Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 23 – 2024

Publication date

07.06.2024

Featured Story

Ticketmaster Confirms Breach Potentially Impacting 560 Million Users

Ticketmaster parent company Live Nation has confirmed that internal data was exposed in a cyber-attack identified last month, with threat actors apparently targeting a third-party cloud environment. The ticketing giant said in an SEC filing that the majority of the compromised data came from its Ticketmaster subsidiary, which chimes with earlier reports that as many as 560 million of the company’s customers may have been impacted.

In a since-removed blog post, security researchers at Hudson Rock reported that the threat actor targeted a Snowflake employee’s ServiceNow account with stolen credentials, enabling them to subsequently access the Ticketmaster database.

SOC Analysis:
The recent incidents show why companies storing sensitive data in the cloud must use strong security measures like (phishing-resistant) multifactor authentication (MFA) and IP restrictions that limit access from only trusted locations.While these steps might seem simple, even experienced companies often forget about basic cloud security in their rush to go digital.

Other Stories

Attacks Surge on Check Point’s Recent VPN Zero-Day Flaw

Exploit activity targeting a recent information disclosure flaw in Check Point’s VPN technology has soared in recent days, heightening the need for organizations to address the flaw immediately. Check Point has warned that the vulnerability allows attackers to access sensitive information in security gateways, possibly allowing lateral movement or domain admin access. Exploitation activity reportedly began nearly two months before public disclosure.

SOC Analysis:
This comes as a continuation of last week’s newsletter. The fact that exploitation started before disclosure highlights the importance of proactive patch management.Check Point’s guidance can be found via their support portal. If you need help with patching or incident response related to this CVE, our SOC is here to help.

37 Vulnerabilities Patched in Android

Google released its June 2024 Android update addressing 37 vulnerabilities, including several high-severity privilege escalation issues in the System and Framework components. While there is no evidence of exploitation in the wild, the update closes critical flaws that could lead to elevation of privilege, denial of service, or data leakage.

SOC Analysis:
Keeping Android devices up to date is essential. Even without current evidence of exploitation, unpatched vulnerabilities often become prime targets shortly after patch release.

New Scam Targeting Artists

Several artists have fallen victim to a sophisticated scam encouraging them to sell artwork as NFTs. The scam involves impersonation and gradually builds trust over several days before requesting payments or crypto-based “minting” fees, ultimately defrauding the artist without any legitimate sale taking place.

SOC Analysis:
This scam is subtle and well-practiced. Key takeaways: never send money upfront, verify buyer identity, and consult with trusted sources before engaging in NFT or crypto transactions.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?