CISO Daily Update - August 14, 2024
NEW DEVELOPMENTS
3AM Ransomware Stole Data of 464,000 Kootenai Health Patients
Source: Bleeping Computer
Major Idaho healthcare provider Kootenai Health experienced a data breach in March 2024, affecting over 464,000 patients. The 3AM ransomware group accessed and leaked sensitive data including social security numbers, medical records, and health insurance information. The breach was detected on March 2; data theft was confirmed on August 1. The 22GB of stolen data was leaked online after a ransom went unpaid.?
Orion SA Says Scammers Conned Company Out of $60 Million
Source: The Register
Orion SA reported a $60 million loss due to a wire fraud scheme likely involving business email compromise (BEC). The company’s Form 8-K filing revealed that an employee was deceived into transferring funds to fraudsters. No systems or data were compromised, and the company is working with law enforcement and insurance to recover the funds. Despite the loss, Orion has improved its financial outlook for 2024, with higher net sales and operating profit forecasts. The investigation into the incident and its impact on internal controls is ongoing.
Architect of Ransomware-as-a-Service Model Extradited to U.S. After More than a Decade on the Run
Source: The Cyber Express
The suspected architect of the Ransomware-as-a-Service model, Maksim Silnikau, was extradited to the U.S. after evading capture for over a decade. Known as the "J.P. Morgan" of cybercrime, Silnikau faces charges for pioneering the RaaS model, creating the Reveton ransomware, and developing the Angler Exploit Kit. His criminal network is responsible for infecting millions of devices and generating millions in illicit profits. The arrest was a result of an international effort led by the UK's National Crime Agengy, and involved agencies from multiple countries. This high-profile case marks a significant victory in the fight against cybercrime.
Donald Trump’s X Interview With Elon Musk Delayed, Owner Blames ‘Massive DDOS Attack’
Source: Yahoo News
Elon Musk's planned live interview with Donald Trump on X (formerly Twitter) faced significant technical difficulties on Monday evening. Scheduled for 8 p.m. ET, the conversation was delayed due to what Musk described as a "massive DDOS attack" on the platform. After initial struggles, the interview proceeded at 8:30 p.m. with a limited audience–eventually reaching 1.1 million listeners. Musk apologized for the late start, attributing it to opposition against Trump's voice being heard.?
VULNERABILITIES TO WATCH
Ivanti Warns of Critical vTM Auth Bypass With Public Exploit
Source: Bleeping Computer
Ivanti issued a critical patch for a vulnerability in its Virtual Traffic Manager (vTM) appliances (CVE-2024-7593) which allows remote attackers to bypass authentication and create rogue admin accounts. Although no exploitation has been reported yet, a public Proof of Concept exists. Ivanti urges immediate updates to patched versions and recommends restricting admin interface access to internal networks. Additionally, Ivanti warns of another vulnerability (CVE-2024-7569) in its ITSM products that could expose sensitive information. Previous Ivanti products have also faced significant attacks.
Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
Source: The Hacker News
Researchers identified critical vulnerabilities in Microsoft's Azure Health Bot Service, allowing potential lateral movement within customer environments and unauthorized access to sensitive patient data. The flaws, found in the Data Connections feature and the FHIR endpoint, could be exploited by redirecting requests to Azure's metadata service–leading to the acquisition of access tokens. Microsoft has patched these issues, with no evidence of exploitation in the wild.
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps
Source: Security Week
SAP's August 2024 Security Patch Day addresses critical vulnerabilities in BusinessObjects and Build Apps, including a missing authentication check (CVE-2024-41730) and an SSRF bug (CVE-2024-29415), with potential for full system compromise. Additionally, other high-severity issues affecting SAP's platforms, such as XML injection and information disclosure are also patched. Organizations should promptly apply these updates to prevent exploitation, as threat actors have historically targeted unpatched SAP vulnerabilities.
领英推荐
Outlook RCE Vulnerability: Exploitation Details Revealed
Source: Cyber Press
A critical zero-click remote code execution (RCE) vulnerability in Microsoft Outlook (CVE-2024-30103) allowed attackers to execute arbitrary code by exploiting flaws in the allowlist matching algorithm for Outlook Forms. The vulnerability was exploited by including trailing backslashes in form subkeys, bypassing validation protocols and enabling code execution with the user’s privileges. Microsoft patched the issue by updating the algorithm to perform exact matching and removing trailing backslashes from subkeys. Organizations are advised to maintain a layered security approach, including application allowlisting, email filtering, and timely patching to mitigate such threats.
Microsoft Fixes 6 Zero-Days Under Active Attack
Source: Help Net Security?
Microsoft patched six actively exploited zero-day vulnerabilities, including critical flaws in Microsoft Edge, Windows Kernel, and other key components. These vulnerabilities allow remote code execution, privilege escalation, and bypassing security features like Windows SmartScreen. Some of the most significant threats involve race conditions and exploitation through phishing attacks. Notably, vulnerabilities in legacy components like the Line Printer Daemon (LPD) and bypasses for Windows security flags highlight ongoing risks, especially in environments with outdated configurations. Users should promptly apply these patches.
SPECIAL REPORTS
35% of Exposed API Keys Still Active, Posing Major Security Risks
Source: Help Net Security
Nightfall AI's research reveals a significant security risk with 35% of exposed API keys still active, particularly in platforms like GitHub, Confluence, and Slack. This "secret sprawl" of sensitive information, including passwords and API keys, poses a major threat to organizations–making them vulnerable to privilege escalation attacks and data breaches. Continuous monitoring, automated remediation, end-to-end encryption, and regular security training are essential to mitigate these risks and protect against potential threats.
Hidden Crisis in Cybersecurity: 17 Out of 20 Professionals Suffering From Fatigue and Burnout
Source: Cybernews
A Sophos-commissioned survey reveals a hidden crisis in cybersecurity, with 85% of professionals facing fatigue and burnout due to lack of resources, monotonous tasks, and poor alignment between job roles and skills. The stress, exacerbated by inadequate leadership understanding and poor hiring practices, is impacting both mental health and institutional security. Solutions include increasing leadership accountability, improving communication, and providing better tools to reduce repetitive tasks, which can help build a more resilient cybersecurity culture.
NIST Formalizes World's First Post-Quantum Cryptography Standards
Source: Infosecurity Magazine
NIST formalized the world’s first post-quantum cryptography standards, marking a crucial step in securing systems against future quantum threats. The new standards include lattice-based key-encapsulation and digital signature mechanisms, and stateless hash-based digital signatures. Organizations are advised to integrate these standards immediately to prepare for potential quantum attacks and mitigate the risks of "harvest now, decrypt later" threats. The transition is crucial for maintaining data security as quantum computing advances.
Cost of a Data Breach 2024: Financial Industry
Source: Security Intelligence
The IBM Cost of a Data Breach 2024 report reveals that financial firms face an average breach cost of $6.08 million, 22% higher than the global average. With breaches taking 168 days to identify, the financial industry ranks second in breach costs after healthcare. Malicious attacks remain the top threat, though human error and IT failures contribute significantly. Investments in incident response (IR), identity and access management (IAM), AI, and automation have proven to reduce costs, but the industry must also address regulatory challenges and secure AI initiatives to mitigate growing risks.
Finding value in this newsletter? Like or share this post on LinkedIn
Vice President, Program Management, Capture & Services Delivery at CDW-G
1 个月Thanks Marco!
Thanks for sharing, Marcos ??