Enterprise Ireland and National Cyber Security Centre Launch Cyber Security Review Grant for SMEs

Enterprise Ireland and the National Cyber Security Centre have introduced the Cyber Security Review Grant to help SMEs strengthen their online security against cyber threats. The grant covers 80% of project costs, up to €3,000, and offers businesses expert consultancy to assess and improve their cybersecurity practices.

Funded through the EU’s NextGenerationEU program, the initiative is part of Ireland’s National Recovery and Resilience Plan aimed at promoting digital transformation.

The review will deliver a comprehensive report with actionable steps to enhance security, providing vital support for businesses in today’s increasingly vulnerable cyber landscape.

WiFi Hacked at 19 UK Railway Stations, Displaying Terror-Related Messages

The WiFi systems at 19 major UK railway stations, including London Euston, Manchester Piccadilly, and Edinburgh Waverley, were hacked to display messages about terror attacks.

Network Rail confirmed the cybersecurity breach, stating that the public Wi-Fi service remains down as they, along with British Transport Police, investigate the incident.

The affected stations span across the UK, with other organisations potentially impacted as well. The WiFi service, provided by third-party Telent, has been suspended while the issue is addressed.

Authorities are working to restore the service and ensure security.

Critical Security Vulnerability in Ivanti CSA (CVE-2024-8963) Poses Major Risk for Unpatched Systems

A critical vulnerability, CVE-2024-8963, has been discovered in Ivanti’s Cloud Services Appliance (CSA) version 4.6, with a high CVSS score of 9.4. The flaw allows remote attackers to exploit restricted system functions, potentially leading to unauthorised access, data breaches, and system compromise.

This vulnerability, exacerbated when combined with CVE-2024-8190, was addressed in Patch 519 released on September 10, 2024. However, organisations that have not applied this patch remain at significant risk.

The National Cyber Security Centre urges affected organisations to implement the patch immediately, as the flaw has been added to the CISA Known Exploited Vulnerability catalogue.

WordPress vs. WP Engine: Legal Battle Escalates as Access to Resources is Blocked

The conflict between WordPress.org and hosting provider WP Engine intensified on Wednesday when WordPress.org, led by co-creator Matt Mullenweg, banned WP Engine from accessing critical resources like plugins and themes.

Mullenweg accused WP Engine of profiting off WordPress without adequately contributing to its open-source development. As a result, WP Engine customers are now unable to install or update themes and plugins, raising concerns about security vulnerabilities.

The dispute stems from Mullenweg’s criticism of WP Engine, calling the company a “cancer to WordPress” due to its alleged profiteering.

The battle has escalated with both companies sending cease-and-desist letters over trademark violations and financial disputes, leaving WP Engine users caught in the middle.

Valencia Ransomware Group Launches Global Attacks, Leaking Stolen Data from Multiple Organisations

A new ransomware group, Valencia, has begun leaking data from organisations worldwide on its dark web “Wall of Shame.”

Recent victims include the City of Pleasanton in California, where 283GB of sensitive information was allegedly stolen, as well as Duopharma Biotech in Malaysia, Indian paper manufacturer Satia, and Bangladeshi firm Globe Pharmaceuticals. The group may also be linked to an attack on Spanish fashion company Tendam, already hit by another ransomware group earlier this month.

Valencia’s attacks are speculated to exploit vulnerabilities in the WhatsUp Gold network monitoring software, with proof-of-concept exploit code published in August. The leaked data underscores the ongoing threat of ransomware, as organisations struggle to choose between paying ransoms or risking severe business impacts.

Mobile Phishing Attacks Surge as Cybercriminals Exploit Vulnerabilities in Mobile Devices

Mobile phishing attacks have sharply increased, with 82% of phishing sites now targeting mobile devices.

A key factor behind this rise is the use of HTTPS in 76% of phishing sites, which gives users a false sense of security, making it harder to detect phishing attempts on smaller mobile screens.

The report highlights that malware was encountered on a quarter of protected devices globally, with enterprise spyware threats surging by 80%. Additionally, Google Android devices saw a 58% increase in vulnerabilities, and iOS devices experienced a 10% rise.

The healthcare industry was particularly impacted, facing 39% of mobile attacks.

Experts recommend mobile device management (MDM), multi-factor authentication (MFA), and continuous security training to mitigate risks. Concerns over sideloaded apps also highlight the need for strict mobile security policies to prevent malware from bypassing official app store protections.

MoneyGram Suffers Cyberattack, Causing Days-Long Service Outage

MoneyGram, a global leader in money transfer services, has confirmed a cyberattack that led to a prolonged network outage, disrupting its systems for several days.

First reported on September 22, the company acknowledged the issue and later identified it as a cybersecurity incident. As a precaution, MoneyGram took some systems offline, affecting service availability and leaving customers with pending transactions.

The company is working closely with cybersecurity experts and law enforcement to resolve the situation, while restoring key systems.

Critical “CloudImposer” Vulnerability Exposed Google Cloud Services to Supply Chain Attacks

Researchers have discovered a critical vulnerability, dubbed “CloudImposer,” that exposed multiple Google Cloud services, including App Engine, Cloud Function, and Cloud Composer, to remote code execution (RCE) attacks.

The flaw, linked to a “dependency confusion” exploit in Python packages, could have enabled attackers to execute malicious code across millions of servers using Google Cloud Platform (GCP), potentially leading to widespread supply chain attacks.

Google swiftly patched the vulnerability after its disclosure, highlighting the need for continuous vigilance in cloud security.

Harvey Nichols Notifies Customers of Data Exposure Following Cyberattack

British retailer Harvey Nichols has alerted customers that some of their personal data, including names, phone numbers, and addresses, were exposed in a recent cyberattack.

While sensitive financial information and passwords were not compromised, the company warns customers to be vigilant for phishing attempts that could exploit the exposed data.

Harvey Nichols discovered the breach on September 16, 2024, but has yet to disclose when the attackers gained access. The retailer has since secured its systems with the help of cybersecurity experts and issued an apology, assuring customers that additional security measures are in place to prevent future incidents.

GitLab Patches Critical SAML Authentication Bypass Vulnerability

GitLab has patched a severe vulnerability (CVE-2024-45409) in its SAML authentication system that could allow attackers to bypass authentication and gain unauthorised access to GitLab instances.

The flaw, present in the Ruby SAML library, arose from improper signature verification, enabling adversaries to forge SAML responses.

This vulnerability affected self-managed GitLab instances using SAML authentication and was rated critical with a CVSS score of 10.0.

GitLab has released fixes in versions 17.3.3, 17.2.7, and others, urging users to update. Additionally, mitigations such as enabling two-factor authentication and disabling the SAML two-factor bypass option are recommended for those unable to update immediately.

Temu Denies Data Breach After Hacker Claims to Sell 87 Million User Records

E-commerce platform Temu has denied claims of a data breach after a hacker attempted to sell a database allegedly containing 87 million customer records on BreachForums.

The threat actor, under the alias ‘smokinthashit,’ provided a sample of data, including usernames, shipping addresses, and hashed passwords. However, Temu’s security team conducted a comprehensive investigation and found no matches between the leaked data and its systems, labeling the breach claims as false. Despite this, the hacker maintains they accessed Temu’s internal systems.

Temu asserts that it follows industry-leading data protection practices and is prepared to take legal action against those spreading false information.

Users are advised to take precautionary measures, including updating passwords and enabling two-factor authentication.

Necro Trojan Spreads Through Fake Android Apps on Google Play, Infecting Millions of Devices

Cybersecurity researchers have uncovered a new variant of the Necro Trojan embedded in fake versions of legitimate Android apps, including popular game mods and applications available on Google Play.

First detected in 2019, this malware has resurfaced, now using advanced evasion techniques like obfuscation and steganography to infect over 11 million devices. Hidden in apps such as Wuta Camera and Max Browser, Necro can perform a range of malicious actions, from displaying ads in invisible windows to downloading additional malware.

The trojan is spread through both Google Play and unofficial app stores, utilising a compromised software developer kit (SDK) to integrate its malicious payload. With most infections occurring in Russia, Brazil, and Vietnam, this highly adaptable malware continues to pose a global threat, with over 10,000 Necro attacks blocked in a recent three-week period.

23andMe Settles $30 Million Class-Action Lawsuit Over 2023 Data Breach

Genetic testing company 23andMe has agreed to a $30 million settlement to resolve a class-action lawsuit related to a 2023 data breach that compromised the personal information of 6.9 million users.

The breach exposed sensitive health and ancestry data after hackers accessed user accounts through compromised credentials shared across multiple platforms. Particularly affected were individuals of Ashkenazi Jewish and Chinese heritage, whose data appeared on the dark web.

The company was criticised for failing to promptly notify affected users. As part of the settlement, 23andMe will strengthen its security protocols, including implementing mandatory two-factor authentication and cybersecurity audits.

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇