CyberNews Central 🛡️

The Dutch Data Protection Authority announced on Monday that it has imposed a fine of €290 million ($320 million) on Uber over its alleged failure to protect drivers’ personal information in EU-US data transfers. The ride-hailing giant strongly refutes the decision and it plans on filing an appeal. The appeal process can take up to four years and during this time the fine will be suspended. “This flawed decision and extraordinary fine are completely unjustified,” an Uber spokesperson told SecurityWeek. “Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and US. We will appeal and remain confident that common sense will prevail.” According to the Data Protection Authority (DPA) in the Netherlands, Uber failed to appropriately protect European drivers’ data when transferring it to the United States, which it described as a “serious violation” of the EU’s General Data Protection Regulation (GDPR). https://lnkd.in/dCY7bZiY

Today’s remote workforce has become the standard. But the security challenges created by remote work continue to be a key point of exploitation by bad actors. In fact, 80% to 90% of all successful ransomware compromises originate through unmanaged devices.1 Because endpoints are a broadly targeted vector and remote work necessitates so many varied endpoints, organizations need to ensure their endpoint security is part of a comprehensive and robust detection and response strategy, to disrupt ransomware and minimize risk. We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024). https://lnkd.in/ezqKXY9M

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires on charges of money laundering related to cryptocurrency proceeds belonging to the North Korean Lazarus hackers. The San Isidro Specialized Fiscal Unit in Cybercrime Investigations (UFEIC) collaborated with blockchain analysis firm TRM Labs to identify and locate the individual despite him using a complex transactions network that span across multiple blockchains to obfuscate the source of the assets. The man accepted large amounts of stolen cryptocurrency from multiple actors including the Lazarus group, distributors of child abuse content, financiers of terrorism. The suspect laundered the funds through crypto exchanges and tumblers, and then converted the assets into fiat money. https://lnkd.in/dMEMzCZ8

During a contract audit, OIG discovered weaknesses in the physical security of these items at an FBI-controlled facility where the media was being destroyed, such as the fact that these devices were stored for a long time on pallets but were not properly guarded. These devices, including internal hard drives and thumb drives, contained sensitive but unclassified law enforcement information and classified national security information (NSI), the OIG report (PDF) shows. Despite that, the FBI could not always account for these devices. Internal hard drives, even those removed from Top Secret computers, were not properly tracked and the agency could not confirm that they were properly destroyed. “We believe that the FBI’s practice of not accounting for extracted internal hard drives, thumb drives, and other media devices is not consistent with FBI or DOJ policies to ensure accountability of media containing sensitive or classified information,” the OIG points out. https://lnkd.in/egGcuyzm

Cisco Talos has uncovered a new remote access trojan (RAT) family, which is XenoRAT-based malware that is under active development by a North Korean nexus cluster named “UAT-5394.” While the new malware is dubbed “MoonPeak,” and the analysis reveals links to the UAT-5394 infrastructure and new tactics, techniques, and procedures (TTPs) of the threat actor. https://lnkd.in/dK5tWqWx 

Tracked as CVE-2024-20375, the high-severity issue (CVSS score of 8.6) impacts the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and can be exploited remotely, without authentication. Improper parsing of SIP messages could allow an attacker to send crafted packets to the affected products and cause the device to reload, leading to a denial-of-service (DoS) condition. https://lnkd.in/dnVvq3SM

A production partner of Netflix has suffered a serious security breach which has resulted in yet-to-be-released episodes of popular shows to be leaked online. As Variety reports, the security breach occurred at media localisation company Iyuno which confirmed on August 9 that it had suffered a "security issue, involving unauthorized access to confidential content." Iyuno said it was "actively investigating" the security breach and would attempt to "identify the responsible parties" in the wake of numerous clips, footage, and even complete episodes of unreleased Netflix shows were leaked online by hackers. https://lnkd.in/dfb2u8G3

Litespeed Cache is a free caching plugin designed to improve the performance of WordPress websites. The plugin currently has more than 5 million active installations. Researcher John Blackbourn discovered that the plugin is affected by a critical privilege escalation vulnerability that can be exploited by an unauthenticated attacker to obtain administrator privileges on the targeted WordPress website. The security hole, tracked as CVE-2024-28000, was responsibly disclosed through the bug bounty program of WordPress security firm Patchstack, and earned the researcher $14,400. The plugin’s developers were notified on August 5 and issued a patch on August 13, with the release of version 6.4. https://lnkd.in/g7g-9r3j

A 39-year-old man has been sentenced to 81 months in jail after hacking governments systems to fake his own death to dodge paying child support. Yes, you read that right. The press release by the US Attorney’s Office, Eastern District of Kentucky, paints a detailed picture of what went down. In January of 2023, Jesse Kipf used several stolen identities to create a case for his own death, one of which was a doctor living in another state. He used the stolen username and password of this doctor to log in to the Hawaii Death Registry System and certify his own death, using the digital signature of the doctor. https://lnkd.in/dEP7Y688

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue. https://lnkd.in/gfvxhWnf