Cybersecurity Current Events - Jan. 27th, 2025

In this week's Cybersecurity Current Events, we examine critical developments ranging from car hacking and healthcare security to high-profile vulnerabilities in Microsoft Windows and Apache Solr. With more topics this week than usual, and a news cycle constantly filled with new breaches and tech announcements, staying informed and proactive in addressing cybersecurity challenges remains a priority for any IT professional, tech-savvy enthusiast, or concerned citizen. Let’s dive into the key events shaping the week.

1. Cybersecurity Threats to Modern Cars

Summary: Hackers are increasingly targeting modern vehicles, exploiting vulnerabilities in their connected systems, posing severe safety risks. With the automotive industry’s rapid shift toward connected and autonomous vehicles, cybersecurity has become a pressing concern. Security researchers have uncovered a significant vulnerability in Subaru's Starlink service, which could have allowed attackers to seize control of vehicles and access sensitive customer data.By leveraging basic information such as a license plate and the owner’s last name or email address, hackers could exploit the system in multiple ways. This includes remotely starting or stopping the car, locking and unlocking doors, and tracking the vehicle’s real-time location. Furthermore, they could retrieve personally identifiable information (PII), such as emergency contacts, billing details, and the vehicle’s PIN. Most alarmingly, attackers could access over a year’s worth of highly accurate location data—within five meters—enabling them to create a detailed profile of the victim’s movements. Similar incidents have occured with other car brands such as Kia.

Timeline: Reported on January 25, 2025

Threat Actors: Unspecified cybercriminal groups specializing in IoT and automotive exploits. The vulnerability originated from flaws in the Starlink admin portal, including an unsecured password reset API endpoint and inadequate safeguards against bypassing two-factor authentication (2FA).

Key Implications:

• Endangerment of driver and passenger safety.
• Financial and reputational risks for automobile manufacturers.
• Increased regulatory scrutiny on connected vehicle security.

Actionable Steps:

1. Regularly update vehicle software to patch known vulnerabilities.
2. Avoid connecting cars to untrusted networks or devices.
3. Encourage manufacturers to adopt rigorous cybersecurity protocols during vehicle development.

Additional Resources: Read more at Forbes.

2. Microsoft Windows BitLocker Vulnerability

Summary: A newly discovered vulnerability in Microsoft Windows BitLocker exposes encryption passwords, potentially allowing attackers to bypass security and access sensitive data. Microsoft has acknowledged the issue, advising users to update their systems and avoid physical tampering risks.

Timeline: Reported on January 26, 2025, following the January 14 Microsoft Patch Tuesday update that made headlines for two key reasons: the discovery of three actively exploited Windows zero-day vulnerabilities and the unusually high number of security issues addressed in the update.

Threat Actors: Unspecified threat actors targeting enterprise environments.

Key Implications:

• Potential unauthorized access to sensitive data on encrypted drives.
• Increased exposure for businesses relying on BitLocker for data security.
• Heightened risk of compliance violations due to data breaches.

Actionable Steps:

1. Immediately apply the latest updates from Microsoft.
2. Limit physical access to devices using BitLocker.
3. Use additional layers of encryption to secure critical data.

Additional Resources: Read more at Forbes.

3. Google Chrome Web Store’s New Extension Security Measures

Summary: Following the news of the Chrome browser being leveraged to bypass two-factor authentication protections through extension hacking attacks, Google announced plans to enhance security for its Chrome Web Store, aiming to better protect users from malicious extensions. The measures include stricter review processes, increased transparency about developer identities, and automated detection of suspicious behaviors in extensions. Hafsah Ismail, Product Manager for Chrome Web Store and Extensions, and Maxime Martin, Product Manager for Chrome Enterprise, announced the launch of a new Chrome Web Store tailored for enterprise users. Stating, “We’re thrilled to introduce powerful new features that provide businesses with enhanced control and visibility over their Chrome extension ecosystem,”.

Timeline: Posted by Google January 23, 2025

Threat Actors: N/A

Key Implications:

• Improved user trust in Chrome extensions.
• Challenges for extension developers adapting to stricter requirements.
• Reduced risks of phishing and malware propagation through extensions.

Actionable Steps:

1. Review extension permissions before installing.
2. Regularly audit installed extensions for suspicious activity.
3. Follow Google's guidance for secure extension development.

Additional Resources: Read more at Forbes.

4. EU Boosts Cybersecurity for Hospitals

Summary: The European Union has enacted measures to enhance cybersecurity in healthcare, focusing on protecting hospitals from ransomware attacks and data breaches. The initiatives include funding for advanced cybersecurity technologies, mandatory compliance with new security standards, and establishing a pan-European Cybersecurity Support Centre, which will be overseen by the European Network and Information Security Agency.

Timeline: Reported on January 27, 2025

Threat Actors: N/A. Response to the growing threats directed at the healthcare industry within the EU.

Key Implications:

• Improved resilience of healthcare systems against cyberattacks.
• Financial support for hospitals to upgrade cybersecurity defenses.
• Enhanced patient data protection and trust in healthcare services.

Actionable Steps:

1. Adopt advanced endpoint protection solutions.
2. Conduct regular cybersecurity training for healthcare staff.
3. Align with emerging EU cybersecurity standards.

Additional Resources: Read more at Medscape.

5. Ivanti Connect Secure Backdoors

Summary: Security researchers uncovered 379 backdoors in Ivanti Connect Secure, a popular VPN solution. These vulnerabilities could allow attackers to execute remote code, access sensitive data, and move laterally within compromised networks. As of Friday, Censys identified nearly 33,000 Ivanti Connect Secure devices that were publicly exposed to the internet.

Timeline: Disclosed January 8, 2025, with most recent update January, 24, 2025.

Threat Actors: Advanced persistent threat (APT) groups exploiting VPN vulnerabilities.

Key Implications:

• Heightened risks for organizations relying on Ivanti for secure connectivity.
• Potential for data theft and ransomware deployment.
• Damage to Ivanti’s reputation and user trust.

Actionable Steps:

1. Immediately apply patches released by Ivanti.
2. Conduct vulnerability scans on network infrastructure.
3. Transition to alternative VPN solutions if necessary.

Additional Resources: Read more at Cybersecurity Dive.

6. TalkTalk Investigates Data Breach

Summary: TalkTalk is investigating claims of a data breach after a hacker alleged the theft of customer information, including names, addresses, and payment details. The company is working to determine the legitimacy of the claims and secure its systems. It is good to take note that TalkTalk was fined £400,000 following a 2015 data breach in which hackers stole the personal data of 157,000 customers, including sensitive financial information.

Timeline: TalkTalk representation made a statement on January 21, 2025. The investigation is still on-going.

Threat Actors: A person operating under the pseudonym “b0nd” has claimed responsibility for stealing the personal data of over 18.8 million current and former TalkTalk subscribers. TalkTalk continues to investigate but confidently states 18.8 million is an extremely exaggerated number. Screenshots shared by b0nd indicate that the data was stolen from CSG’s Ascendon platform.

Key Implications:

• Potential risks of fraud and identity theft for customers.
• Reputational damage to TalkTalk amid ongoing investigations.
• Regulatory scrutiny over data protection practices.

Actionable Steps:

1. Monitor credit reports and accounts for suspicious activity.
2. Enable fraud alerts with financial institutions.
3. Update passwords and enable two-factor authentication on TalkTalk accounts.

Additional Resources: Read more at TechCrunch.

7. Apache Solr Vulnerability

Summary: A critical vulnerability in Apache Solr allows arbitrary path write access, potentially enabling attackers to modify files, escalate privileges, or execute malicious code. Administrators are urged to apply patches immediately to mitigate risks.

Timeline: Reported on January 27, 2025

Threat Actors: Currently unknown, the exploitation process begins with the attacker creating a ZIP file containing relative paths that traverse directories. This malicious archive is then uploaded through Solr's configset upload endpoint. When extracted, the files overwrite existing ones, writing to unintended locations on the filesystem.

Key Implications:

• Increased risk of unauthorized access to sensitive systems.
• Potential data integrity and availability issues.
• Urgent need for patch management across affected environments.

Actionable Steps:

1. Apply the latest patches from Apache.
2. Limit Solr’s access to critical system directories.
3. Monitor for unusual activity in Solr environments.

Additional Resources: Read more at Cybersecurity News.

8. Windows Charset Conversion Exploited

Summary: A Windows feature for charset conversion has been exploited to bypass security mechanisms and execute malicious code. This flaw poses significant risks, particularly for systems without regular updates or endpoint protections. The newly discovered attack surface, named "WorstFit," exploits specific features of Windows' internal character encoding system to carry out advanced attacks, such as path traversal, argument injection, and remote code execution(RCE).

Timeline: Reported on January 27, 2025

Threat Actors: Currently unknown, however, the vulnerability has already been connected to exploits impacting applications such as, PHP-CGI, ElFinder, and Cuckoo Sandbox.

Key Implications:

• Potential for widespread malware attacks exploiting the feature.
• Increased risks for outdated or unprotected Windows systems.
• Calls for stronger security measures in OS features.

Actionable Steps:

1. Apply the latest Windows updates immediately.
2. Disable unnecessary Windows features where feasible.
3. Deploy advanced endpoint protection solutions.

Additional Resources: Read more at Cybersecurity News.

9. Memory Corruption Detection in Linux Kernel

Summary: Researchers, Erin Avllazagaj, Yonghwi Kwon, and Tudor Dumitraș from the University of Maryland have developed SCAVY (Scavenger) to detect memory corruption in the Linux kernel, a major vulnerability targeted by attackers. These tools help identify and patch weaknesses before they are exploited by using advanced techniques like fuzzing and differential analysis to detect exploitable states resulting from memory corruption.

Timeline: Reported on January 27, 2025; Presented at the 33rd Usenix Securoity Symposium '24

Threat Actors: N/A

Key Implications:

• Enhanced security for Linux-based systems.
• Potential reduction in exploitation of zero-day vulnerabilities.
• Greater confidence in Linux as a secure platform.

Actionable Steps:

1. Adopt memory corruption detection tools for Linux environments.
2. Regularly update and patch Linux kernels.
3. Monitor security advisories for Linux-related threats.

Additional Resources: Read more at Cybersecurity News, and The Usenix Open Source Research Presentation.

Partnering with EIP Networks for People-First Cybersecurity

EIP Networks remains committed to a person-first approach to cybersecurity, delivering tailored solutions to meet your organization's unique needs. Stay ahead of threats by engaging with our current events and weekly roundups here on our Blog, LinkedIn or X (Twitter), and learn how to fortify your security posture by booking an assessement with our expert team. #WeDoThat