Cyber Weekly Newsletter
Riskigy Cybersecurity & Tech Advisors
Fractional Cybersecurity and Tech compliance leadership and consulting for start-up, emerging and beyond!
The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team
Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware
This Weeks Need-to-Know News and Alerts
?? CISA has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, do to active exploitation in the wild. CVE-2023-7028 (CVSS score: 10.0), the vulnerability facilitates account takeover by sending password reset emails. https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html
?? Hackers stole customer data, auth secrets from DropBox Sign (HelloSign) eSignature service. DropBox says hackers breached production systems for its eSignature platform and accessed authentication tokens, MFA keys, hashed passwords, customer information. https://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/
?? Botnet targets D-Link routers with a decade-old critical security flaw with the goal of using the compromised devices for further attacks. Ubiquiti routers have also come under assault from another threat actor that infects these devices with malware. https://thehackernews.com/2024/05/new-goldoon-botnet-targets-d-link.html?
?? Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its IAM solutions, with some customer accounts breached in the attacks. Okta says the attacks seem to originate from the same infrastructure used in the brute-force attacks . https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers
?? The FCC has fined the largest U.S. wireless carriers almost $200 million includes $12 million for Sprint and $80 million for T-Mobile (the two carriers have merged), more than $57 million for AT&T, and an almost $47 million fine for Verizon. https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location
?? The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. DHS is working to facilitate safe, responsible, and trustworthy use of AI technology. https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html?
?? Cybersecurity researchers have discovered campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. https://thehackernews.com/2024/04/millions-of-malicious-imageless.html?
?? 18 security vulnerabilities impact all versions of Brocade SANnav SAN Management Software up to and including 2.3.0. The flaws in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html?
?? US Post Office phishing sites get as much traffic as the real one. Researchers analyzing Phishing campaigns that target USPS found traffic to the fake domains is typically similar to what the legitimate site records and it is higher during holidays. https://www.bleepingcomputer.com/news/security/us-post-office-phishing-sites-get-as-much-traffic-as-the-real-one?
?? Google Prevented 2.28 Million Malicious Apps! Google revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages. https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html?
From Our Blog
Celebrate National Small Business Week By Boosting Cybersecurity
As we step into National Small Business Week from April 28 to May 4, 2024, it’s an excellent time for small and medium-sized businesses (SMBs) to reflect not just on growth strategies, but on the foundational aspects that ensure sustainability. A critical component of this foundation is cybersecurity. In a digital era where threats are evolving rapidly, bolstering your SMB’s security can be your best investment. Read more at https://riskigy.com/blog/f/celebrate-national-small-business-week-by-boosting-cybersecurity?
World Password Day 2024: How Businesses Can Lead the Way
World Password Day is observed on the first Thursday of May each year. In 2024, World Password Day falls on May 2. As we approach World Password Day 2024, the spotlight turns not just on individuals, but significantly on businesses - the custodians of vast amounts of personal and sensitive data… Read more at https://riskigy.com/blog/f/world-password-day-2024-how-businesses-can-lead-the-way ?
Get AI Ready with 10 Key Points on Secure AI Deployment
The Cybersecurity and Infrastructure Security Agency (CISA) has issued best practices for Deploying Secure and Resilient AI systems, expanding on the secure deployment and secure operation and maintenance sections of the Guidelines for secure AI system development. These best practices also incorporate mitigation considerations from Engaging with Artificial Intelligence (AI)… Read more at https://riskigy.com/blog/f/get-ai-ready-with-10-key-points-on-secure-ai-deployment?
What You Need to Know About the IRS Dirty Dozen
Every year, taxpayers are bombarded with new schemes and tricks that unscrupulous individuals employ to defraud not only the government but often innocent individuals as well. Staying ahead of these deceptive practices...Read more at https://riskigy.com/blog/f/what-you-need-to-know-about-the-irs-dirty-dozen?
Recent Data Breach News
?? The Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. The Inquirer is Philadelphia's largest newspaper by circulation and has won 20 Pulitzer Prizes. https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/
?? UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/
领英推荐
?? Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of associates. https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/?
?? The H?pital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang. The 840-bed hospital announced a severe disruption caused by a cyberattack that forced it to take all computers offline. https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/
?? Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people. It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii and more. https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-may-impact-134-million-patients?
?? Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." The company has also hired external experts to investigate the cyberattack that impacted its systems over the weekend. https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack?
?? Collection agency Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-warns-data-breach-impacts-19-million-people?
Cybersecurity Humor
Verizon’s 2024 Data Breach Investigations Report was just released and Human error still factors in most breaches, as users click phishing emails within seconds!
Stay tuned for our full review of the latest DBIR next week!?
Cybersecurity Resources
Adopting the updated NIST Cybersecurity Framework (CSF) offers numerous benefits for organizations of all sizes.?
NIST ?CSF 2.0 emphasizes enabling small and midsize businesses to effectively ?utilize the framework and provides a navigational guide for ?organizations to understand, assess, prioritize, and communicate ?cybersecurity risks internally and externally.
?The ?Riskigy Cyber Weekly Newsletter first launched in 2019 and as we ?approach the 5 year anniversary of the Cyber Weekly Newsletter we are ?moving the newsletter exclusively to our LinkedIn company homepage.
The move has several benefits including
Follow the link below to subscribe
?