Cyber Weekly Newsletter
Riskigy Cybersecurity & Tech Advisors
Fractional Cybersecurity and Tech compliance leadership and consulting for start-up, emerging and beyond!
Cyber Weekly Newsletter for Friday December 20, 2024
The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team
Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware
This Weeks Need-to-Know News and Alerts
??Sophos released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html?
??Over 25,000 SonicWall devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware that the vendor no longer supports. Vulnerabilities affecting SonicWall devices were recently exploited by ransomware groups Fog and Akira. https://www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws?
??Citrix shares mitigations for ongoing Netscaler password spray attacks. Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. https://www.bleepingcomputer.com/news/security/citrix-shares-mitigations-for-ongoing-netscaler-password-spray-attacks?
??Microsoft is investigating a known issue triggering "Product Deactivated" errors for customers using Microsoft 365 Office apps. According to online user reports affected users randomly received these "Product Deactivated" errors in Office apps. https://www.bleepingcomputer.com/news/microsoft/microsoft-365-users-hit-by-random-product-deactivation-errors?
??Hackers Exploiting Fortinet to Deploy Remote Access Tools. A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as campaign that installed remote desktop software such as AnyDesk and ScreenConnect. https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html?
??Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2. A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it. https://www.darkreading.com/application-security/actively-exploited-bug-struts-2?
??Fortinet issued an advisory for a now-patched critical flaw impacting Wireless LAN Manager. (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, with a CVSS score of 9.6 out of a maximum of 10.0. https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html ??
??A phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. The attack starts with the threat actors using Google Calendar to send meeting invites with links that lead to Google Forms. https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters?
??US authorities are investigating whether TP-Link poses a national-security risk and are considering banning the devices as hijacked routers fuel Chinese attacks. Founded in China, TP-Link makes routers popular in US homes and businesses. https://arstechnica.com/tech-policy/2024/12/report-us-considers-banning-tp-link-routers-over-security-flaws-ties-to-china/ ?
??Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware. Attacker use social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system. https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html ?????
??A critical vulnerability in the Windows kernel is being actively exploited to escalate system privileges. This poses a serious risk for unauthorized access. Ensure your systems are updated promptly to prevent security breaches. https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/?
??An estimated 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits. The attack targets blue teams and includes trojanized GitHub repositories hosting proof-of-concept (PoC) code for exploiting known security flaws. https://thehackernews.com/2024/12/390000-wordpress-credentials-stolen-via.html ?
??CISA urges water facilities to bolster security for online-exposed Human-Machine Interface (HMI) systems. Safeguarding critical infrastructure is essential to thwart threats and protect public safety. Such systems, targeted by hackers, need defenses. https://www.bleepingcomputer.com/news/security/cisa-warns-water-facilities-to-secure-hmi-systems-exposed-online ?
??Zero-day vulnerability discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The attack works by viewing a specially crafted malicious file in File Explorer. https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch?
??FTC warns Online job scams lure individuals with false promises of easy money. These scams exploit unsuspecting job seekers, often causing financial harm by demanding upfront fees or personal information. Stay alert and informed to protect yourself. https://www.bleepingcomputer.com/news/security/ftc-warns-of-online-task-job-scams-hooking-victims-like-gambling?
From Our Blog
? Top Cybersecurity Threats to Businesses During the Holiday Season
The December holiday season is a time of increased online activity, making it a prime target for cybercriminals. The season is characterized by increased online transactions, distracted employees, and often, reduced staff…Read more at https://riskigy.com/blog/f/ai-has-changed-phishing-attacks-from-bad-to-worse?
? FBI Issues warning about Fraudulent Emergency Data Requests
The Federal Bureau of Investigation (FBI) has released a notification to highlight a trend of compromised US and foreign government email addresses used to conduct fraudulent emergency data requests. Fraudulent Emergency Data Requests (EDRs) are a growing cybersecurity threat where hackers impersonate law enforcement officials to obtain sensitive user data from technology companies and service providers....Read more at https://riskigy.com/blog/f/fbi-issues-warning-about-fraudulent-emergency-data-requests?
? How to Avoid Common Password Mistakes
Passwords play a critical role in business security, making proper management essential. At the forefront of this topic is the National Institute of Standards and Technology (NIST), which recently released updated guidelines outlining technical requirements and recommendations for password management and authentication…Read more at https://riskigy.com/blog/f/how-to-avoid-common-password-mistakes
? AI is the new Boogeyman: Outspooking Freddy, Jason, and Michael
Horror movies? Pfft. Child's play! We've all been at the edge of our seats watching Freddy Krueger show up in dreams with those fashionable knives-for-fingers gloves, Jason Voorhees make camping the worst idea ever, and Michael Myers basically ruin Halloween for everyone in Haddonfield. Learn more now at https://riskigy.com/blog/f/ai-is-the-new-boogeyman-outspooking-freddy-jason-and-michael?
? Defending the Human Element in Cyber Attacks
The human element in cybersecurity refers to the behaviors, interactions, and decisions made by people that impact the security of information technology systems. These can include actions as simple as choosing a password, clicking a link in an email, or sharing sensitive information… Read more at https://riskigy.com/blog/f/defending-the-human-element-in-cyber-attacks
Recent Data Breach News
??Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/?
??SRP Federal Credit Union says the personal information of 240,000 was stolen in a recent cyberattack claimed by a ransomware gang. A threat actor had access to its systems from at least September 5, 2024, until November 4, 2024. https://www.securityweek.com/srp-federal-credit-union-ransomware-attack-impacts-240000 ?
??Texas Tech University System data breach impacts 1.4 million patients. The organization is a public, academic health institution, which educates and trains healthcare professionals, conducts medical research, and provides patient care services. https://www.bleepingcomputer.com/news/security/texas-tech-university-system-data-breach-impacts-14-million-patients ??????????
??ConnectOnCall has disclosed a data breach impacting the personal information of more than 900,000 individuals. A digital, on-call answering solution, ConnectOnCall enables healthcare providers to manage after-hour calls, patient communication and care. https://www.securityweek.com/900000-people-impacted-by-connectoncall-data-breach ???
?? Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems. The incident was discovered on December 5, 2024. https://www.bleepingcomputer.com/news/security/rhode-island-confirms-data-breach-after-brain-cipher-ransomware-attack ?
??The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. As of December 2023, it employed 22,800 people in 40 countries. https://www.bleepingcomputer.com/news/security/krispy-kreme-breach-data-theft-claimed-by-play-ransomware-gang/?
领英推荐
Blog Post Spotlight
Defending the Human Element in Cyber Attacks
In the dynamic world of cybersecurity, technology often takes center stage, with discussions typically revolving around firewalls, encryption, and the latest in intrusion detection systems. However, the human element remains the most critical vulnerability in any organization's security protocol. Cyber attackers frequently exploit human behaviors, from poor password practices to susceptibility to phishing scams, making it essential to bolster this weak link.?
Here’s how organizations can enhance their defenses by focusing on the human aspect of cybersecurity.
Understanding the Human Element
The human element in cybersecurity refers to the behaviors, interactions, and decisions made by people that impact the security of information technology systems. These can include actions as simple as choosing a password, clicking a link in an email, or sharing sensitive information over insecure channels. The fact is, even the most robust technological defenses can be undermined by a single careless act.
1. Continuous Education and Training
The first line of defense against cyber threats targeting the human element is ongoing education and training. Organizations must implement comprehensive cybersecurity awareness programs that are engaging and accessible. Training modules should be updated regularly to cover recent threats, and they should be mandatory for all employees, regardless of their role.
Key strategies include:
2. Establishing a Security-Focused Culture
Creating a culture that prioritizes cybersecurity can significantly enhance collective vigilance. In a security-focused culture, every member of the organization is encouraged to take ownership of their role in protecting the company's assets.
Effective tactics involve:
3. Implementing Strict Access Controls
Limiting access to sensitive information on a "need-to-know" basis is crucial. Access controls should be stringent and regularly reviewed to ensure that privileges are aligned with job requirements.
Considerations include:
4. Enhancing Authentication Processes
Strong authentication processes reduce the risk of unauthorized access. Multi-factor authentication (MFA) should be mandatory, particularly for accessing critical systems.
Recommendations for MFA include:
5. Fostering Psychological Security
The psychological aspect of cybersecurity, such as the stress associated with maintaining security or fear of reporting mistakes, often goes overlooked. Addressing these can reduce the likelihood of human errors.
Strategies to consider:
Takeaways
Defending the human element in cybersecurity requires a holistic approach that integrates continuous education, culture change, and enhanced security measures. By focusing on human behavior alongside technological defenses, organizations can build a more resilient security posture. As cyber threats continue to evolve, the human element will remain both a vulnerability and a critical line of defense. Prioritizing human-centered strategies is not just about preventing attacks; it’s about building a stronger, more aware workforce capable of tackling the complex challenges of tomorrow’s cyber landscape.
Cybersecurity Is Complex! We Are Here To Help
Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!
?Looking for an expert to assist your firm or clients??
?Need a pro to explain Tech or Cyber to your management??
?Vetting a new investment or acquisition??
?Want to build a cyber aware staff??
?Need immediate assistance with an incident??
?Considering adding a vCISO or vCTO to your team?
?Seeking help with SOC-2, SEC/FINRA, or FTC readiness?
Contact us to discuss how we can assist!