s top cyber agency said Wednesday. … Calling the threat from China in cyberspace “second to none,” the Canadian Centre for Cyber Security (CCCS) said Beijing’s operations “serve high-level political and commercial objectives, including espionage, IP theft, malign influence, and transnational repression.” … Summarized in its National Cyber Threat Assessment 2025-2026, a biennial report intended to warn the public of threats and to guide cybersecurity strategy, the CCCS said Canadian critical infrastructure, industry — including the research and development sector — and government agencies have all been targeted by Chinese actors.

This week in cybercrime.

• California court suffering from tech outages after cyberattack: The San Joaquin County Superior Court said nearly all of its digital services have been knocked offline due to a cyberattack that began earlier this week. … The court first warned the county’s nearly 800,000 residents of technology issues on Wednesday before admitting that it was a cybersecurity incident on Thursday. … The attack knocked out all of the court’s phone and fax services, websites containing juror reporting instructions, the e-filing platform, credit card payment processing and more. Some jurors scheduled for this week were excused. 

• Los Angeles housing agency confirms another cyberattack after 2023 ransomware incident: The Housing Authority of the City of Los Angeles (HACLA) said it is dealing with a cyberattack following claims of data theft made by a ransomware gang. … In a statement to Recorded Future News, a spokesperson for HACLA confirmed that it has “been affected by an attack” on its IT network. … The statement came after the Cactus ransomware gang recently claimed it stole 861 GB of data that included personal information, backups, financial documents and more. 

• Free, France’s second largest ISP, confirms data breach after leak: Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. … The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe’s sixth-largest mobile operator by number of subscribers.

Section 4: Securing the Organization.

Two good stories on the challenges the CISO faces in meeting their organization’s need for reasonable security practices. They must look up, leading from the top as they take their seat at the executive table. They must look out at the threat landscape, particularly as it is being changed by AI. And they must look down, managing their own defenses, including their readiness to manage inevitable disruptions.

• CISO Top 10 Priorities for Q3 2024: Navigating Cybersecurity’s Evolving Challenges: As the cybersecurity landscape grows more complex and interconnected, the role of the Chief Information Security Officer (CISO) continues to expand, evolving from a primarily technical position into one that demands a strategic approach to risk, compliance, and technology. The CISO Top 10 reports for Q3 2024 provide critical insights into the key areas where today’s CISOs are focusing their efforts, both from a management and technology perspective.

• The 10 biggest issues CISOs and cyber teams face today: From escalating cyber threats to questions about resources and security’s role in the enterprise, cyber leaders are reshaping their agendas to address several key long-standing and emerging concerns. … To outsiders, the CISO role may seem straightforward: Secure the tech stack. … But CISOs know that their job, which in its earliest days may have been narrow in scope, now comprises a huge array of responsibilities. … Although CISOs say each of those duties are critical, they cite a group of issues that are top of mind for them. Here are 10 that now dominate the CISO agenda.

Keeping your computer programs patched and updated is one of the Top-5 things you can do to protect your security and privacy. This is because cyber criminals will take control of your computer by running programs that “exploit” security vulnerabilities in the programs you use. When software companies find a vulnerability, they usually issue an update to patch and fix it. It then becomes your responsibility to update the program that’s been patched. While there are tools that support this, such as Norton 360 on Windows and Ninite, it’s important that you make certain you are running the latest versions. This is your responsibility.

Important Security Updates

UPDATE Button on Computer Keyboard

The following lists current versions of common software programs. Items in Bold have been updated in the past week. If you use these programs, you should ensure they are updated. Updates are usually available from within the program. If not, updates can be downloaded from the company’s website.

7-Zip 24.08.

Adobe Acrobat Reader  updated to 2024.004.20220

AVG 24.10.3353.

Apple iOS updated to 18.1

Apple iPadOS updated to 18.1

Apple macOS Sequoia updated to 15.1

Apple macOS Sonoma updated to 14.7.1

Apple macOS Ventura updated to 13.7.1

Apple watchOS  updated to 11.1

Apple tvOS updated to 18.1

Apple visionOS  updated to 2.1

Apple Safari 18.0.1

CCleaner 6.29.11342.

Chrome updated to 130.0.6723.92.

Discord 1.0.9168.

Dropbox updated to 211.4.6008.

Edge updated to 130.0.2849.68.

ExpressVPN 12.90.0

Firefox updated to 132.0.

Foxit Reader 2024.3.0.26795.

Google Drive for Desktop updated to 99.0.0.0.

iTunes 12.13.4.4.

KeePass 2.57.1.

Malwarebytes 5.2.0.140.

Microsoft 365 & Office

Microsoft Windows

Notepad++  8.7.

Opera Chromium updated to 114.0.5282.144.

Skype 8.131.0.202.

Spotify 1.2.49.439.

TeamViewer 15 updated to 15.59.3.

Thunderbird 115.15.0.

Zoom updated to 6.2.6.49050.

********************

If you are responsible for the security of your computer, our Weekend Patch Report is for you. We strongly urge you to take action to keep your system(s) patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of information security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Chrome & Firefox, Office, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

SecureTheVillage publishes our Weekend Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates.

Copyright © 2024 SecureTheVillage. All rights reserved.