Dutch Intelligence Uncovers Extensive Chinese Cyber Espionage

Dutch military intelligence has revealed that Chinese state-backed hackers have targeted Western governments, defense companies, and international organizations, with at least 20,000 victims worldwide in a few months. The hacking group, responsible for the 2023 attack on the Dutch defense ministry, has likely claimed many more victims. China's embassy has not responded to requests for comment, and Beijing has a history of denying allegations of cyber espionage. The Dutch intelligence agency has urged organizations to adopt an "Assume Breach" approach, assuming that a successful digital attack has already occurred or will occur soon.

Majority of Software Makers to Miss Biden's Cybersecurity Deadline

A recent survey by Lineaje found that 84% of software companies are not prepared to meet the June 11 deadline set by the Cybersecurity and Infrastructure Security Agency (CISA) to submit Software Development Attestation Forms, required for software security reporting. The forms aim to ensure software producers follow guidelines to secure their networks and share cyber incident information with the federal government. The survey attributed the lack of compliance to budget and staff restrictions, as well as limited awareness of the requirements. The federal government has emphasized the need for a secure software supply chain, citing past incidents like the SolarWinds breach. Despite the deadline, agencies are still working on a rule to require software companies to comply with the executive order.

Vulnerabilities Discovered in End-of-Life Netgear Routers

Security researchers have identified six vulnerabilities in older Netgear WNR614 N300 routers, which reached end-of-life three years ago. These vulnerabilities could allow attackers to bypass authentication, intercept sensitive communications, create weak passwords, and access device PINs and firmware. The flaws, tracked as CVE-2024-36787 through CVE-2024-36795, pose significant security risks. Researchers recommend deactivating vulnerable components, implementing robust password policies, encrypting sensitive data, and replacing the routers immediately.

Cyber Claims and Ransomware Attacks Reach Record Levels

According to Marsh's analysis, cyber claims and ransomware attacks reached record levels in 2023, with 1,800 cyber claims reported in the US and Canada. Ransomware incidents accounted for less than 20% of total cyber claims, but the median ransom demand soared to $20 million, and the median extortion payment increased to $6.5 million. Despite this, 77% of companies refused to pay the ransom, indicating growing resilience. To enhance cyber resilience, organizations should adopt proactive security measures, consider cyber risk across the enterprise, and use insurer-approved vendors to streamline claims management.

Club Penguin Fans Hack Disney Server, Steal 2.5GB of Corporate Data

A group of Club Penguin fans hacked into a Disney Confluence server, intending to access information about the defunct online game, but instead made off with 2.5GB of internal corporate data. The stolen data includes documents on Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and internal infrastructure, some of which dates back to 2022. The breach was reportedly carried out using previously exposed credentials, and the data was shared on Discord and 4Chan message boards. Disney has yet to comment on the incident.

Microsoft Makes Changes to Controversial Screenshot Feature After Privacy Concerns

Microsoft has announced changes to its "Recall" feature, a screenshot tool announced for its new AI-powered PCs, after privacy concerns were raised. The feature, which captures and stores screenshots of desktop activity, will now be opt-in instead of default, and users will need to use Windows' "Hello" authentication process to enable it. The changes come after critics warned that hackers could misuse the tool and its saved screenshots. The UK's data watchdog, the Information Commissioner's Office (ICO), had also expressed concerns about the feature. Microsoft's updates will be implemented before the launch of Copilot+ PCs on June 18.

Critical PHP Vulnerability Exploited in the Wild

A critical vulnerability in PHP (CVE-2024-4577) has been discovered, allowing attackers to execute malicious code on Windows devices. The bug is easily exploitable and has been observed being exploited in the wild, with proof-of-concept code available. The vulnerability affects PHP versions 8.3-5 and is caused by errors in Unicode character conversion. Patching is recommended immediately, especially for servers using PHP in CGI mode. Mitigation measures, such as rewrite rules, are available for unsupported versions. XAMPP for Windows is vulnerable by default, but disabling PHP CGI can temporarily mitigate the issue.

New York Times Investigates Source Code Leak

The New York Times is investigating a leak of its source code, which was posted on 4chan. The leak includes 270 GB of data, reportedly containing 5,000 repositories and 3.6 million files, including code for games like Wordle. The exposed data also allegedly includes user information, authentication URLs, API tokens, and secret keys. The Times confirmed the breach occurred in January 2024 due to a exposed credential on a cloud-based platform, but stated that there is no evidence of unauthorized access to their systems or impact on operations. The incident is under investigation.

NIST Commits to Resuming NVD Work with Additional Funding and Partnerships

The US National Institute of Standards and Technology (NIST) has announced a plan to address the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database (NVD). The plan includes additional funding, a third-party contract, and a partnership with the Cybersecurity and Infrastructure Security Agency (CISA). NIST aims to restore processing rates within the next few months and reduce the backlog by September 30. The agency faces an exponentially growing problem, with over 36,000 vulnerabilities disclosed this year, and has processed only 26% of them so far. The community has expressed concerns about the long-term sustainability of the NVD and the need for a permanent solution.

London Hospitals Hit by Cyber-Attack

A cyber-attack on pathology services provider Synnovis has forced major London hospitals, including King's College Hospital and Guy's and St Thomas', to declare a critical incident, cancelling operations and diverting emergency patients. The attack, believed to have occurred on Monday, has disrupted blood transfusions and test results, and also affected GP services in several boroughs. The NHS has apologised for the inconvenience and is working with the National Cyber Security Centre to understand the impact, while Synnovis has deployed a "taskforce of IT experts" to assess the situation.

TikTok Cyber Attack Targets High-Profile Accounts

TikTok has responded to a cyber attack targeting several prominent accounts, including CNN and Paris Hilton's. The company has collaborated with CNN to restore account access and implement enhanced security measures. While the number of compromised accounts is reportedly "very small", TikTok is working with affected owners to restore access. This incident comes as TikTok's parent company, ByteDance, challenges a US law requiring the sale of TikTok by January or face a ban, citing national security concerns.

Russian Cybercriminals Behind London Hospitals Cyber Attack

A Russian cybercrime group, known as Qilin, has been identified as the perpetrator of the ransomware attack on Synnovis, a pathology services firm that supplies London NHS hospitals. The attack has resulted in a "severe reduction in capacity" and cancelled operations, tests, and blood transfusions. Ciaran Martin, former chief executive of the National Cyber Security Centre, described the incident as "very, very serious". Qilin operates as a ransomware-as-a-service group, hiring out malware to other criminals. The attack is believed to be a targeted operation to secure a ransom, highlighting the growing threat of cybercrime.