CISO Daily Update - November 12, 2024

CISO Daily Update - November 12, 2024

NEW DEVELOPMENTS

Massive Data Breach: American Debt Relief Service Exposes 1.5 Million

Source: Cybernews

A massive data breach at debt relief services provider Set Forth, Inc. exposed the personal information of 1.5 million people–including social security numbers, addresses, and dates of birth. The breach affected direct customers and business partners like Centrex, Inc., and was discovered in May 2024; Set Forth disclosed details to the Maine Attorney General on November 8. The company has implemented enhanced security protocols, including endpoint monitoring and a forced a global password reset. Set Forth offers the impacted users 12 months of identity theft protection and advises vigilance. At least two law firms are investigating potential class action suits on behalf of affected individuals.

Article Link


Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients

Source: Security Week

A data breach at law firm Thompson Coburn compromised the personal information of over 300,000 patients of Presbyterian Healthcare Services. Discovered on May 29, 2024, the breach involved unauthorized access to files containing sensitive data, including names, social security numbers, dates of birth, medical record numbers, patient account numbers, prescription or treatment details, medical provider information, clinical data, and health insurance information. Thompson Coburn has notified affected individuals and offers free credit monitoring and identity theft protection services. The firm has not disclosed details about the cyberattack, and no known ransomware group has claimed responsibility.?

Article Link


City of Sheboygan Hit by Cyberattack – Here’s the Latest on the Ransom Threat

Source: The Cyber Express

The City of Sheboygan, Wisconsin, recently suffered a ransomware attack that disrupted municipal services and compromised sensitive data. The cybercriminals demanded a ransom to restore access to the encrypted files. In response, city officials collaborated with cybersecurity experts and law enforcement agencies to assess the breach's impact and implement recovery measures. The city has not disclosed whether it intends to pay the ransom. Residents are advised to monitor official communications for updates and remain vigilant against potential scams exploiting the situation.?

Article Link


Halliburton Reports $35 Million Loss After Ransomware Attack

Source: Bleeping Computer

In August 2024, Halliburton, a leading provider of products and services to the energy industry, suffered a ransomware attack attributed to the RansomHub group. The breach forced the company to shut down IT systems and disconnect customers, resulting in a $35 million loss. Despite the financial impact, Halliburton reported that the incident did not materially affect its financial performance. The company implemented enhanced cybersecurity measures to prevent future attacks.?

Article Link


Amazon Discloses Employee Data Breach After May 2023 MOVEit Attacks

Source: Security Affairs

Amazon recently revealed a data breach affecting employee information from the May 2023 MOVEit attacks. The breach involved data stolen from a third-party vendor with 2.8 million records–allegedly leaked by the hacker Nam3L3ss on BreachForums. Compromised data such as names, contact details, building locations, and email addresses, while social security numbers and financial information remain unaffected. Amazon confirmed its systems were secured and only work contact information was exposed. While the MOVEit exploit is associated with the CL0P ransomware group, researchers are uncertain if CL0P or other actors orchestrated this breach.

Article Link


SproutBeat Database Leak, Over 16,323 user records Exposed

Source: Cyber Press

The educational platform SproutBeat experienced a data breach that exposed the personal information of 16,323 users. The compromised data includes user IDs, names, and email addresses. A threat actor known as "888" has claimed responsibility for leaking this information on a dark web forum. Users are advised to change their passwords, enable two-factor authentication, and remain vigilant against potential phishing attacks.?

Article Link


Threat Actor Allegedly Claims Leak of 489 Million Lines of Instagram Data

Source: Cyber Press

A threat actor claims to possess and is selling a dataset containing 489 million lines of Instagram user information. The alleged data includes usernames, email addresses, follower counts, and other personal details–reportedly obtained through data scraping techniques. Instagram users are advised to enhance their account security by updating passwords and enabling two-factor authentication.

Article Link


Notorious 888 Allegedly Claim Leak of Appleton Harley-Davidson

Source: Cyber Press

The cybercriminal group "888" has reportedly leaked sensitive data from Appleton Harley-Davidson, compromising the personal information of nearly 20,000 customers including names and email addresses. The breach was first reported on November 10, 2024. Appleton Harley-Davidson has not released an official statement or confirmed an ongoing investigation.

Article Link


FBI Issues Warning as Crooks Ramp Up Emergency Data Request Scams

Source: The Register

The FBI warned of a surge in fraudulent emergency data requests (EDRs) targeting U.S. businesses and law enforcement agencies. Cybercriminals exploit compromised government email accounts to send fake EDRs, tricking organizations into disclosing sensitive personal information without proper verification. This tactic has gained popularity, with underground forums offering tutorials on executing such scams for as little as $100. The FBI advises organizations to strengthen relationships with local FBI field offices and review incident response plans to mitigate these threats.?

Article Link


VULNERABILITIES TO WATCH

CISA Warns of Critical Vulnerabilities in Industrial Control Systems Affecting Key Infrastructure Sectors

Source: The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities, CVE-2024-8957 and CVE-2024-8956, to its Known Exploited Vulnerabilities Catalog. These vulnerabilities affect PTZOptics PT30X-SDI/NDI cameras running firmware versions earlier than 6.3.40. CVE-2024-8957 is an OS command injection flaw that allows remote, authenticated attackers to escalate privileges to root by injecting crafted payloads into the ntp_addr parameter of the /cgi-bin/param.cgi script. CVE-2024-8956 is an authentication bypass issue enabling unauthorized access to sensitive camera functions by exploiting insecure direct object references. CISA urges users to update to firmware version 6.3.40 or discontinue use if updates are unavailable. The deadline is set for November 25, 2024.?

Article Link


Many Legacy D-Link NAS Devices Exposed to Remote Attacks via Critical Flaw

Source: Security Week

D-Link issued a warning regarding a critical command injection vulnerability. The CVE-2024-10914 affects multiple discontinued network-attached storage (NAS) models. This flaw allows unauthenticated attackers to execute arbitrary shell commands by exploiting improper input sanitization in the account management function. The vulnerability impacts models including DNS-320, DNS-320LW, DNS-325, and DNS-340L. These devices have reached their end-of-life status and will not receive security updates. D-Link advises users to retire the affected products and upgrade to supported models to maintain network security.?

Article Link


Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Source: The Hacker News

Researchers recently uncovered nearly two dozen security vulnerabilities in 15 widely used open-source machine learning (ML) projects, such as Weave, ZenML, Deep Lake, Vanna AI, and Mage AI. JFrog, a software supply chain security firm, identified these flaws, which allow attackers to hijack servers, escalate privileges, and compromise ML pipelines. Key vulnerabilities include CVE-2024-7340, a directory traversal flaw in Weave that permits unauthorized file access; an access control weakness in ZenML that enables privilege escalation; and CVE-2024-6507, a command injection issue in Deep Lake that facilitates system command execution.

Article Link


Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts

Source: Cyber Security News

A critical vulnerability (CVE-2024-47295) has been found in various Epson devices, including printers, scanners, and network interface products. This flaw allows attackers to exploit an unsecured, blank administrator password to create unauthorized admin accounts through the Web Config interface–potentially gaining full control over the device. Epson urges users to mitigate these risks by setting strong administrator passwords, using firewalls, and keeping firmware up to date.

Article Link


SPECIAL REPORTS

How Human Ingenuity Continues to Outpace Automated Security Tools

Source: Help Net Security

A recent HackerOne report reveals that 10% of security researchers now specialize in AI technology, with 48% of security leaders identifying AI as a significant risk to their organizations. The report highlights a 171% increase in AI assets on the HackerOne platform, noting that 55% of reported AI vulnerabilities pertain to safety issues. Despite the rise in AI-related vulnerabilities, bounties for these reports average $401 compared to $689 for traditional security programs. The report emphasizes integrating human expertise with technology to effectively address the unique challenges posed by AI and emerging technologies.?

Article Link


Finding value in this newsletter? Like or share this post on LinkedIn

要查看或添加评论,请登录