CISO Daily Update - June 17, 2024
NEW DEVELOPMENTS
Dordt University Faces Massive Data Leak: Millions of Students and Staff Potentially Affected
Source: The Cyber Express
Private Christian liberal arts college Dordt University suffered a huge data breach caused by the BianLian ransomware group. The attackers claim to have accessed around 3 terabytes of sensitive data, including financial records, personnel files, student profiles, and even children' personally identifiable information (PII) and protected health records (PHI). Despite the severity of the breach, Dordt University has yet to issue an official statement. The BianLian ransomware organization is known for targeting critical infrastructure sectors in the United States and Australia and has refined its extortion methods.
Keytronic Confirms Data Breach After Ransomware Gang Leaks Stolen Files
Source: Bleeping Computer
Print circuit board assembly (PCBA) manufacturer Keytronic confirmed a data breach after the Black Basta ransomware gang leaked 530GB of stolen data. The breach resulted from a May 6 cyberattack that disrupted operations for two weeks and exposed personal information. Keytronic spent $600,000 on initial incident response measures and anticipates further costs. The attack affected human resources, finance, engineering, and corporate data, including employee passports and social security cards. Black Basta has been active since April 2022 and linked to former Conti members; the group breached over 500 organizations and extorted at least $100 million. Keytronic reports that this breach will materially affect their financial projections for Q4 2024.
New York Times Says Data Breach Affected Freelance Visual Contributors
Source: The Record
The New York Times reported a data breach impacting freelance visual contributors–notice letters were sent out this past week. The breach was linked to a January 2024 security incident utilizing a cloud-based third-party code platform. Exposed data types included names, contact information, social media profiles, and specific assignment data. Full-time employees were unaffected, and at least one freelancer posted the message on social media. The breach also exposed 270 GB of corporate data, including the Times and The Athletic source code, user data, corporate discussions, and other internal information.?
Globe Life Discloses Breach Amid Accusations of Fraud and Shady Business Tactics
Source: The Cyber Express
Texas-based insurance holding company Globe Life disclosed a data breach potentially compromising consumer and policyholder information via unauthorized access to its web portal. This breach was identified during a security review initiated by a state insurance regulator's legal inquiry and led to the revocation of external access to the affected portal and the activation of the company's incident response plan. While the investigation continues, Globe Life assured that the breach is isolated to one portal with minimal operational impact. This disclosure coincides with allegations of fraudulent business practices and financial improprieties by short sellers; the company denies the claim, but its share price is significantly impacted.
Los Angeles Schools Investigating Claims of Data for Sale on Dark Web
Source: Cybersecurity Dive
The Los Angeles Unified School District (LAUSD) is investigating claims that certain district records are being offered for sale on the dark web. A threat actor on a cybercrime forum posted an offer to sell approximately 24 million LAUSD records for $1,000. The alleged data includes personally identifiable information such as student IDs, names, dates of birth, and home addresses. While the claims have not been verified, the low selling price suggests the data lacks sensitive account-level information. The incident raises questions about a potential connection to a previous ransomware attack on LAUSD in September 2022 by the Vice Society group.
Blackbaud Must Pay $6.75 Million, Improve Security After Lying About Scope of 2020 Hack
Source: The Record?
Blackbaud will pay $6.75 million and improve its data security and breach notification practices following a May 2020 hack that exposed the personal information of individuals stored by its nonprofit customers. The company initially misled consumers and regulators about the hack's impact, claiming the hacker did not access personal data–despite knowing otherwise. Blackbaud's poor security practices, including a lack of password controls and multifactor authentication, allowed the hacker to remain undetected for months. The settlement with California, along with a previous FTC order, requires Blackbaud to implement comprehensive security measures.
Young Cyber Scammer Arrested, Allegedly Behind Cyberattacks on 45 U.S. Companies
Source: The Cyber Express
Spanish police arrested a 22-year-old British national in Palma de Mallorca accused of leading a cybercrime group that targeted 45 U.S. companies. Allegedly, the scammer orchestrated phishing campaigns to steal credentials, infiltrate corporate systems, access sensitive data, and seize victims’ cryptocurrency wallets. In collaboration with the FBI, the arrest was made at Palma airport as the suspect prepared to depart for Naples. Authorities seized the suspect’s laptop and phone, and he faces provisional imprisonment pending further legal proceedings–including potential extradition to the U.S.
领英推荐
Former IT Employee Gets 2.5 Years for Wiping 180 Virtual Servers
Source: Bleeping Computer
Nagaraju Kandula, a former quality assurance employee at National Computer Systems (NCS), was sentenced to two years and eight months in prison for deliberately deleting 180 virtual servers after being fired from the company. Kandula used his non-invalidated credentials to access NCS systems multiple times between January and March 2023, testing custom scripts before executing a wiper that caused an estimated $678,000 in damages. The incident highlights the importance of promptly revoking former employees' access to critical systems and resetting administrative account passwords to prevent potentially catastrophic attacks.
Article Link
New Linux Malware Is Controlled Through Emojis Sent From Discord
Source: Bleeping Computer
A new Linux malware dubbed 'DISGOMOJI' exploits emojis sent via Discord for command and control (C2) purposes and targets government agencies in India. Discovered by cybersecurity firm Volexity, the malware is linked to a Pakistan-based threat actor known as 'UTA0137.' DISGOMOJI enables attackers to execute commands, take screenshots, steal files, and deploy additional payloads. Its unique use of emojis and Discord for C2 communication potentially evades detection by traditional security software. The malware is distributed through phishing emails targeting the BOSS Linux distribution used by Indian government agencies and maintains persistence via cron jobs and other mechanisms. Once infected, systems exfiltrate data to the attackers and facilitate lateral spread within the network.
VULNERABILITIES TO WATCH
Asus Fixed Critical Remote Authentication Bypass Bug in Several Routers
Source: Security Affairs
ASUS fixed a critical remote authentication bypass vulnerability (CVE-2024-3080) affecting several router models with a CVSS v3.1 score of 9.8. This flaw allowed remote attackers to log into devices without authentication. Impacted models include ZenWiFi XT8, RT-AX57, RT-AC86U, and RT-AC68U, among others. Users should update to the latest firmware versions to secure their devices. Additionally, ASUS addressed another critical flaw (CVE-2024-3912) that allowed arbitrary firmware uploads, impacting models like DSL-N17U and DSL-N55U. Firmware updates are available, but some models have reached end-of-life and won't receive updates; these should be replaced or have remote access features disabled.
SolarWinds Serv-U Vulnerability Let Attackers Access Sensitive Files
Source: GB Hackers on Security
SolarWinds released a security advisory addressing a high-severity Directory Traversal vulnerability (CVE-2024-28995) in its Serv-U File Transfer solution. The vulnerability allows attackers to read sensitive files on the host machine and affects multiple Serv-U products on both Windows and Linux platforms. SolarWinds fixed the vulnerability in the latest version, Serv-U 15.4.2 HF 2, and strongly recommends users upgrade their products to mitigate the risk. The vulnerability was discovered in a modified function that processes file paths, allowing attackers to trigger directory traversal by providing specific payloads to certain HTTP request parameters.
Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE
Source: Security Week
Rockwell Automation addressed three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software through individual advisories. One of the flaws (CVE-2024-37368) involves user authentication issues, allowing unauthorized access to HMI projects remotely. CVE-2024-37367 shares a similar weakness. Another vulnerability (CVE-2024-37369) enables local privilege escalation, bypassing access control lists within the system. These issues have been resolved with the release of version 14. Rockwell Automation urges organizations to update their systems promptly. Additionally, they've warned about a vulnerability affecting certain controllers that could lead to a nonrecoverable fault condition if exploited.
SPECIAL REPORTS
The Biggest Downsides of Digital ID Adoption
Source: Help Net Security
Despite the emergence of innovative digital verification methods, many organizations worldwide still rely on physical documents for identity verification due to various obstacles–including the lack of global digital ID standards and legislation, regional differences in privacy perspectives, and technological disparities between countries. The adoption of digital IDs is seen as crucial for developing a robust global digital economy, but the transition is hampered by political, economic, and public recognition issues. Until a complete standard for digital ID is developed and adopted worldwide, physical documents will likely remain essential for identity verification.
Finding value in this newsletter? Like or share this post on LinkedIn
Dordt University hit by massive data leak due to BianLian ransomware group, compromising 3 terabytes of sensitive data.