CISO Daily Update - July 1, 2024
NEW DEVELOPMENTS
TeamViewer Detects Security Breach in Corporate IT Environment
Source: The Hacker News
TeamViewer disclosed on Thursday that it detected an "irregularity" in its internal corporate IT environment June 26, 2024. The company activated its response team, engaged cybersecurity experts, and implemented remediation measures. TeamViewer reported that its corporate IT environment is isolated from its product environment with no evidence of customer data impact. On the same day of their disclosure (Thursday), the U.S. Health Information Sharing and Analysis Center (Health-ISAC) warned of threat actors exploiting TeamViewer, including state-sponsored group APT29. The following day (Friday), TeamViewer confirmed that APT29 targeted an employee account's credentials but did not access the product environment or customer data. NCC Group advised removing the software until more information on the compromise is available.
Infosys McCamish Systems Data Breach Impacted Over 6 Million People
Source: Security Affairs
Infosys McCamish Systems (IMS) disclosed a major data breach in 2023 due to a LockBit ransomware attack that impacted 6 million individuals. The breach compromised sensitive data including names, social security numbers, financial details, and medical information. In their investigation, IMS determined that unauthorized access occurred between October 29 and November 2, 2023. The company notified affected individuals and offered 24 months of complimentary credit monitoring and support services to mitigate potential identity theft risks. IMS continues to collaborate with third-party experts to assess the extent of data compromise and address ongoing security concerns.
HubSpot Investigating Cyber Attack Following Customer Account Hacks
Source: GB Hackers on Security
Leading CRM and marketing automation provider HubSpot is investigating a cybersecurity incident reported on June 22. Malicious actors targeted a limited number of customer accounts, prompting HubSpot to revoke unauthorized access. The company confirmed fewer than 50 accounts were breached but has not disclosed further details. HubSpot, valued at nearly $30 billion and serving over 216,000 corporate clients including Discord and Eventbrite, continues to enhance security measures amid ongoing investigations.
Chicago Children’s Hospital Says Nearly 800,000 Affected by January Ransomware Attack
Source: The Record
Ann & Robert H. Lurie Children’s Hospital of Chicago disclosed a significant data breach affecting nearly 800,000 individuals due to a ransomware attack by the Rhysida group in January. The attackers accessed sensitive health information, including social security numbers, medical records, and treatment details, but the hospital confirmed that electronic health records were not compromised. Despite the attack forcing systems offline and impacting patient access, Lurie Children’s did not pay the ransom and worked with cybersecurity experts and law enforcement to remediate the breach. Victims are receiving two years of identity protection services as the hospital continues to enhance its security measures.
Ticketmaster Sends Notifications About Recent Massive Data Breach
Source: Bleeping Computer
Ticketmaster notified customers of a massive data breach where hackers stole its Snowflake database, affecting millions of people worldwide. The breach occurred between April 2 and May 18, 2024, and exposed the names, contact information, and partial credit card information of 560 million users. Hackers exploited Ticketmaster credentials lacking multi-factor authentication to access the Snowflake account, with the stolen data listed for sale on a hacking forum for $500,000. Ticketmaster urges customers to remain vigilant against identity theft and offers one year of free identity monitoring.
Dairy Giant Agropur Says Data Breach Exposed Customer Info
Source: Bleeping Computer
Major North American dairy cooperative Agropur disclosed a data breach affecting its shared online directories, potentially exposing customer information. While the company asserts that its core business operations and transactional systems remain unaffected, it has initiated an investigation with the assistance of external cybersecurity experts and law enforcement. Agropur processes 6.7 billion liters of milk annually and boasts $5.1 billion in revenue. In a proactive communication to customers, the company emphasizes that there is currently no evidence of data misuse but advises vigilance against potential phishing attempts. As the investigation is ongoing, specific details about the types of exposed data and the number of affected individuals remain undetermined.
领英推荐
VULNERABILITIES TO WATCH
Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability
Source: Cyber Security News?
Juniper Networks disclosed a critical vulnerability (CVE-2024-2973) affecting its Session Smart Router (SSR) and Session Smart Conductor products. This flaw allows attackers in redundant peer setups to bypass authentication and gain full control over the devices. Versions impacted include SSR before 5.6.15, 6.0 before 6.1.9-lts, and 6.2 before 6.2.5-sts, as well as corresponding Conductor and WAN Assurance Router versions. Juniper released updated software to address the issue, with fixes automatically applied for some configurations while others require manual updates to ensure protection against exploitation.
Hackers Exploit Critical D-Link DIR-859 Router Flaw to Steal Passwords
Source: Bleeping Computer
Hackers are actively exploiting a critical vulnerability (CVE-2024-0769) affecting all D-Link DIR-859 WiFi routers that reached end-of-life and are no longer receiving updates. This path traversal flaw allows attackers to extract sensitive information, including passwords, via the 'fatlady.php' file. Exploitation involves targeting configuration files like 'DEVICE. ACCOUNT.xml' through malicious POST requests to '/hedwig. cgi', potentially leading to complete device takeover. D-Link has not issued a patch.
SPECIAL REPORTS
Web Scraping Is Not Just a Security or Fraud Problem
Source: Help Net Security
Web scraping is responsible for 42% of overall web traffic, with 65% being malicious, and poses significant challenges beyond security and fraud. Scraper bots can undermine revenue, competitive edge, brand identity, and customer experience while inflating infrastructure costs. Particularly in e-commerce, scraper bots facilitate competitive intelligence, inventory hoarding, and the creation of counterfeit sites–harming both bottom lines and customer trust. Despite the lack of legal prohibitions against scraper bots and their growing sophistication due to AI botnets, companies can take measures to mitigate these impacts. Such bots not only lead to phishing and brand impersonation but also contribute to technical issues like website performance degradation and increased compute costs. Consequently, while some firms benefit from scraping, those being targeted bear substantial expenses and operational burdens.
76% of Companies Improved Their Cyber Defenses to Qualify for Cyber Insurance
Source: The Cyber Express
A survey by Sophos revealed that 76% of companies improved their cyber defenses to qualify for cyber insurance, with 97% of those with a policy enhancing their security to meet requirements. While this has led to better coverage and pricing, only 1% of claimants received full reimbursement for recovery costs from cyberattacks, which now average $2.73 million. Despite insurance, companies still face significant financial burdens and must implement basic cybersecurity practices. Additionally, 99% of firms that upgraded their defenses for insurance purposes reported broader security benefits.
Weekly Vulnerability Report: Critical Flaws Identified by Cyble in Microsoft, Adobe, MOVEit & More
Source: The Cyber Express?
Cyble's weekly vulnerability report highlights critical flaws affecting Microsoft, Adobe, MOVEit, and others, with notable vulnerabilities including SQL injection in Fortra FileCatalyst, authentication bypass in Progress MOVEit Transfer, and buffer overflow in Phoenix SecureCore. These vulnerabilities pose risks ranging from arbitrary code execution to data exfiltration and have led to active exploitation attempts. Patch availability varies, urging organizations to prioritize updates to mitigate potential cyber threats and exposures.
Finding value in this newsletter? Like or share this post on LinkedIn