CISO Daily Update - June 27, 2024
NEW DEVELOPMENTS
Microsoft Blamed for Million-Plus Patient Record Theft at US Hospital Giant
Source: The Register
Major US healthcare provider Geisinger announced a data breach affecting over a million patients–attributing the incident to Nuance Communications, a Microsoft subsidiary. The breach occurred after a terminated/former Nuance employee accessed and potentially stole sensitive patient records two days post-firing. The stolen data includes birth dates, addresses, and medical information but excludes financial records. Nuance was criticized for not promptly revoking the ex-employee's access, a problem they've faced before. The former employee was arrested and faces federal charges.?
LockBit Lied: Stolen Data Is From a Bank, Not US Federal Reserve
Source: Bleeping Computer
In a recent bid for attention, the LockBit ransomware group falsely claimed to breach the Federal Reserve–alleging theft of 33 terabytes of sensitive banking data. However, it was discovered that the actual victim was Evolve Bank & Trust, not the Fed. LockBit published stolen data online, with Evolve confirming the breach–noting that it was contained without any ongoing threat. Evolve is offering affected customers credit monitoring and new account numbers. The incident comes after Evolve faced penalties from the Federal Reserve for deficiencies in risk management and compliance practices. This misleading claim appears to be a desperate attempt by LockBit to regain relevance after recent setbacks.
BianLian Ransomware Targets Better Business Bureau, US Dermatology Partners
Source: The Cyber Express
The notorious BianLian ransomware group claimed to have compromised sensitive data from Better Business Bureau Inc. and U.S. Dermatology Partners in their latest cyberattacks. Allegedly, 1.2 TB of data, including financial, contract, and employee information was stolen from BBB, while 300 GB of similar data was taken from U.S. Dermatology Partners. Despite these claims, the official websites of the targeted organizations remain operational, with some questioning the authenticity of the claims. BianLian is known for targeting critical infrastructure sectors since June 2022, and has a history of exploiting vulnerabilities and extorting data–though many of their claims remain unverified.
Developer Errors Lead to Long-term Exposure of Sensitive Data in Git Repos
Source: Help Net Security
Developer errors have exposed sensitive data in Git repositories for years, with Aqua Security's research uncovering active secrets from major organizations like Cisco and Mozilla. These "phantom secrets" persist in Git's history even after deletion or updates, potentially granting unauthorized access to critical systems and data. The study revealed API tokens, service principal tokens, and other credentials that could lead to significant security breaches, financial losses, and reputational damage.?
New Medusa Android Trojan Targets Banking Users Across 7 Countries
Source: The Hacker News
A new version of the Medusa Android banking trojan has emerged, targeting users in seven countries including Canada, France, Italy, Spain, Turkey, the UK, and the US. This sophisticated malware, active since July 2023, has been distributed through five distinct botnets operated by various affiliates. The updated Medusa features a streamlined permission set and new capabilities, including full-screen overlays and remote app uninstallation. It spreads through dropper apps disguised as fake updates and uses legitimate services like Telegram and X to retrieve command-and-control server information. The malware's reduced permission requirements and ability to create a black screen overlay enhances its stealth. Medusa's expansion into new regions and evolving tactics highlight the growing threat to Android users' financial security.
AzzaSec Reveals Advanced Windows Ransomware Builder, Threatens Cybersecurity
Source: The Cyber Express
Hacktivist group AzzaSec unveiled a sophisticated Windows ransomware builder, available via a Telegram channel since June 23, 2024. Developed in .NET, the ransomware boasts SHA 512 and AES encryption, claiming undetectability against major antivirus solutions like Windows Defender, Avast, Kaspersky, and AVG. It features advanced anti-virtual machine, anti-debugging, and anti-sandbox capabilities, with decryption keys and victim information securely stored on a centralized Command and Control (C2) server. Pricing ranges from $300 for a single-use stub to $4500 for a six-month subscription, with the source code priced at $8000.
领英推荐
VULNERABILITIES TO WATCH
Fresh MOVEit Bug Under Attack Mere Hours After Disclosure
Source: Darkreading
A high-severity vulnerability (CVE-2024-5806) in Progress Software's MOVEit Transfer software is under active exploitation just hours after its disclosure. The flaw, found in MOVEit's SFTP module, allows attackers to bypass authentication and impersonate valid users to grant access to sensitive data. The vulnerability affects several versions of the software and has prompted urgent patching recommendations from Progress. This exploit's rapid deployment highlights the ongoing interest of cybercriminals and espionage groups in targeting enterprise file-sharing platforms, especially following last year's widespread MOVEit-related Cl0p ransomware attacks that impacted numerous high-profile organizations.
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
Source: The Hacker News
Apple released a firmware update to address a vulnerability (CVE-2024-27867) in AirPods that could allow attackers within Bluetooth range to spoof a previously paired device and gain unauthorized access to the headphones. This issue, affecting various AirPods models, Powerbeats Pro, and Beats Fit Pro, could potentially enable eavesdropping on private conversations. The flaw has been fixed with improved state management in firmware updates 6A326, 6F8, and Beats Firmware Update 6F8. This update follows Apple's recent patches for visionOS, which included fixes for 21 vulnerabilities, such as a logic flaw in WebKit.
Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector
Source: Security Week
Siemens recently patched vulnerabilities in several Sicam products critical to the energy sector. These include a buffer overread flaw (CVE-2024-31484) enabling data leakage and potential code execution, a command injection issue (CVE-2024-31485) allowing attackers to intercept credentials and execute code as root, and improper protection of MQTT client passwords (CVE-2024-31486). These vulnerabilities could facilitate attacks targeting power grid solutions.
VMware ESXi Vulnerability Allows Attackers to Bypass Authentication
Source: Cyber Security News
VMware has disclosed three critical vulnerabilities (CVE-2024-37085, CVE-2024-37086, CVE-2024-37087) in its ESXi hypervisor, allowing attackers to bypass authentication and gain unauthorized access. These flaws affect ESXi's management interface, SSH authentication, and vCenter Server authentication processes–potentially enabling administrative control without proper authorization. VMware released patches for all affected versions, urging immediate application to mitigate risks.
SPECIAL REPORTS
Identity Crime Reports Drop 16% Annually but Job Scams Surge
Source: Infosecurity Magazines
Reports of identity-related crimes in the US fell by 16% in 2023, but job scams surged by 118% according to the Identity Theft Resource Center (ITRC). Although the overall number of identity crimes decreased to 10,904, scammers, empowered by generative AI, have become more adept at exploiting victims–particularly through job-related scams on platforms like LinkedIn. Despite the drop in Google Voice scams (60% of total cases), the ITRC warned that identity thieves already possess enough personal information from past breaches and social media oversharing to open new credit lines and accounts, leading to more severe identity misuse cases.
Gaining and Retaining Security Talent: A Cheat Sheet for CISOs
Source: Security Week
A new report from ISC2 and CIISec offers CISOs guidance on recruiting and retaining cybersecurity talent amid a skills shortage. The study challenges the conventional wisdom that all security team members must have technical backgrounds, suggesting that aptitude and diverse skills can be more valuable. It recommends seeking candidates from unconventional sources, focusing on soft skills, and building diverse teams. To retain talent, the report advises frequent pay increases, clear career paths, personal mentoring, and fostering team cohesion. Importantly, it emphasizes the need for CISOs to manage team mental well-being and work-life balance in this high-stress field.?
Finding value in this newsletter? Like or share this post on LinkedIn
Aspiring Cybersecurity Engineer | TS/SCI | SSCP | SIGINT Analyst
5 个月Thank you for this brief update! Following for more! Make the day great.
Cybersecurity, Data Privacy, & Risk Management
5 个月Thank you for these Marcos Christodonte II