CISO Daily Update - May 9, 2024
NEW DEVELOPMENTS
Brandywine Realty Trust Confirms Data Breach After Ransomware Attack
Source: The Cyber Express
Brandywine Realty Trust, one of the largest publicly traded real estate investment trusts in the U.S., confirmed a cyberattack led to unauthorized access to portions of its internal network and ransomware deployment. The attack disrupted operations by encrypting resources and impacting business applications–including financial and reporting systems. Brandywine took steps to contain the incident; files were stolen, and an investigation is underway to determine if sensitive data was exposed. The perpetrators remain unidentified as the company works to restore systems and evaluate disclosure obligations under new cybersecurity incident reporting rules for public companies.
One Year On, Universities Org Admits MOVEit Attack Hit Data of 800K People
Source: The Register
Nearly a year after initially detecting a cyberattack, the University System of Georgia (USG) disclosed that the infamous Cl0p ransomware gang exploited a vulnerability in Progress Software's MOVEit file transfer tool. This incident exposed the personal data of over 800,000 individuals across its 26 institutions. Data types exposed included social security numbers, dates of birth, bank accounts, and tax records. USG faces criticism for delayed victim notification–i.e. notifications began on April 15, 2024, despite the May 2023 attack timeline.
Scattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader Says
Source: The Record
The FBI admits the hacking group known as Scattered Spider poses a unique challenge that requires the agency to "evolve" and adapt its tactics, as the collective's large size, proficiency in social engineering, and alleged coordination with Russian ransomware gangs make it difficult to fully "dismantle" in the way law enforcement has disrupted some other cybercriminal operations. A senior FBI official urged patience and closer private sector cooperation to share threat intelligence that could aid disruption efforts against the group responsible for major breaches at MGM Resorts, Caesars Entertainment, and others.
MediExcel Exposes 500K Patient Documents
Source: Cybernews
A cybersecurity research team discovered an open Amazon S3 storage bucket owned by MediExcel that exposed over 500,000 sensitive patient documents. The leaked data included registration forms, medical diagnoses, bills, insurance claims, and other personal and medical information. Before being secured, the data was potentially accessible from May 2023 to April 2024 due to misconfigured access controls.
FBI Warns of Gift Card Fraud Ring Targeting Retail Companies
Source: Bleeping Computer?
The FBI issued a warning to US retail companies about the financially motivated hacking group Storm-0539, which targets gift card departments through sophisticated phishing attacks. After bypassing multi-factor authentication using a sophisticated phishing kit, the group gains access to employee accounts, pivots through networks, and generates fraudulent gift cards. To defend against these attacks, retail corporations are advised to update incident response plans, train employees to recognize phishing scams, enforce multi-factor authentication, and implement strong password policies. This alert follows a surge in gift card fraud attacks during the holiday season.
Attackers Leverage TunnelVision Vulnerability to Expose User Data
Source: The Cyber Express
Attackers are exploiting a TunnelVision vulnerability in VPN applications. This flaw, existing since 2002, allows attackers to intercept VPN traffic and bypass encryption. By manipulating DHCP option 121, attackers divert VPN traffic to rogue servers–exposing it to interception. Proposed solutions include network namespaces to segregate traffic and mitigate the vulnerability's impact.?
领英推荐
VULNERABILITIES TO WATCH
Veeam Fixes RCE Flaw in Backup Management Platform (CVE-2024-29212)
Source: Help Net Security
Veeam addressed a critical vulnerability (CVE-2024-29212) in its Veeam Service Provider Console (VSPC). This flaw stems from unsafe deserialization methods, potentially enabling remote code execution under specific conditions. While Veeam discovered the issue internally and no active exploitation has been reported, users of affected versions (4.0 to 8.0) are urged to apply the latest cumulative patch to mitigate potential risks. Notably, this vulnerability doesn't impact other Veeam products.
The CyberPower UPS Vulnerability Threatening Critical Systems Across Sectors
Source: The Cyber Express
A set of critical vulnerabilities was discovered in the CyberPower PowerPanel Business UPS management software–potentially allowing attackers to bypass authentication, gain admin access, execute malicious code, and compromise sensitive data.? Urgent attention to patching and mitigation measures is crucial to prevent potential exploitation and safeguard critical systems.
Litespeed Cache WordPress Plugin Actively Exploited in the Wild
Source: Security Affairs
Threat actors are actively exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress–allowing them to create rogue admin accounts and gain full control over websites. Tracked as CVE-2023-40000 with a CVSS score of 8.3, the flaw enables Stored XSS attacks. Patchstack discovered the issue in February 2024 where unauthenticated users can elevate privileges using crafted HTTP requests. The vulnerability, patched in October 2023, has seen a surge in exploitation attempts with malicious IPs scanning for vulnerable sites. Indicators of compromise include specific URLs and associated IPs. Users are advised to update to version 5.7.0.1 and monitor for suspicious activity.
SPECIAL REPORTS
A Third of Tech CISOs Are Unhappy With Their Income
Source: Infosecurity Magazine
A study by IANS Research and Artico Search reveals that 34% of tech sector CISOs are discontented with their compensation. Publicly listed firms and VC-backed tech companies offer higher pay, averaging around $1m and $793,000, respectively. However, macroeconomic challenges and budget constraints led to only a 4% growth in security budgets last year, with 31% of CISOs not receiving a raise. Despite this, the share of CISOs considering a job change in the next year has increased significantly, indicating a potential shift in the job market.
97% of Organizations Hit by Ransomware Turn to Law Enforcement
Source: Help Net Security
Sophos' "State of Ransomware 2024" survey revealed that 97% of organizations hit by ransomware sought assistance from law enforcement or government bodies. Despite concerns about public exposure, 59% found the process of engaging with law enforcement relatively easy. Assistance included advice on dealing with attacks (61%), help with investigation (60%), and data recovery (58%). Chester Wisniewski , Sophos's Director of Field CTO, emphasized the importance of cooperation to combat ransomware–highlighting the need for preventive measures and global collaboration between the public and private sectors. The findings are based on a survey of 5,000 cybersecurity/IT leaders globally, conducted between January and February 2024.
CIO, American Elevator Group | IT Operations & Management | Leading cross-functional teams toward the fulfillment of organizational goals & objectives
9 个月Informative update, Marcos. Ransomware is becoming more of a problem with each passing day. Unfortunately, industries such as healthcare are the most likely to be hit with it because of their valuable data. At least these organizations have someone to go to in times of crisis. The advice given could lessen the damage.