Ireland Unveils National Cyber Emergency Plan to Strengthen Response to Cyber Threats

This week, Ireland published its National Cyber Emergency Plan (NCEP), developed through extensive public and private sector engagement and lessons from recent cyber exercises and the 2021 HSE ransomware attack.

The NCEP details the process for declaring and managing a National Cyber Emergency, outlining clear roles and responsibilities.

It incorporates flexible response strategies for diverse cyber incidents through three cooperation modes:

• Permanent Mode for regular operations and preparedness
• Warning Mode for heightened risk scenarios
• Full Activation Mode for national emergencies requiring coordinated multi-agency responses

NCSC Director Richard Browne emphasised the plan’s role in aligning with Irish and European legislation to manage complex cyber emergencies. Targeting government officials and essential service providers, the NCEP integrates with the Strategic Emergency Management Framework to ensure comprehensive national preparedness and response, enhancing public protection and welfare.

Olympic venue among 40 museums hit by ransomware attack

The Grand Palais, currently an Olympic venue for fencing and martial arts in Paris, along with approximately 40 other museums in France, fell victim to a ransomware attack, according to police sources.

The cybercriminals targeted the system that centralises financial data for various institutions, demanding a ransom and threatening to release the data. France’s national cybersecurity agency, ANSSI, confirmed the incident but clarified that the systems involved were not connected to the Olympic Games. While the Grand Palais acknowledged the attack without providing further details, the Louvre denied being affected.

A criminal investigation has been launched into the data system attacks and extortion by an organised gang. Ransomware attacks typically involve hacking into computer systems and demanding money in exchange for unblocking them.

ICO Proposes £6 Million Fine for Software Firm After Ransomware Attack Disrupts NHS Services

The UK’s Information Commissioner’s Office (ICO) has provisionally decided to fine Advanced Computer Software Group over £6 million following a 2022 ransomware attack that disrupted NHS and social care services.

Hackers accessed the firm’s health and care systems in August 2022 through a customer account lacking multi-factor authentication, compromising the personal information of 82,946 individuals, including phone numbers, medical records, and home care entry details.

This breach led to significant disruption of critical services like NHS 111, further straining the healthcare sector.

Critical Vulnerabilities found in Apple Device Operating Systems

Apple has recently patched critical vulnerabilities in its mobile and smart device operating systems, specifically CVE-2024-27826 and CVE-2024-40788, which pose significant security risks.

CVE-2024-27826 is a kernel flaw that allows attackers to execute arbitrary code with kernel privileges, while CVE-2024-40788 enables local attackers to cause unexpected system shutdowns. These vulnerabilities affect various versions of iOS, iPadOS, watchOS, visionOS, tvOS, and macOS.

Users are strongly advised to update their devices to the latest versions to mitigate these threats and maintain the security and integrity of their devices. Regular updates are essential as they often include patches for newly discovered vulnerabilities, ensuring comprehensive protection against potential exploits.

Google Patches Actively Exploited High-Severity Android Kernel Vulnerability

Google has addressed a high-severity remote code execution vulnerability in the Android kernel, tracked as CVE-2024-36971, which has been actively exploited in the wild.

Disclosed in the August 2024 Android security bulletin, this flaw is believed to be under limited, targeted exploitation, potentially by commercial spyware vendors, though specific details and threat actor attributions remain undisclosed. Reported by Clement Lecigne of Google’s Threat Analysis Group (TAG), it is currently unknown if Pixel devices are affected.

The August patch addresses 47 flaws, including issues in components from Arm, Imagination Technologies, MediaTek, and Qualcomm, as well as resolving 12 privilege escalation flaws, one information disclosure bug, and one denial-of-service (DoS) flaw in the Android Framework.

Critical Vulnerability in Apache OFBiz

A zero-day pre-authentication remote code execution vulnerability, identified as CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) system. This critical flaw could allow threat actors to execute remote code on affected instances, posing significant risks to businesses relying on this software.

The vulnerability stems from a flaw in the authentication mechanism of Apache OFBiz. This flaw enables unauthenticated users to access functionalities that typically require a login, paving the way for remote code execution.

The exploit is particularly dangerous as it allows threat actors to bypass authentication protections by chaining the ProgramExport endpoint with other endpoints that do not require authentication, leveraging the override view functionality. This method grants attackers unauthorised access to critical endpoints via specially crafted requests.

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.