Mark's and Spencer confirms that customer personal data was accessed in a recent hack. The FBI warns of 13 outdated routers hijacked by hackers, Fortinet patches a zero day and Fortivoice actively exploited in targeted attacks and joy or rapture, unforeseen ransomware reaches the CPU. Welcome to Cybersecurity. Today, I'm your host, Jim Love Marks and Spencer has confirmed that hackers accessed personal customer data during a cyber attack that has disrupted its operations since late April.
The breach, which occurred over the Easter weekend, compromised information, including names, dates of birth, home and email addresses, phone numbers, household details, and even online order histories. But importantly, Mars and Spencer stated that no usable payment card details or account passwords were accessed. The attack has been linked to the cyber crime group, Dragon Force, known for ransomware and extortion tactics.
Marks and Spencer's online ordering systems remain offline and the company is not specified. When services will resume, , customers are being prompted to reset their passwords as a precaution. And Marks and Spencer's advises vigilance against potential phishing attempts and emphasizes it will never request personal account information via unsolicited communications. The UK's National Cybersecurity Center is collaborating with Mark Spencer and law enforcement to investigate the incident.
The old saying, if it ain't broke, don't fix. It might not apply to routers. I. It turns out that some of those old reliable Linksys routers might be a significant security risk. The FBI has issued an urgent alert regarding 13 older router models being actively exploited by cyber criminals. These devices primarily from Linksys, Cradlepoint, and Cisco have reached their end of life and are no longer receiving security updates, making them vulnerable to malware attacks.
For many larger companies, we would hope this wouldn't be an issue. Replacement should be done for any network device that is no longer supported. But for smaller companies or home offices, this could be a real threat. I. So the Linksys E 1200, E 2,500, E 1000, E 4,200 E, 1500 E 300 E 3,200 E, 1550 WRT three 20 NWRT three 10 n and WRT six 10 N are affected from Cradlepoint.
The E 100 series is and from Cisco, the M 10 series . Hackers are exploiting these outdated routers using variants of the moon malware. The malware allows attackers to gain unauthorized access, turning compromised routers into proxy nodes for malicious activities such as data theft and cyber attacks. Once infected, these routers can be controlled remotely, often without the owner's knowledge. Some signs of compromise might include.
Unusual overheating, frequent internet disconnections, unexpected changes in router settings or appearance of unknown devices on your network. If you own one of the affected models, the FBI is strongly advising replacing it with a newer model that regularly receives security updates. But if not, at least ensure that you disable remote administration, access your router settings, and turn off remote management features to at least try to prevent unauthorized access.
Fortinet has issued a critical fix for a zero day vulnerability CVE 20 25 32 7 5 6, affecting its FortiVoice enterprise phone systems.
After confirming the flaw was actively exploited in real world attacks, the vulnerability is a stack based buffer overflow that allows unauthenticated attackers to remotely execute code by sending specially crafted HTTP requests, Fortinets product security team discovered the issue following the attacker's activities including network scans, system crash log deletions to cover their tracks and FCGI debugging being toggled on to log credentials from the system or SSH login attempts.
The company has released patches and advises administrators to disable the HTTP or H-T-T-P-S administrative interfaces as a temporary mitigation. This is the latest in a string of critical security issues affecting Fortinet products. Last month, the Shadow Server Foundation reported on 16,000 internet exposed Fortnite devices that were compromised using a new SIM link backdoor that provides threat actors with read-only access to sensitive files.
On now patched devices hacked in previous attacks earlier this year, Fortinet patched another vulnerability, CVE 20 25 2 4 4 7 2. An authentication bypass flaw in Fort iOS and FortiProxy that allowed attackers to gain superin access. The company has urged all customers to audit systems for signs of compromise and apply patches immediately.
Organizations relying on Forti voice or other impacted Fortinet products, including Forti male, Forti NDR, Forti recorder, and Forti camera should act quickly. The nature of the exploit and its confirmed use in the wild makes this vulnerability, especially high risk for unpatched systems.
And finally, a cybersecurity researcher has developed a proof of concept demonstrating that ransomware can be embedded directly into a computer's CPU via micro code updates, potentially bypassing all traditional security measures. Christian Beek, a senior director at cybersecurity firm, rapid seven created the POC inspired by a critical flaw in AMD's Zen processors. The flaw previously identified by Google researchers allows attackers to modify the RDRAND instruction.
Enabling the injection of custom microcode beaks approach involves weaponizing microcode updates a low level layer between hardware and machine code. Typically used by chip makers to fix bugs and improve CPU reliability, to hide ransomware payloads within the processor itself. While MICROCODE updates are generally exclusive to CPU manufacturers, Beek's research indicates that injecting custom microcode, although challenging is actually feasible.
His POC, which he has no plans to release publicly, demonstrates how such an attack could render traditional security technologies ineffective as the malware operates beneath the software layer. The development underscores the evolving sophistication of cyber threats. Beek references the Black Lotus Boot Kit known for compromising UEFI, firmware and INFECTING systems protected by Secure Boot as a precedent for such low level attacks.
Additionally, leaked chat logs from the Conti Ransomware Group in 2022 revealed efforts to develop ransomware capable of installing directly into the UEFI. Firmware highlighting a trend towards more persistent and stealthy malware. The ability to embed ransomware at the CPU level would represent a significant escalation in cyber attack capabilities, potentially allowing malware to survive, system reboots, hardware replacements, and even software reinstalls.
This research serves as a warning to both chip manufacturers and PC manufacturers about the need to address vulnerabilities at the hardware level and to develop defenses against such deeply embedded threats. And on that happy note, that's our show. We're always interested in your opinion, and you can contact us at [email protected]. You can find me on LinkedIn, or if you're watching this on YouTube, you know what to do. Leave a comment under the video.
I'm your host, Jim Love. Thanks for listening.