In this Neeve issue: find out why the SEC slapped big fines on four companies, how a dangerous Windows flaw lets hackers roll back defenses, why RedLine and MetaStealer takedowns mark a win against cybercrime, and the latest high-risk alerts putting critical systems at risk.

Coming up this week:

• 🔥 SEC Hits Firms with $7M Fines

• 🛡️ Windows Vulnerability Enables Downgrade Attacks

• 🚨 ICONICS, Mitsubishi ICS Products At Risk

• 🗞️ Further Alerts & Insights

🔥 SEC Hits Firms with $7M Fines

The SEC fined four companies—Check Point ($995,000), Mimecast ($990,000), Unisys ($4 million), and Avaya ($1 million)—for making misleading disclosures about the 2019 SolarWinds data breach.

• Each company downplayed the breach’s impact. Examples include Avaya omitting the extent of cloud file access, Check Point providing generic descriptions, Mimecast failing to specify stolen credentials, and Unisys treating real risks as hypothetical.

• All four companies cooperated with the SEC investigation and agreed to settle without admitting or denying the allegations, committing to avoid future violations.

🤔 The Bigger Picture:

This case highlights the growing scrutiny from regulators on how companies report data breaches, emphasizing the need for accurate and thorough disclosure processes to avoid costly penalties and ensure stakeholders are fully informed about potential risks.

🛡️ Windows Vulnerability Enables Downgrade Attacks

Attackers can bypass Driver Signature Enforcement (DSE) and install rootkits on fully patched Windows systems by downgrading critical components like ‘ci.dll’ using the Windows Update process.

• Security researcher Alon Leviev demonstrated the vulnerability at BlackHat and DEFCON, showing how attackers can revert patched components, exposing systems to past security flaws.

• Microsoft has not yet fully patched the issue, citing that gaining kernel-level execution as an administrator does not cross a "security boundary." They are developing mitigations but have not provided a timeline for the fix.

🤔 The Bigger Picture:

This weakness proves that even updated systems can be at risk from version rollback attacks, questioning how well regular patching works. Downgrading important parts of Windows is a big risk for organizations because it lets hackers bring back old vulnerabilities that could weaken Virtualization-based Security (VBS).

🚨 ICONICS, Mitsubishi ICS Products At Risk

CISA issued an advisory on a high-severity ICS vulnerability (CVE-2024-7587) affecting ICONICS and Mitsubishi Electric products like GENESIS64, Hyper Historian, and MC Works64. Rated 7.8 CVSS, the vulnerability allows unauthorized local access, potentially leading to data breaches, data tampering, and denial-of-service (DoS) attacks.

• The vulnerability stems from incorrect default permissions (CWE-276), allowing unauthorized users to access critical directories. Although not remotely exploitable, the flaw impacts industries reliant on ICS, including critical manufacturing, due to its potential for operational disruption.

• ICONICS and Mitsubishi recommend immediate updates to secure versions, thorough review of permissions, and removal of overly broad permissions like “Everyone” access.

🤔 The Bigger Picture:

ICS vulnerabilities like this one threaten operational continuity across vital industries. If exploited, data tampering or DoS could halt production, impact safety protocols, and compromise essential services within critical infrastructure. CISA’s guidance highlights the importance of defense-in-depth strategies tailored for ICS, where early detection, proactive permissions management, and patching are key to protecting highly sensitive systems from malicious insiders or unauthorized local access.

Further Alerts & Insights