CISO Daily Update - July 2, 2024
NEW DEVELOPMENTS
Monti Gang Claims the Hack of the Wayne Memorial Hospital in Pennsylvania
Source: Security Affairs
Wayne Memorial Hospital in Pennsylvania fell victim to a cyber attack orchestrated by the Monti ransomware gang. This attack, affecting the 114-bed not-for-profit hospital in Honesdale, Pennsylvania, involved data theft with the group threatening to leak the information on their Tor leak site by August 7, 2024. The Monti gang emerged in mid-2022 following the shutdown of the Conti gang and utilizes encryptor software based on Conti's leaked source code. This incident adds to a concerning trend of cyberattacks impacting healthcare operations and patient care.
Landmark Admin Discloses Data Breach Impacting Personal, Medical Information
Source: Security Week
Life insurance company Landmark Admin disclosed a data breach from May 13, 2024 that compromised personal, medical, and insurance information–including social security numbers and financial details. Affected individuals have been notified, although the exact number remains unspecified. Landmark urges vigilance against identity theft and fraud, advising individuals to review account statements and credit reports. The breach is under investigation.
Truist Bank Sued Over Data Breach
Source: Cybernews
Truist Bank faces federal class action lawsuits alleging negligence and breach of contract following a cyberattack in October that compromised the personal information of some clients. Plaintiffs claim the bank failed to secure sensitive data and notify customers promptly. The lawsuits criticize Truist for vague disclosures and failure to detail the breach's specifics–impacting clients' ability to mitigate harm. The plaintiffs seek damages for concrete injuries resulting from the breach, including negligence and violations of consumer protection laws.
Prudential Data Breach Victim Count Soars to 2.5M
Source: Darkreading
Prudential Financial revised its initial estimate of individuals affected by a data breach from 36,000 to over 2.5 million. The breach was disclosed to the SEC in February and involved stolen information including names, addresses, driver’s license numbers, and ID card numbers. The ALPHV/BlackCat ransomware group claimed responsibility. In response, Prudential is offering 24 months of identity theft and credit monitoring services through Kroll. Legal actions are underway, with a class action lawsuit led by Constance Boyd in New Jersey court alleging Prudential's failure to protect client data.
AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit
Source: Hackread
A 19-year-old Indian student was expelled from Lehigh University and set to be deported after his scholarship fraud was exposed on Reddit by a vigilant moderator. The student used AI tools like ChatGPT, fake documents, and a phony school website to secure a full scholarship. His anonymous bragging on Reddit led to a moderator identifying him and alerting the university. The student was arrested, expelled, and sentenced to one to three months in prison for forgery and related charges.
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
Source: The Hacker News
The Transparent Tribe threat actor expanded its CapraTube campaign, targeting Android users with spyware disguised as popular apps. SentinelOne researchers identified new malicious APKs impersonating gaming, video, and social media applications to deliver an updated version of CapraRAT. This spyware can access sensitive data including location, messages, and contacts, as well as record audio and video. The campaign primarily targets Indian government and military personnel, with recent updates focusing on improving reliability and compatibility with newer Android versions.?
领英推荐
VULNERABILITIES TO WATCH
New regreSSHion OpenSSH RCE Bug Gives Root on Linux Servers
Source: Bleeping Computer
A newly discovered OpenSSH unauthenticated remote code execution (RCE) vulnerability, "regreSSHion" (CVE-2024-6387), allows remote attackers to gain root privileges on glibc-based Linux systems by exploiting a signal handler race condition in sshd. Identified by Qualys researchers, this flaw affects OpenSSH versions 8.5p1 to 9.8p1 and enables attackers to execute arbitrary code–potentially leading to full system compromise. While exploitation is challenging and requires multiple attempts, AI tools may facilitate successful attacks. Users are advised to update OpenSSH to version 9.8p1 and implement network-based controls to mitigate the risk.
Apple CocoaPods Bugs Expose Millions of Apps to Code Injection
Source: Darkreading
Critical supply chain vulnerabilities in CocoaPods, a dependency manager used by millions of Apple apps, have exposed apps to arbitrary code injection for nearly a decade. The vulnerabilities, identified include a remote code execution flaw (CVE-2024-38366) rated 10 out of 10 on the CVSS scale, allowing attackers to take over pods and inject malicious code. Another issue (CVE-2024-38368) involves abandoned pods, which can be claimed and altered by anyone. A third flaw (CVE-2024-38367) enables session hijacking. These bugs stem from CocoaPods' 2014 switch to the Trunk server for managing pods, which left many dependencies orphaned and vulnerable.
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
Source: Cyber Security News
Over 40 vulnerabilities were discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs), affecting 103 different models. The identified vulnerabilities include Remote Code Execution, XML External Entity Injection (XXE), Privilege Escalation, Authentication Credential Leak, DOM-based XSS, Insecure Permissions, and Time-Of-Check to Time-Of-Use (TOCTOU) conditions. Notable CVEs include CVE-2024-27171 and CVE-2024-27180, affecting third-party application systems and installed applications by default. The vulnerabilities were confirmed in various models running the latest firmware and can be exploited by threat actors to gain unauthorized access and move laterally within infrastructures. Users are advised to upgrade to the latest firmware to mitigate these risks per Toshiba’s security advisories.
SPECIAL REPORTS
Voice Messages May Be a New Frontier for Cybercriminals
Source: Cybernews
Voice messages are increasingly popular, especially among younger generations, but they are also becoming a new frontier for cybercriminals. Malicious actors are leveraging audio deepfake technology to impersonate others, facilitate account takeovers, and potentially influence sensitive situations like court cases. As deepfake technology evolves, detecting these fakes becomes more challenging and are a growing concern for cybersecurity experts who warn of its potential impact on trust and security in digital communications.
ChatGPT 4 Can Exploit 87% of One-Day Vulnerabilities
Source: Security Intelligence
A recent study by cybersecurity researchers revealed that ChatGPT-4 can effectively exploit 87% of one-day vulnerabilities. The research team tested 15 real-world one-day vulnerabilities using various large language models (LLMs) and vulnerability scanners. ChatGPT-4 significantly outperformed other methods, including GPT-3.5 and open-source scanners, which failed to exploit any vulnerabilities. The AI's success is attributed to its ability to handle complex multi-step vulnerabilities, launch diverse attack methods, craft exploit codes, and manipulate non-web vulnerabilities. However, ChatGPT-4's effectiveness drastically decreases to 7% without access to CVE codes.
Cyber-Insurance Premiums Decline as Firms Build Resilience
Source: Infosecurity Magazine
Cyber insurance premiums have seen significant reductions in 2023/24, despite an 18% increase in ransomware incidents. This decline is attributed to organizations enhancing their cybersecurity measures in line with industry best practices, leading to improved resilience against breaches and fewer claims. Insurers are now demanding robust security measures like multi-factor authentication, backups, and endpoint detection as prerequisites for coverage. The global cyber insurance market is projected to reach $91 billion by 2033, growing at a CAGR of 22%. While cyber insurance claims hit record levels in North America last year, with about 21% of covered companies reporting cybersecurity events, the overall trend shows stabilization in the market.
Finding value in this newsletter? Like or share this post on LinkedIn