Cyber Weekly Newsletter

Cyber Weekly Newsletter for September 6th 2024

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

?? Veeam Releases Security Updates to Fix 5 Critical Issues. Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html

?? Another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The plugin suffers from an unauthenticated account takeover vulnerability. https://thehackernews.com/2024/09/critical-security-flaw-found-in.html

?? D-Link warns that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. Three of which are rated critical and do not require authentication. https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers

?? Zyxel released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8). https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html

?? GitHub comments abused to push password stealing malware masked as fixes. GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes

?? CISA and Partners Release Advisory on RansomHub Ransomware that targeted 210 Victims Across Critical Sectors since Feb 2024. Victims span various sectors, including information technology, government services, healthcare, financial services and more https://www.cisa.gov/news-events/alerts/2024/08/29/cisa-and-partners-release-advisory-ransomhub-ransomware

?? The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City's IT network and leaked by the Rhysida ransomware gang. https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media

?? The top 10 travel Sites Have Some First-Class Security Issues to Clean Up such as Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address. https://www.darkreading.com/threat-intelligence/top-travel-sites-have-some-first-class-security-issues-to-clean-up

From Our Blog

? 'Take A Beat' with the FBI's new Campaign Targeting Scammers

'Take A Beat' with the FBI's new Campaign Targeting Scammers. In response to the growing threat, the FBI has launched a nationwide campaign called “Take A Beat” to raise awareness and enhance defenses against fraudulent activities. Learn more now at https://riskigy.com/f/take-a-beat-with-the-fbis-new-campaign-targeting-scammers

? Preparing for National Cybersecurity Awareness Month October 2024

October is a time for Football, Halloween and Cybersecurity Awareness. Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month, dedicated to raising awareness about the importance of cybersecurity in both the public and private sectors.…Read more https://riskigy.com/blog/f/preparing-for-national-cybersecurity-awareness-month-october-2024

? Mitigating Data Breach Costs in 2024

Recently, IBM released its 19th annual Cost of a Data Breach Report, highlighting the increasing costs and disruptions caused by data breaches, with the global average cost reaching $4.88 million in 2024. Among the report's key findings are the impact of staff shortages and data visibility gaps on breach costs… Read more at https://riskigy.com/blog/f/mitigating-data-breach-costs-in-2024

? New Guidance Amid Recent High Profile Insider Threats

Organizations across various sizes and industries face the risk of insider threats, both intentional and unintentional. To address this, the Cybersecurity and Infrastructure Security Agency (CISA) has published the "Resources for Onboarding and Employment Screening Fact Sheet." AI is increasingly being leveraged to create fake workers and scam employers in various ways...Read more at https://riskigy.com/blog/f/new-guidance-amid-recent-high-profile-insider-threats

? How to Manage Post CrowdStrike Auto Update Paranoia

The historic CrowdStrike incident that took down 8.5 million Windows machines last Friday turned out to be a result of a minor, buggy software update. Organizations must control the rollout process and implement testing procedures to prevent faulty updates from wreaking havoc. Establishing a balance between security and innovation is key…Read more at https://riskigy.com/blog/f/how-to-manage-post-crowdstrike-auto-update-paranoia

Recent Data Breach News

?? New York-based nonprofit Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. The org is currently investigating its exact scope and impact. https://www.bleepingcomputer.com/news/security/planned-parenthood-confirms-cyberattack-as-ransomhub-claims-breach

?? American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. https://www.bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/

?? CBIZ Benefits & Insurance Services (CBIZ) disclosed a data breach that involves unauthorized access of client information stored in specific databases. A threat actor exploited a vulnerability in one of its web pages and was able to steal customer data. https://www.bleepingcomputer.com/news/security/business-services-giant-cbiz-discloses-customer-data-breach

?? Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. The agency says at the moment, there is no evidence that customer information was compromised during the incident. https://www.bleepingcomputer.com/news/security/transport-for-london-discloses-ongoing-cyber-security-incident

?? Seattle-Tacoma Airport IT systems down due to a cyberattack. The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights. https://www.bleepingcomputer.com/news/security/seattle-tacoma-airport-it-systems-down-due-to-a-cyberattack

Prepare now for National Cybersecurity Awareness Month 2024

October marks the annual Cybersecurity Awareness Month, a collaborative effort between government and industry to increase the understanding of cyber threats and promote the importance of cybersecurity practices. Launched in 2004, this initiative encourages everyone to ensure their digital lives are secure.

During Cybersecurity Awareness Month, businesses can take several proactive steps to improve their cybersecurity posture and engage their employees. Here are some recommended actions:

1. Conduct Cybersecurity Training and Awareness Programs

• Workshops and Seminars: Organize workshops and seminars to educate employees about common cyber threats and best practices.
• Phishing Simulations: Run phishing simulations to train employees to recognize and avoid phishing attempts.

2. Review and Update Cybersecurity Policies

• Policy Review: Reevaluate current cybersecurity policies and procedures. Ensure they are up to date with the latest standards and best practices.
• Policy Communication: Communicate any changes or updates to all employees clearly and effectively.

3. Engage in Community Initiatives

• Participate in Events: Join local or online events focused on cybersecurity awareness.
• Collaborate: Partner with cybersecurity organizations or other businesses to promote a collective effort in enhancing cybersecurity.

By implementing these activities and emphasizing the importance of cybersecurity, businesses can significantly reduce their risk of cyber attacks and create a safer digital environment.

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

? Looking for an expert to assist your firm or clients??

? Need a pro to explain Tech or Cyber to your management??

? Vetting a new investment or acquisition??

? Want to build a cyber aware staff??

? Need immediate assistance with an incident??

? Considering adding a vCISO or vCTO to your team?

? Seeking help with SOC2, FINRA/SEC, or Cyber Insurance readiness?

Contact us to discuss how we can assist!