Cyber Weekly Newsletter

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

??The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. https://thehackernews.com/2024/06/fbi-distributes-7000-lockbit-ransomware.html

??361 million accounts leaked on Telegram stolen by password-stealing malware, in credential stuffing attacks, and breaches added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. https://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp

?? Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of Cox-supplied modems' settings and steal customers' sensitive personal information. https://www.bleepingcomputer.com/news/security/cox-fixed-an-api-auth-bypass-exposing-millions-of-modems-to-attacks

??Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. Snowflake is also urging organizations to enable multi-factor authentication (MFA) and limit network traffic only from trusted locations. https://thehackernews.com/2024/06/snowflake-warns-targeted-credential.html?

??Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems such as 'NTLM Relay' attacks in the future. https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-ntlm-authentication-protocol

??Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. https://thehackernews.com/2024/06/telerik-report-server-flaw-could-let.html

??RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Ransomware attack victims in recent weeks Change Healthcare, Christie's, and Frontier Communications. https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html?

?? Zyxel emergency RCE patch for end-of-life NAS devices. The security updates address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. The flaws impact NAS326 running firmware versions 5.21(AAZF.16)C0 and earlier https://www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices?

?? Senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO. Similar cases have resulted in serious sanctions. The FTC's cases against Drizly and Chegg in 2022, were used as examples of what happens to companies that exhibit negligence https://www.theregister.com/2024/05/31/ron_wyden_letter_unitedhealth

?? TikTok fixes zero-day bug used to hijack accounts. Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. https://www.bleepingcomputer.com/news/security/tiktok-fixes-zero-day-bug-used-to-hijack-high-profile-accounts?

?? Check-in terminals used by thousands of hotels leak guest info. Ariane Systems self check-in systems installed at thousands of hotels are vulnerable to a kiosk mode bypass flaw that allows access to guest personal information and the keys for other rooms. https://www.bleepingcomputer.com/news/security/check-in-terminals-used-by-thousands-of-hotels-leak-guest-info?

From Our Blog

? FHA Mandates Immediate Cybersecurity Incident Reporting

In response to a pattern of high-profile breaches at major mortgage lenders, the Federal Housing Administration (FHA) has published the Mortgagee Letter (ML) 2024-10. It outlines new reporting requirements for mortgage lenders in the event of a cybersecurity intrusion, including mandatory reporting of any potential or actual significant cybersecurity incidents to the FHA within 12 hours of detection…Read more at https://riskigy.com/blog/f/fha-mandates-immediate-cybersecurity-incident-reporting?

? The SEC Amends Reg S-P to Enhance Cybersecurity Measures

In an era where cyber threats loom larger than ever, the U.S. Securities and Exchange Commission (SEC) has taken a decisive step to safeguard the financial industry and its clients against digital risks. The SEC's amend...Read more at https://riskigy.com/blog/f/the-sec-amends-reg-s-p-to-enhance-cybersecurity-measures?

? Abuse of Legitimate RMM Tools by the Black Basta Ransomware Gang

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC)...Read more at https://riskigy.com/blog/f/abuse-of-legitimate-rmm-tools-by-the-black-basta-ransomware-gang?

? Insights from the 2024 Verizon DBIR

The 2024 Verizon DBIR highlights a nuanced and complex picture of the global cybersecurity threat landscape. Among the most striking findings is the continued rise in sophistication and frequency of cyberattacks, driven largely by a combination of global political tensions, advancements in technology, and the persistent value of data…Read more at https://riskigy.com/blog/f/insights-from-the-2024-verizon-dbir

? 5 Ways to Prepare for Synthetic Media Threats?

The field of synthetic media has rapidly advanced with the development of generative adversarial networks, leading to the rise of deepfakes. One of the most well-known applications of synthetic media is deep fakes, which involve overlaying one person's face onto another's in videos or images using deep-learning technology like generative…Read more at https://riskigy.com/blog/f/5-ways-to-prepare-for-synthetic-media-threats ?

? Get AI Ready with 10 Key Points on Secure AI Deployment

The Cybersecurity and Infrastructure Security Agency (CISA) has issued best practices for Deploying Secure and Resilient AI systems, expanding on the secure deployment and secure operation and maintenance sections of the Guidelines for secure AI system development. These best practices also incorporate mitigation considerations from Engaging with Artificial Intelligence (AI)… Read more at https://riskigy.com/blog/f/get-ai-ready-with-10-key-points-on-secure-ai-deployment?

Recent Data Breach News

?? Advance Auto Parts stolen data for sale after Snowflake attack. Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. https://www.bleepingcomputer.com/news/security/advance-auto-parts-stolen-data-for-sale-after-snowflake-attack

?? Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. https://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data?

?? The largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, (formerly AmerisourceBergen), whom they partner with for pharmaceutical services. The firm has a revenue (2023) of $262 billion. https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-8-drug-companies?

?? ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers?

Cybersecurity Humor

A well-structured Incident Response plan enables organizations to quickly detect, respond to, and recover from cyber incidents, significantly reducing the impact on operations, finances, and reputation.

In essence, a Incident Response Plan is a vital component of an organization's cybersecurity infrastructure, enabling it to respond efficiently and effectively to incidents, lessen the impact of attacks, and maintain trust among stakeholders.

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

? Looking for an expert to assist your firm or clients??

? Need a pro to explain Tech or Cyber to your management??

? Vetting a new investment or acquisition??

? Want to build a cyber aware staff??

? Need immediate assistance with an incident??

? Considering adding a vCISO or vCTO to your team?

? Seeking help with SOC2, SEC, FINRA, PCI, or NCUA readiness?

Contact us to discuss how we can assist!