In a world increasingly dependent on digital infrastructure, the cybersecurity landscape continues to evolve, and so does the role of women in this critical field. Irene Corpuz, a cyber policy expert at the Dubai Electronic Security Center and co-founder and board member of Women in Cyber Security Middle East (WiCSME), shared her insights on effective strategies for encouraging women in cybersecurity and the challenges small businesses face in prioritizing cybersecurity at The World Cybercon META Edition hosted by The Cyber Express in Dubai.

Strategies to Encourage Women in Cybersecurity

Irene Corpuz believes that collaboration and communication are key to empowering women in cybersecurity. One of the most effective strategies is to collaborate and communicate our objectives and advocacy for increasing and empowering women in cyber," she states. By showcasing women in various roles—from mentors and speakers to leaders—on platforms like conferences, the visibility and success of these women can inspire others to pursue their ambitions in the field. "Seeing other women grow and succeed motivates them to pursue their dreams and careers," Irene emphasizes. She highlights the importance of a supportive community, which acts as a backbone for women in cybersecurity, helping them navigate and thrive in the industry.

Trends in Women's Participation in Cybersecurity

Reflecting on her journey, Irene observes a positive trend in the participation of women in cybersecurity. When WiCSME was founded in 2018, women made up only 12% of the cybersecurity workforce. However, this number has significantly increased to 25% by last year. This growth is attributed not just to WiCSME but to the collective efforts of various women-in-cyber organizations worldwide. "There’s a continuous growth, and awareness of the importance of diversity and inclusion in cybersecurity is becoming more widespread," Irene notes. This trend signifies a growing recognition of the value that diverse perspectives bring to the cybersecurity industry.

Challenges for Small Businesses in Cybersecurity

Transitioning the conversation to small businesses, Irene sheds light on the challenges they face in prioritizing cybersecurity. "Small businesses and young entrepreneurs often face constraints in financial resources," she explains. As these businesses focus on growth and expanding their customer base, investing in cybersecurity often becomes a secondary priority. However, Irene stresses the importance of embedding a cybersecurity and awareness culture from the beginning, even if it means taking small steps. "Startups and SMEs need to take baby steps in embedding cybersecurity and awareness culture within their employees," she advises. As these companies mature, their cybersecurity measures should evolve accordingly to build a resilient defense against cyber threats.

Conclusion

The insights shared by Irene Corpuz underscore the significance of community support and visibility in empowering women in cybersecurity. Furthermore, her perspective on the challenges faced by small businesses highlights the necessity of integrating cybersecurity practices gradually and consistently. As the cybersecurity landscape continues to evolve, the contributions of women and the resilience of small businesses will play a pivotal role in shaping a secure digital future.

The Cyber Express, in collaboration with Cyble Research & Intelligence Labs (CRIL), is dedicated to providing the latest and most comprehensive information on security vulnerabilities. Each week, we deliver actionable insights for IT administrators and security professionals, crafted by highly skilled dark web and threat intelligence researchers at Cyble. Cyble has identified several important bugs in its Weekly Vulnerability Report that require urgent attention. The full report covers these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses. Cyble security analysts have also conducted scans of customer environments to alert them of any exposures.  These vulnerabilities, highlighted from June 05, 2024, to June 11, 2024, include critical issues that could be easily exploited. Failure to patch these vulnerabilities could result in unauthorized access, data breaches, and significant operational disruptions.  Cyble researchers found over 1 million internet-facing assets exposed to these vulnerabilities, highlighting the urgency of addressing these security flaws.

Critical Vulnerabilities and Their Impact

Here are details and analysis of five of the most critical vulnerabilities identified by Cyble.

GitHub Access Token (CVE-2024-37051)

Overview: Exposed access tokens have been identified, which could allow unauthorized individuals to access GitHub accounts. This can lead to the manipulation or theft of code, posing a severe threat to software integrity and security.  Impact: Unauthorized access to repositories can result in the leakage of sensitive information, insertion of malicious code, and potential compromise of projects dependent on the affected repositories. 

FortiOS SSL-VPN (CVE-2022-42475)

Overview: A critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN has been actively exploited in cyber-espionage campaigns. This vulnerability allows attackers to execute arbitrary code on the affected systems.  Impact: Successful exploitation can lead to full control over the compromised system, enabling data theft, network breaches, and service disruptions. 

PHP Remote Code Execution (CVE-2024-4577) 

Overview: Multiple versions of PHP have been found vulnerable to remote code execution. This vulnerability has been exploited to deploy ransomware, affecting web servers running the compromised PHP versions.  Impact: Exploitation can result in the complete compromise of web servers, data exfiltration, and file encryption for ransom. 

Netgear Authentication Bypass (CVE-2024-36787)

Overview: A vulnerability in Netgear routers allows attackers to bypass authentication mechanisms, granting unauthorized access to router settings.  Impact: Unauthorized access can modify network settings, intercept data, and further network compromises. 

Veeam Backup Enterprise Manager (CVE-2024-29849)

Overview: A critical vulnerability in Veeam Backup Enterprise Manager allows unauthenticated users to log in, posing a high risk of data theft and manipulation.  Impact: Unauthorized access to backup systems can result in data breaches, loss of critical backup data, and potential operational disruptions. 

Weekly Vulnerability Report: Highlights

CVE-2024-37051 

Impact Analysis: A critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories.  Internet Exposure: No  Patch: Available 

CVE-2022-42475 

Impact Analysis: A critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN and FortiProxy SSL-VPN allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. Reports suggest that Chinese TAs weaponized this vulnerability in cyber-espionage campaigns targeting government institutions for a few months between 2022 and 2023 to deploy malware on vulnerable Fortigate network security appliances.  Internet Exposure: Yes  Patch: Available 

CVE-2024-4577 

Impact Analysis: A critical remote code execution (RCE) vulnerability affecting PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8 when using Apache and PHP-CGI on Windows. PHP is a widely used open-source scripting language designed for web development, and the vulnerability can reveal the source code of scripts and enable TAs to run arbitrary PHP code on the server. Recently, researchers observed that the TellYouThePass ransomware gang has been exploiting the vulnerability to deliver webshells and execute the encryptor payload on target systems.  Internet Exposure: Yes  Patch: Available 

CVE-2024-4610 

Impact Analysis: A use-after-free vulnerability in Arm Ltd Bifrost GPU Kernel Driver and Arm Ltd Valhall GPU Kernel Driver allows local non-privileged users to gain access to already freed memory through improper GPU memory processing operations.  Internet Exposure: No  Patch: Available 

CVE-2024-36787 

Impact Analysis: This vulnerability in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface, posing a severe threat to network security and sensitive user data.  Internet Exposure: Yes  Patch: Not specified 

CVE-2024-29849 

Impact Analysis: A vulnerability in Veeam Backup Enterprise Manager (VBEM) allows unauthenticated attackers to log in as any user to the enterprise manager web interface. This poses a high risk due to the global use of Veeam products and the availability of publicly available proof-of-concept (PoC).  Internet Exposure: Yes  Patch: Available 

CVE-2019-9082 & CVE-2018-20062 

Impact Analysis: These vulnerabilities impact ThinkPHP, an open-source PHP framework with an MVC structure, leading to remote code execution (RCE). Chinese threat actors have leveraged these vulnerabilities to install a persistent web shell named Dama.  Internet Exposure: No  Patch: Not specified 

CVE-2024-24919 

Impact Analysis: This vulnerability impacts Check Point Remote Access VPN and allows attackers to read information from Internet-connected gateways with remote access VPN or mobile access enabled. It has been exploited in zero-day attacks since April 30, enabling lateral movement through victim networks by stealing Active Directory data.  Internet Exposure: Yes  Patch: Available 

CVE-2024-30080 

Impact Analysis: A critical remote code execution vulnerability in Microsoft’s Message Queuing (MSMQ) can be exploited by unauthenticated attackers via specially crafted malicious MSMQ packets. Microsoft addressed the flaw in its monthly Patch Tuesday update. Internet Exposure: Yes  Patch: Available 

Industrial Control Systems (ICS) Vulnerabilities 

The report also highlights vulnerabilities in Industrial Control Systems (ICS), which are critical to sectors such as healthcare, emergency services, and energy. The majority of these vulnerabilities are categorized as high and critical severity, emphasizing the importance of securing ICS environments. 

Recommended Mitigation Strategies 

To mitigate the risks associated with these vulnerabilities, the following strategies are recommended: 

• Regular Software and Hardware Updates: Ensure all systems and devices are up to date with the latest security patches and firmware updates. 
• Patch Management: Implement a comprehensive patch management process to promptly address and apply patches for known vulnerabilities. 
• Network Segmentation: Segment networks to limit the spread of attacks and reduce the attack surface. 
• Incident Response and Recovery Plans: Develop and regularly update incident response and recovery plans to ensure swift action in the event of a breach. 
• Monitoring and Logging Solutions: Deploy advanced monitoring and logging solutions to detect and respond to suspicious activities in real time. 
• Regular Vulnerability Assessments and Penetration Testing: Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses. 
• Strong Password Policies and Multi-Factor Authentication: Enforce strong password policies and implement multi-factor authentication to enhance access control.

The report also notes the active discussion and sharing of several vulnerabilities on underground forums. These include vulnerabilities affecting popular platforms such as WordPress and macOS, which cybercriminals are exploiting. 

Conclusion 

The findings of the Weekly Vulnerability Intelligence Report highlight the critical need for continuous vigilance and proactive cybersecurity measures. Organizations must prioritize patch management, conduct regular security audits, and maintain incident response plans to protect against emerging threats.  Stay ahead of cyber threats with the Weekly Vulnerability Intelligence Report by Cyble, brought to you by The Cyber Express. Subscribe now for the latest insights powered by Cyble's advanced AI-driven threat intelligence.

Twenty-two Chinese nationals have pleaded guilty to cyber-related crimes in Zambia, Africa. They are among the 77 suspects, who were arrested earlier this April, linked to, what the authorities described as a highly organized and advanced internet fraud syndicate. The raid took place at a company run by the Chinese in Lusaka, the capital city of Zambia. This operation was prompted by the rising trend of internet crimes which have resulted in individuals’ loss both locally and worldwide. According to reports, the Chinese nationals are expected to be sentenced on Friday.

Zambia Cyber Fraud Case: What Led to the Crackdown

In recent years, the Drug Enforcement Commission (DEC) of Zambia has noted a drastic increase in events where Zambians lost funds from their mobile and bank accounts due to money laundering schemes that extend beyond its borders. Victims have been identified in various countries such as Singapore, Peru, United Arab Emirates (UAE), and across Africa. Linked to the Zambia cyber fraud case, several young Zambians were also taken into custody for this operation, the BBC reported. These individuals were allegedly recruited to work as call center agents for purposes of defrauding others via the internet or online scams. According to DEC, these recruits would engage unsuspecting mobile users in discussions on platforms like WhatsApp, Telegram, and some chat rooms through scripted dialogue. The trial took several weeks, but concluded with the 22 Chinese nationals, one of them being a woman, pleading guilty to three counts: computer fraud by false representation; possession of articles for use in fraud, and operating an electronic communications network or service without a license. A Cameroonian national was also charged with having changed people’s social media profile pictures to scam them. The suspects were linked to Golden Top Support Services which is a Chinese-owned company that was at the center of the raid. The alleged offenders, according to reports, are yet to respond on this issue. Li Xianlin who is thought to be the director of Golden Top Support Services Limited has been accused of breaking Zambian law by operating his company without acquiring relevant licenses. On Tuesday, the state prosecutor asked for a more detailed statement than what they have provided about each count. The Zambian nationals involved in that conspiracy were arrested in April and then granted bail with conditions until investigations were completed. Among the items seized were gadgets that enabled callers to conceal their location, alongside numerous SIM cards. These items include 11 SIM boxes, which are tools capable of routing calls through real phone networks. The huge number of SIM cards confiscated – over 13,000 – whether domestic or foreign indicates how far and wide this operation was spread. In addition, two firearms, about seventy-eight rounds of ammunition, and two vehicles linked to the Chinese man connected to the business were also taken.

Cybercrime in Africa': A Significant Menace

The Zambian cyber fraud case illustrates how widespread internet scams have become and how they now have a global reach. Africa's cybercrime is a significant menace estimated at $3.5 billion lost annually in 2020, and the number has continued to increase, with recent data showing that Africa saw the highest average number of weekly cyberattacks per organization in the second quarter of 2023, marking a 23% increase compared to the same period in 2022. The financial losses from these attacks are significant. According to ECA data, Africa's low level of preparedness for cyber threats resulted in an average cost of 10% of GDP for countries in 2022. Countries such as Nigeria, Kenya, and South Africa have been hit hard with a great proportion of cases involving online fraud, identity theft, and financial fraud. According to a CGTN report, in many African countries, weak telecommunication infrastructure has made it easier for cybercrimes to thrive, leading to a noticeable drop in productivity across several sectors. The report highlighted that over 90 percent of African businesses were functioning without the essential cybersecurity protections they need. Similarly in Zambia, cybercrimes have surged with DEC reporting many cases of people and businesses who fall prey to various schemes. This has been aggravated by increased connectivity and use of mobile and internet services making users more vulnerable to cyber-attacks.