CISO Daily Update - July 3, 2024
NEW DEVELOPMENTS
Patelco Credit Union Hit by Ransomware Attack, Disrupting Services for Nearly 500,000 Members
Source: The Cyber express
A major ransomware attack crippled Patelco Credit Union, one of the largest credit unions in the U.S.–disrupting essential banking services for nearly 500,000 members across Northern California. The June 29 attack forced Patelco to shut down its online banking platform, mobile app, and call center operations, leaving members unable to perform electronic transactions, including transfers, direct deposits, and online bill payments. While ATM services remain partially functional, the credit union is grappling with limited debit and credit card transactions. CEO Erin Mendez confirmed the ransomware attack and assured members that Patelco is working with cybersecurity experts to assess and resolve the situation. The credit union established a dedicated webpage for updates and emphasizes that there's currently no evidence of compromised account information or login credentials.
Affirm Says Cardholders Impacted by Evolve Bank Data Breach
Source: Bleeping Computer
Following a data breach at Evolve Bank & Trust, several fintech companies including Affirm, Wise, and Bilt, all disclosed potential impact on their customers' data. Affirm warned their card members of unauthorized access to their personal and financial information such as names, social security numbers, and bank account numbers. Wise notified its customers that sensitive personal information was shared with Evolve as part of a partnership between 2020 and 2023. Bilt also acknowledged the breach's possible impact on client data, although investigations are still ongoing.
Health Tech Execs Get Jail Time For $1bn Fraud Scheme
Source: Infosecurity Magazine
Three former executives of the health tech startup Outcome Health were sentenced for fraudulently securing $1 billion from investors and lenders. Co-founder and ex-CEO Rishi Shah received a seven-year, six-month prison sentence.? Former president Shradha Agarwal got three years in a halfway house, and ex-COO/CFO Brad Purdy was sentenced to two years and three months in prison. From 2011 to 2017, they sold non-existent ad inventory and inflated metrics, leading to over $45 million in overbilled services. Their inflated revenue figures enabled them to raise significant funds and pocket millions in dividends.
RansomHub Double Threat: Florida Health Dept. & NTT DATA Romania Targeted
Source: The Cyber Express
The Florida Department of Health and NTT DATA Romania face threats from the RansomHub group, which claimed to breach their systems and access substantial amounts of data. RansomHub asserts it has 100 GB of data from the Florida Department of Health and 230 GB from NTT DATA Romania–threatening to publish it within days if ransom demands are not met. As of now, the claims remain unverified.
Stolen Credentials Could Unmask Thousands of Darknet Child Abuse Website Users
Source: The Record
Researchers from Recorded Future discovered a significant threat to users of darknet websites sharing child sexual abuse material (CSAM). Infostealer malware has enabled the exposure of thousands of individuals by harvesting login credentials from infected devices. These credentials not only unlock banking apps but also connect users to their real identities on platforms like Facebook–potentially including sensitive autofill data such as home addresses. This breach of anonymity could aid law enforcement in investigating offenders and protecting at-risk children. Recorded Future has shared its findings with U.S. law enforcement to support ongoing investigations.
VULNERABILITIES TO WATCH
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
Source: Darkreading
Cisco patched a command-line injection flaw (CVE-2024-20399) in its NX-OS Software, exploited by the Chinese APT group Velvet Ant. This vulnerability allows authenticated attackers to execute arbitrary commands as root on affected devices. Impacted devices include various Cisco Nexus and MDS series switches. The flaw is due to insufficient validation of arguments in CLI commands. Despite a CVSS score of 6.0, Velvet Ant has been exploiting this flaw to deploy custom malware. Organizations are urged to patch immediately and implement security best practices, such as using privileged access management and multifactor authentication.
领英推荐
Splunk Patches High-Severity Vulnerabilities in Enterprise Product
Source: Security Week
Splunk recently patched multiple vulnerabilities in its Splunk Enterprise and Cloud Platform products–addressing a total of 16 vulnerabilities, including six high-severity issues. Among the critical vulnerabilities fixed are three remote code execution (RCE) flaws that require authentication for exploitation. These vulnerabilities could allow attackers to execute arbitrary code through various methods, such as manipulating queries and exploiting vulnerable components like the dashboard PDF generation and external lookup functionalities. Splunk recommends immediate patching or mitigation strategies to secure affected installations against potential exploitation.
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
Source: Security Week
Google recently addressed 25 security vulnerabilities in its Android operating system, including a critical flaw in the Framework component (CVE-2024-31320) that affects Android versions 12 and 12L. This vulnerability could potentially allow attackers to escalate privileges on compromised devices without requiring additional privileges. The security update, delivered in two parts with patch levels 2024-07-01 and 2024-07-05, also includes fixes for seven other high-severity issues across various components like System and Kernel.
SPECIAL REPORTS
Ransomware Attack Demands Reach a Staggering $5.2m in 2024
Source: Infosecurity Magazine
Ransomware attacks hit new highs in 2024, with average extortion demands soaring to $5.2 million per incident. The first half of the year saw 421 confirmed attacks impacting 35.3 million records across various sectors. India's Regional Cancer Center faced the largest demand at $100 million, followed by UK's Synnovis at $50 million. Despite a decrease in overall attacks compared to 2023, the severity intensified, with private businesses bearing the brunt. LockBit remained the most active group, launching 48 attacks despite a law enforcement crackdown. The healthcare sector suffered significant blows, with LoanDepot's 16.9 million affected records topping the list. Notably, some groups have shifted tactics, focusing solely on data theft for extortion rather than file encryption.
Deepfakes and Voice Clones Are Undermining Election Integrity
Source: Help Net Security
AI-generated content is raising serious concerns about election integrity, with 72% of global voters fearing its impact on upcoming polls. In the U.S., 45% of respondents have encountered AI-generated political content in the past year. Deepfakes and voice clones are particularly troubling, with 81% of Americans worried about their effect on election integrity. Trust in online voting is low, as 74% of U.S. respondents would question such results. Reports show that while 87% of Americans believe brands are responsible for digital privacy, there's an ambivalence about AI's impact on fraud susceptibility.
Mobile Political Spam Surges Threefold For 2024 Election
Source: Infoscurity Magazine
The 2024 US election is facing an unprecedented surge in mobile political spam, with volumes tripling compared to the 2022 midterms. This trend coincides with voters' increasing reliance on digital platforms for information, as 60% of US adults prefer digital media for news and 97% have access to mobile messaging. The study reveals a 7% rise in election-related smishing attacks over the past nine months, with a notable 240% spike in unwanted political messages following Trump's "hush money" trial verdict. To combat these threats, experts urge voters to exercise caution with unsolicited messages, avoid clicking on suspicious links, and carefully verify the legitimacy of election-related digital communications.
Finding value in this newsletter? Like or share this post on LinkedIn
CISSP | PMP | CISM | CCSP | Principle Cybersecurity Analyst at Intermountain Health
3 个月Love this format! Great work