CISO Daily Update - October 7, 2024
NEW DEVELOPMENTS
Comcast and Truist Bank Customers Caught Up in FBCS Data Breach
Source: Bleeping Computer
A data breach at Financial Business and Consumer Solutions (FBCS) exposed sensitive information of Comcast Cable and Truist Bank customers–including Social Security numbers, birth dates, and account details. Initially impacting 1.9 million people, the breach's scope expanded to 4.2 million by July 2024. Both companies are now alerting affected customers. Due to FBCS’s financial difficulties, Comcast and Truist are managing the remediation efforts on their own.
Over 61K Compromised in Alabama Hospital Hack
Source: SC Media
In October 2023, Medical Center Barbour in Alabama suffered a cyberattack that exposed the sensitive information of over 61,000 patients. The compromised data includes names, birthdates, medical records, driver's licenses, and health insurance details. Some victims also had their social security numbers, financial information, and passport details stolen. While the hospital only recently disclosed the breach, it has since upgraded its cybersecurity defenses and monitoring tools to prevent further incidents.
Five Percent of All Adobe Commerce and Magento Stores Hacked, Researchers Say
Source: Cybernews
A critical vulnerability called "CosmicSting" has compromised 5% of all Adobe Commerce and Magento stores–impacting 4,275 online retailers, including brands like Ray-Ban and Cisco. Rated 9.8/10 in severity, this flaw allows attackers to execute code and install payment skimmers to steal customer data in real-time. Despite Adobe issuing a security update in July, many stores remain at risk due to unpatched systems and failure to invalidate old encryption keys. Seven different cybercriminal groups are now fighting for control over the affected stores.
MoneyGram: No Evidence Ransomware Is Behind Recent Cyberattack
Source: Bleeping Computer
MoneyGram confirmed a recent cyberattack, stating there is no evidence of ransomware involvement. The company worked with cybersecurity experts, including CrowdStrike, and law enforcement to investigate the breach. The attack caused a five-day outage in September and began with social engineering targeting an internal help desk. Threat actors gained temporary access to employee credentials, but MoneyGram contained the breach with precautionary measures. Most services have been restored, and the company denies any significant impact on its systems or agents. The incident mirrors tactics used by the hacker group Scattered Spider.
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam
Source: GBHackers
The "Prince Ransomware" campaign is hitting organizations in the UK and the US through phishing scams that impersonate Royal Mail. Attackers use contact forms to bypass traditional email security, distributing malicious PDFs and ZIP files that execute ransomware and encrypting files with a ".womp" extension. Detected by Proofpoint, this ransomware is particularly destructive, lacking a decryption mechanism and leaving victims unable to recover their files even after paying the ransom. This attack calls for ensuring strong defenses, including employee training, multi-factor authentication, and regular backups.
Man Pleads Guilty to Stealing $37 Million in Crypto From 571 Victims
Source: Bleeping Computer
Evan Frederick Light, a 21-year-old from Indiana, pleaded guilty to stealing over $37 million in cryptocurrency from 571 victims during a 2022 cyberattack on a South Dakota investment firm. He and his co-conspirators exploited vulnerabilities in the firm's servers, accessed client information, and transferred stolen cryptocurrency to coin-mixing services and gambling sites to hide its origins. Light faces up to 20 years in prison per count.
Russia Arrests 96 People Tied to US-Disrupted Cryptocurrency Exchanges
Source: Security Week
Russian authorities arrested 96 individuals connected to the UAPS and Cryptex cryptocurrency exchanges, which were recently disrupted by US and Dutch law enforcement. These suspects are involved in laundering proceeds from ransomware, fraud, and darknet drug operations and owned over $16 million in luxury assets. UAPS, allegedly led by Russian national Sergey Ivanov, was linked to illegal exchanges like PinPays and PM2BTC. The US seized related domains and uncovered $600 million in suspicious transactions through Cryptex, with 28% tied to sanctioned entities. Ivanov now faces US sanctions, with a $10 million reward for information leading to his capture.
领英推荐
VULNERABILITIES TO WATCH
WordPress LiteSpeed Cache Plugin Flaw Could Allow Site Takeover
Source: Security Affairs
A high-severity vulnerability (CVE-2024-47374) in the WordPress LiteSpeed Cache plugin, affecting versions up to 6.5.0.2, allows attackers to execute arbitrary JavaScript through a stored cross-site scripting (XSS) issue. The flaw is linked to improper sanitization of an HTTP header and is triggered when certain settings like "CSS Combine" are enabled. With over six million active installations, site administrators must urgently update to version 6.5.1 to prevent unauthorized access. This follows a separate LiteSpeed vulnerability (CVE-2024-44000) addressed earlier this year.
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Source: The Hacker News
Apple released critical updates for iOS and iPadOS to fix two major security vulnerabilities. One flaw (CVE-2024-44204) allowed the VoiceOver feature to read aloud users' saved passwords, impacting a wide range of iPhones and iPads. Apple resolved this issue by improving validation. The second vulnerability (CVE-2024-44207) affected iPhone 16 models, enabling audio capture before the microphone indicator was activated. Both vulnerabilities have been fixed, and Apple urges users to update to iOS 18.0.1 and iPadOS 18.0.1 to secure their devices.
Google Addresses Critical Baseband Flaws, Strengthens Pixel Defenses
Source: The Cyber Express
Google as bolstered Pixel phone security by addressing critical vulnerabilities in baseband firmware that affect LTE, 4G, and 5G connectivity. These flaws handle cellular communications, leaving devices vulnerable to remote code execution attacks via malicious network packets. In response, Google’s latest Pixel models now include advanced security measures such as Bounds and Integer Overflow Sanitizers, Stack Canaries, and Control Flow Integrity (CFI). These improvements, along with enhanced bug detection, aim to safeguard users from potential exploits and strengthen overall mobile security.
RPKI Beware: 53 Security Flaws Revealed in Alarming New Report
Source: Cyber Press
A new report has uncovered 53 security flaws in the Resource Public Key Infrastructure (RPKI), a system meant to secure the Border Gateway Protocol (BGP) and prevent route hijacking. Despite its growing adoption, the report points to operational inconsistencies, unclear RFC requirements, and vulnerabilities in RPKI implementations, including remote code execution (RCE) threats like the one found in the Fort relying party validator. These flaws increase the risk of BGP attacks and disrupt validation processes. While RPKI is vital for improving internet routing security, the findings call for more research, automation, and refinement to ensure its safe deployment.
SPECIAL REPORTS
Cybercriminals Capitalize on Poorly Configured Cloud Environments
Source: Help Net Security
Cybercriminals are exploiting poorly configured cloud environments and leveraging off-the-shelf offensive security tools (OSTs) like Cobalt Strike and Metasploit, which made up 54% of observed malware alerts according to Elastic's 2024 Global Threat Report. Misconfigurations in cloud services, such as Azure storage and AWS S3, are increasing, while brute-force attacks have risen by 12%, primarily targeting Azure. Although security defenses have improved, with a 6% decrease in evasion behaviors, there has been a rise in malware-as-a-service and credential harvesting.
Ransomware Hits Critical Infrastructure Hard, Costs Adding Up
Source: Security Week
Ransomware attacks on cyber-physical systems (CPS) are causing substantial financial losses, with 45% of organizations reporting damages over $500,000 and 27% exceeding $1 million. Critical sectors like healthcare, chemical manufacturing, and energy are hit hardest, often paying over $500,000 in ransom to recover encrypted data. Downtime, extended recovery periods, and disrupted processes worsen the situation. To reduce these risks, organizations are urged to enhance asset visibility, secure third-party access, strengthen network protections, and deploy threat detection systems to better defend their CPS environments.
Finding value in this newsletter? Like or share this post on LinkedIn
Thanks for sharing!
Principal Cybersecurity @Inherent Security | Helping Health Tech leaders achieve HIPAA Security & Privacy Compliance.
1 个月Passport info was leaked in the Alabama breach too, ouch!