Cybersecurity News of the Week, December 22, 2024
Tom Fishburne Marketoonist.com

Cybersecurity News of the Week, December 22, 2024

SecureTheVillage SecureTheVillage

SecureTheVillage

Making Los Angeles the cyber-safest metro region in the US for smaller businesses, nonprofits, families and individuals.

发布日期: 2024年12月23日
+ 关注

This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate. Now includes Weekend Patch Report.


Stan's Corner

If you're a small business or nonprofit, what's reasonable cybersecurity? What must you do to secure the information of your customers … in clear direct actionable language… "do this" … "don't do that."

Is there a bar, below which you are not reasonable? I think so. Here’s an example.

This week we learned that Care1, a Canadian company that provides AI-powered software solutions to optometrists, left a database completely unprotected, available to anyone on the Internet. The database contained over 4.8 million records of patient information that included patient names, addresses, medical histories,and even their unique Personal Health Numbers (PHNs).

Care1's security practices are not reasonable. Full Stop.

Leaving a database exposed on the Internet is like driving 60 mph on a residential street. It is an egregious example of a failure to implement reasonable security practices.

In another example,we reported last week about the breach of Rhode Island's RIBridges system. RIBridges is the state’s online portal for obtaining social services, such as the Supplemental Nutrition Assistance Program, known as SNAP, and Medicaid benefits, as well as health insurance through the state’s marketplace for coverage.

Now it surfaces that the state's auditor had been warning the state for years that it does not currently have sufficient resources dedicated for the size and complexity of State operations and risk mitigation is not progressing quickly enough.

Rhode Island's security practices are not reasonable. Full stop. … It had been repeatedly warned. And yet it did nothing.

What does it take to have reasonable security practices? Find out on January 30, 2025 when SecureTheVillage in collaboration with the Center for Internet Security hosts our 5th Annual Summit, "A Reasonable Approach to Reasonable Security." Find out more below.

From SecureTheVillage

  • A Reasonable Approach to Reasonable Security. January 30, 2025. SecureTheVillage's 5th Annual Reasonable Security Summit. In collaboration with the Center for Internet Security (CIS). Keynote Speakers: Tony Sager, CIS Chief Evangelist. Bill Leider, Axies Group. Westdrift Hotel, Manhattan Beach and live-streamed. Special Early-Bird pricing. Register now.Sponsorships available.


Needed Now: DM Julie Michelle Morris if this is you.


SecureTheVillage FREE Newsletters. Sign up or share with a friend!


SecureTheVillage Guides for families and individuals

Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village?


Cybersecurity Nonprofit of the Week

Great kudos to Nonprofit Cyber , a coalition of more than 40 cybersecurity nonprofits focused on tangible results. Coalition members collaborate, work together on projects,voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. On World More Than A Password Day in November 2024, Nonprofit Cyber released an updated version of its Common Guidance on Passwords. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index, a comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses,and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Learn more about sponsorship opportunities with SecureTheVillage: DM

?

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.?

Kudos to law enforcement in Idaho.

  • 'Don't Click December' is back to bring awareness to scams in Idaho: BOISE, Idaho (CBS2) — The U.S Attorney's Office for the District of Idaho is partnering up with law enforcement for 'Don't Click December', a scamming awareness campaign they started in 2023. This year they are partnering up with the FBI and local and tribal law enforcement in East Idaho. The U.S. Attorney for the District of Idaho, Josh Hurwit explained why it's so important to continue sharing. He said, "Prevention is worth much more than the cure in this situation. So we want to raise awareness to prevent these criminals from making money off of Idahoans."


It's important that we change the cyber crime narrative to avoid shaming victims. Cybercriminals are robbing people. They are defrauding people. They bait people with dreams of romance and riches. And they're good at it. Very good. So let’s be careful not blame the person who’s victimized by these scum.

  • What My Mom’s Experience With Romance Scams Taught Me About Blame: The only time my mother mentioned her romance scams tome was when we were in her car, driving to her bank. … We had gotten into a big argument just a few hours earlier. I had discovered an account she was keeping secret, and when I asked her about it, she snapped at me and told me to leave her alone. … Now, as we approached the bank, her attitude was different. We were sitting at a traffic light when, out of nowhere, she started saying how there were things in her life she wasn’t proud of. “Things” I might find out about after she died. … She died of esophageal cancer a few weeks after.
  • Your words matter to scam victims. Take this quiz to learn what to say.: Shame is common among financial fraud victims, making it all the more important not to inject blame into the mix. …Last year, the FBI fielded more than 880,000 reports — roughly 2,400 a day —tied to internet crimes and $12.5 billion in stolen funds. Complaints to the Federal Trade Commission accounted for a record $10 billion in fraud losses. …But here’s a startling fact: Both agencies estimate the financial toll is many times higher. … So, why aren’t more people coming forward to report the fraud?… Fear. … They are rightfully concerned that they will be judged for “allowing” themselves to be scammed. Victims are routinely questioned in a way that causes them shame or puts them on the defensive
  • INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse: INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. …"The term 'pig butchering' dehumanizes and shames victims of such frauds,deterring people from coming forward to seek help and provide information to the authorities," the agency said in a statement.


The Salt Typhoon attack is causing us to revisit our guidance on the use of text messages. Most important is to shift away from using SMS text messaging for multi-factor authentication (MFA / 2FA). And, if it the privacy of a conversation matters, ?don’t text between Android’s and iPhones.

  • FBI warns Americans to keep their text messages secure: What to know: The FBI and other agencies are encouraging people to use end-to-end encryption, citing what they say is a sustained hacking operation linked to China. … It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers. … The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use everyday.


Another sad story as100,000 Americans lose $90 million after fintech company Synapse collapsed in May. If you can't afford to lose it, keep your money in FDIC insured banks.


Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

National cybersecurity news.

  • Sweeping Chinese hack of U.S. telecoms firms is 'still going on,' homeland security secretary says: Alejandro Mayorkas said in an interview on MSNBC that the hack was “a very sophisticated hack" and a “very, very serious matter.” … A sweeping Chinese government hacking campaign against American telecoms firms is a “very,very serious matter” that is “still going on,” Homeland Security Secretary Alejandro Mayorkas said Thursday in an interview on MSNBC. … The hacking campaign is one of the largest intelligence compromises in U.S. history. It has breached eight domestic telecom and internet service providers and dozens of others around the world, a White House official said this month. The United States, Australia, Canada and New Zealand claim it is part of an intelligence operation conducted by China. … The presidential campaigns of Donald Trump and Kamala Harris, as well as the office of Senate Majority Leader Chuck Schumer, D-N.Y., told NBC News in October that the FBI had informed them that they had been targeted. … Mayorkas said that the federal government has “taken action” and that the “telecom providers are focused intensely on it, and they are working in partnership with us to remediate it.” … The New York Times reported Monday that the data from Salt Typhoon has given Beijing a road map that will help it determine which Chinese spies have been identified by U.S. officials and which have not.
  • U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes: TP-Link is the best selling router on Amazon—and has been linked to Chinese cyberattacks … U.S.authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices. … The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S.market for routers for homes and small businesses. It is also the top choice on Amazon.com, and powers internet communications for the Defense Department and other federal government agencies.
  • CISA releases first draft of updated National CyberIncident Response Plan: The first draft of the long-awaited update to the National Cyber Incident Response Plan (NCIRP) was published on Monday — marking the first proposed changes tothe plan since it was released in 2016.?… The 42-page updated NCIRP outlines what the government would do in response to a large-scale cyberattack impacting the national economy. It details how government agencies would coordinate, who would be in charge of key decisions and what would be prioritized. … It would also cover “structures that response stakeholders should leverage to coordinate cyber incidents requiring cross-sector, public-private, or federal coordination,” according to the Cybersecurity and Infrastructure Security Agency (CISA), which worked on the updated plan with the Office of the National Cyber Director (ONCD) and private sector members of the Joint Cyber Defense Collaborative (JCDC).
  • North Korean hackers targeting workers in nuclear power sector: Threat actors associated with the notorious North Korean hacking outfit Lazarus Group are now setting their sites on targets in the nuclear power sector, according to researchers with Kaspersky. … The researchers say that the infections are part of a complex and sophisticated effort by the North Korean hackers to infiltrate companies that operate in highly secure sectors such as defense, aerospace and cryptocurrency. It seems the threat actors are now adding nuclear industry organizations to their list of targets.


Kudos to law enforcement.

  • Romanian Netwalker ransomware affiliate sentenced to20 years in prison: Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. … Hulea was extradited to the United States after being arrested by Romanian police in Clujin July 2023 at a request from U.S. law enforcement authorities. … According to court documents, Hulea admitted to participating in a conspiracy to use NetWalker ransomware. Affiliates of the NetWalker cybercrime gang have deployed this malware in attacks against hundreds of victims worldwide, including hospitals,law enforcement, emergency services, companies, municipalities, school districts, colleges, and universities.
  • Third member of LockBit ransomware gang has beenarrested: U.S. prosecutors in New Jersey on Friday publicly announced charges against Rostislav Panev, 51, a dual Russian-Israeli national accused of being a key developer in the LockBit ransomware gang. Panev is currently in Israeli custody and faces extradition to the United States. … LockBit is one of the most prolific ransomware gangs, accused of launching crippling data-stealing cyberattacks at thousands of companies around the world,including the U.S., and thought to be responsible for at least $500 million in ransom payments alone. Authorities identified and seized LockBit’s Infrastructure in a February taked own operation, but LockBit briefly bounced back as its leader, named by U.K. and U.S. authorities as Dmitry Khoroshev, remains at large.


A major spyware ruling against NSO Group.

  • Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices:The developer of the powerful Pegasus spyware was found liable on Friday for its role in the infection of devices belonging to 1,400 WhatsApp users. …The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used, and often abused, by a roster of anonymous government clients worldwide. … No court has ever before held the company liable for abuses despite its spyware being found on hundreds of phones belonging to activists, journalists and other members of civil society. The company has long stated that its tools can only be used by national security officials and law enforcement officers investigating intelligence matters and crimes. …Meta-owned WhatsApp sued in 2019, alleging NSO Group had found a bug in its systems and used it to install spyware on some users’ devices. Journalists, humanrights activists, political dissidents, diplomats and senior foreign government officials, frequent targets of Pegasus, were among the WhatsApp victims. … The Israeli spyware maker repeatedly tweaked the exploit to penetrate defenses WhatsApp put in place over the course of two years, the WhatsApp lawsuit says.


领英推荐

Proving once again that if it's digital it can be hacked. The imagination of the dishonest knows no bounds.

  • Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets: Digital license plates sold by Reviver, already legal to buy in some states and drive with nationwide, can be hacked by their owners to evade traffic regulations or even law enforcement surveillance. … Digital license plates, already legal to buy in a growing number of states and to drive with nationwide, offer a few perks over their sheet metal predecessors. You can change their display on the fly to frame your plate number with novelty messages, for instance, or to flag that your car has been stolen. Now one security researcher has shown how they can also be hacked to enable a less benign feature: changing a car's license plate number at will to avoid traffic tickets and tolls—or even pin them on someone else.


In this week's breaches.

  • Texas Tech University Data Breach Impacts 1.4 Million: A ransomware attack targeting the Texas Tech University Health Sciences Center (TTUHSC) has compromised the personal and medical information of 1.4 million individuals. … The breach, which occurred between September 17 and September 292024, involved data exfiltration and significant disruptions to university systems. … According to TTUHSC, the stolen data includes names,Social Security numbers, addresses, dates of birth, government-issued ID numbers, financial account information, health insurance details and medical records such as diagnoses and treatments. … Ransomware group Interlock has claimed responsibility, alleging the theft of2.6TB of data.
  • Data breach at chain of clinics impacts 450K patients:The largest physician-led vein center in the U.S. announced it has suffered a data breach, which resulted in hackers stealing personal data on 446,094 patients. … The Center for Vein Restoration (CVR) announced the breach last week, though the incident was first noticed on Oct. 6. In a statement, the nationwide medical chain said both medical information and personal details on patients were taken in the attack. … Data taken includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance details, provider names, dates of treatment and financial information. … Patients from all over the U.S. have been affected. Additionally, current and former employees had their data leaked to hackers, CVR added.


Section 4: For smaller businesses and nonprofits

Update now.

  • Sophos discloses critical Firewall remote code execution flaw: Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. … The vulnerabilities affect Sophos Firewall version 21.0 GA(21.0.0) and older, with the company already releasing hot fixes that are installed by default and permanent fixes through new firmware updates.
  • CISA Urges Immediate Patching of Exploited BeyondTrust Vulnerability: CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week. … The US cybersecurity agency CISA warns that a recently disclosed vulnerability in BeyondTrust’s remote access products has been exploited in the wild. The issue, tracked as CVE-2024-12356 (CVSS score of 9.8), is a command injection bug impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) that can be exploited without authentication. … BeyondTrust released patches for the flaw last week, warning that it affects all PRA and RS versions up to 24.3.1 and urging customers to update their on-premises installations as soon as possible. The fixes were rolled out to cloud customers last week.


Section 5: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You? Guide. While patching is increasingly automated, it's important to double-check that it's being done. The following lists current versions of common software programs. Items in Bold have been updated in the past week. Updates are usually available from within the program. If not, updates can be downloaded from the company's website.

7-Zip 24.09.

Adobe Acrobat Reader updated to 2024.005.20320

AVG updated to 24.12.3362.

Apple iOS 18.2

Apple iPadOS18.2

Apple macOSSequoia ?15.2

Apple macOSSonoma 18.2

Apple macOS Ventura18.2

Apple watchOS ?18.2

Apple tvOS 18.2

Apple visionOS 2.2

Apple Safari 18.2

Brave updated to 1.73.104.

CCleaner 6.31.11415.

Chrome updated to 131.0.6778.205.

Discord updated to 1.0.9175.

Dropbox updated to 214.4.5217.

Edge updated to 131.0.2903.112.

ExpressVPN 12.92.0

Firefox 133.0.3.

Foxit Reader updated to 2024.4.0.27683.

Google Drive for Desktop updated to 101.0.3.0.

iTunes 12.13.4.4.

KeePass 2.57.1.

Malwarebytes updated to 5.2.4.157.

Microsoft 365 &Office

Microsoft Windows

Notepad++ 8.7.4.

Opera Chromium updated to 115.0.5322.109.

Skype updated to 8.134.0.202.

Spotify updated to 1.2.53.438.

TeamViewer 15 updated to 15.61.3.

Thunderbird ESR 128128.5.2.

Zoom updated to 6.3.0.52884.

About SecureTheVillage:

The vision of SecureTheVillage is to make Los Angeles the cyber-safest metropolitan region in the United States for smaller businesses, nonprofits, families, and individuals. Making this happen takes a village.

Follow Stan Stahl, PhD on LinkedIn!

Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians?. Donate to SecureTheVillage.

It takes a village to secure the village.?

Cybersecurity News of the Week Cybersecurity News of the Week

Cybersecurity News of the Week

346 位关注者

订阅

要查看或添加评论,请登录

SecureTheVillage的更多文章

社区洞察

其他会员也浏览了