The Cybersecurity Roundup

Welcome to this week's edition of the Cybersecurity Roundup, where we're diving into the turbulent waters of the digital world. Recent events have painted a stark picture of the ever-evolving cyber threat landscape, targeting organizations and individuals alike.

This week, we've seen a wave of attacks exploiting a critical vulnerability in the widely-used MOVEit File Transfer application. This vulnerability, if left unpatched, leaves organizations wide open to devastating breaches. Meanwhile, the notorious ransomware gang LockBit claimed an attack against the Federal Reserve, which turned out to be false, but just as damaging the attack was actually carried out against Evolve Bank out of Arkansas.

In a chilling development, Microsoft revealed a staggering 345 million daily attacks on its customers, underscoring the sheer volume and persistence of cyber threats. The healthcare sector is also under siege, with ransomware attacks specifically targeting these vital institutions. Adding to the chaos, a sophisticated supply chain attack compromised the Polyfill.io service, potentially impacting countless websites.

In this issue of Cybersecurity Roundup, we'll delve deeper into these stories and many more. We'll examine the implications of the CDK cyberattack, analyze the growing trend of ransomware targeting healthcare providers, and provide insights into how to protect your business from these emerging threats. We'll also discuss the latest developments in cybersecurity technology and offer practical advice on how to strengthen your defenses.

So grab a cup of Kona coffee, settle in, and join us as we navigate the complex world of cybersecurity. Remember, staying informed is the first step towards protecting your business and your data.

Mahalo,

The Cyber Security Hawaii Team

In this week's edition:

MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers: Progress Software disclosed critical vulnerabilities in its MOVEit file transfer application. Attackers are actively trying to exploit these vulnerabilities, and some organizations may not be able to patch their systems quickly enough. Even organizations that patch may still be at risk, as the original patch from Progress did not address all of the issues.https://www.darkreading.com/cyberattacks-data-breaches/moveit-transfer-flaws-security-defense-attackers

Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft: Hackers can exploit critical vulnerabilities in VMware to remotely take control of virtual machines and steal data.https://www.cybersecuritydive.com/news/memory-unsafe-code-open-source/720045/

Space: The Final Frontier for Cyberattacks: Even space exploration is not immune to cyberattacks. Hackers are targeting satellites and other space infrastructure.https://cybernews.com/news/evolve-data-breach-lockbit-federal-reserve-ransomware-leak/

TeamViewer Hit By Cyberattack, Blames Russia-Linked APT29 Hackers: TeamViewer, a popular remote access software, was hit by a cyberattack. The company blames APT29, a Russian government-linked hacking group.https://techcrunch.com/2024/06/28/teamviewer-cyberattack-apt29-russia-government-hackers/

Ransomware Gangs Are Targeting Health Care With 'Assurance Letters': Ransomware gangs are increasingly targeting healthcare organizations with "assurance letters." These letters threaten to publish stolen patient data if the ransom is not paid.https://www.wired.com/story/ransomware-health-care-assurance-letters/

Polyfill Supply Chain Attack Hits Over 100K Websites: A supply chain attack targeting Polyfill, a popular JavaScript library, has compromised over 100,000 websites.https://www.securityweek.com/polyfill-supply-chain-attack-hits-over-100k-websites/

Neiman Marcus Customers Impacted by Snowflake Data Breach: Neiman Marcus customers were impacted by a data breach at Snowflake, a cloud data warehouse provider.https://www.darkreading.com/cloud-security/nieman-marcus-customers-impacted-snowflake-data-breach

Siemens SICAM Vulnerabilities Could Facilitate Attacks on Energy Sector: Siemens has patched vulnerabilities in its SICAM PAS substation automation system. These vulnerabilities could be exploited to disrupt power grids.https://www.securityweek.com/siemens-sicam-vulnerabilities-could-facilitate-attacks-on-energy-sector/

Microsoft Tells Clients Russian Hackers Viewed Emails - Bloomberg News Reports: Microsoft has reportedly told clients that Russian hackers viewed their emails.https://www.reuters.com/technology/cybersecurity/microsoft-tells-clients-russian-hackers-viewed-emails-bloomberg-news-reports-2024-06-27/

Snowblind Malware Abuses Android Security Feature to Bypass Security: Snowblind malware is abusing an Android security feature to bypass security. The malware is targeting devices in India, Pakistan, and Bangladesh.https://www.bleepingcomputer.com/news/security/snowblind-malware-abuses-android-security-feature-to-bypass-security/

'8220 Gang' Exploits Oracle WebLogic Zero-Day in Attacks: A hacking group known as '8220 Gang' is exploiting a zero-day vulnerability in Oracle WebLogic Server in attacks.https://thehackernews.com/2024/06/8220-gang-exploits-oracle-weblogic.html

Ticketmaster Breach Exposes Data of Millions of Customers: Ticketmaster has disclosed a data breach that exposed the personal information of millions of customers.https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/

Generative AI Presents New Cyber Threats: Generative AI, a type of artificial intelligence that can create new content, is presenting new cyber threats.https://www.cybersecuritydive.com/news/generative-AI-cyber-threats/719624/

Indonesia Refuses to Pay $8 Million Ransom After Cyberattack: Indonesia has refused to pay an $8 million ransom after a cyberattack. The attack targeted the country's tax office.https://www.darkreading.com/cyberattacks-data-breaches/indonesia-refuses-to-pay-8m-ransom-after-cyberattack

Former IT Employee Accessed Data of Over 1 Million US Patients: A former IT employee at a healthcare provider has been charged with accessing the data of over 1 million US patients.https://www.bleepingcomputer.com/news/security/former-it-employee-accessed-data-of-over-1-million-us-patients/

Energy Department Issues Cybersecurity Best Practices for Manufacturing Supply Chains: The U.S. Department of Energy has released a guide on cybersecurity best practices for manufacturing supply chains. This guide aims to help organizations secure their supply chains from cyberattacks.https://www.cybersecuritydive.com/news/energy-department-cybersecurity-manufacturing-supply-chain-best-practices/719612/

Combatting the Evolving SaaS Kill Chain: How to Detect and Stop SaaS Supply Chain Attacks: This article discusses the rising threat of SaaS (Software-as-a-Service) supply chain attacks. It details how attackers exploit vulnerabilities in SaaS applications and provides strategies to detect and prevent these attacks.https://thehackernews.com/2024/06/combatting-evolving-saas-kill-chain-how.html

GitLab Security Updates Patch 14 Vulnerabilities: GitLab has released security updates to address 14 vulnerabilities in its software. Users are urged to update their installations as soon as possible.https://www.securityweek.com/gitlab-security-updates-patch-14-vulnerabilities/

New 'Unfurling Hemlock' Threat Actor Floods Systems With Malware: A new threat actor called 'Unfurling Hemlock' is targeting organizations with a wave of malware attacks. The attacks are designed to steal sensitive data and disrupt operations.https://www.bleepingcomputer.com/news/security/new-unfurling-hemlock-threat-actor-floods-systems-with-malware/

The State of Ransomware in 2024: This article explores the current landscape of ransomware attacks. It discusses trends, tactics, and the impact of ransomware on businesses and individuals.https://www.wired.com/story/state-of-ransomware-2024/

Cyber Insurance Companies Invest in Security to Reduce Risk: Cyber insurance companies are increasingly investing in security measures to reduce the risk of cyberattacks. This trend is driven by the rising cost of cyberattacks and the increasing number of claims.https://www.cybersecuritydive.com/news/cyber-insurance-companies-invest-security/719930/

Threat Actor May Have Accessed Sensitive Info on CISA Chemical App: A threat actor may have gained access to sensitive information on a CISA (Cybersecurity and Infrastructure Security Agency) chemical security assessment tool. This could potentially be used to target critical infrastructure.https://www.darkreading.com/cyberattacks-data-breaches/threat-actor-may-have-accessed-sensitive-info-on-cisa-chemical-app

Ransomware Victims Becoming Less Likely to Pay Cyberhackers, Report Says: A new report finds that ransomware victims are becoming less likely to pay ransoms to cyberhackers. This trend is attributed to several factors, including increased awareness of the risks of paying ransoms and the availability of alternative recovery options.https://www.cybersecuritydive.com/news/ransomware-victims-becoming-less-likely-to-pay-cyberhackers-report/719470/

Meta's Virtual Reality Headset Vulnerable to Ransomware Attacks, Researcher Finds: A security researcher has discovered that Meta's virtual reality headset is vulnerable to ransomware attacks. This could allow attackers to lock users out of their headsets and demand a ransom to restore access.https://www.securityweek.com/metas-virtual-reality-headset-vulnerable-to-ransomware-attacks-researcher/

Cloudflare: We Never Authorized Polyfill.io to Use Our Name: Cloudflare, a content delivery network and DDoS mitigation company, clarifies that it never authorized Polyfill.io to use its name or infrastructure. This comes after a supply chain attack targeted Polyfill.io , impacting numerous websites.https://www.bleepingcomputer.com/news/security/cloudflare-we-never-authorized-polyfillio-to-use-our-name/

Rust-Based P2PInfect Botnet Evolves With New DDoS, Proxy Capabilities: The P2PInfect botnet, written in the Rust programming language, has expanded its capabilities to include distributed denial-of-service (DDoS) attacks and proxy services. This development makes it a more potent threat to internet infrastructure.https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html

WordPress Supply Chain Attack Affects Multiple Plug-Ins: A supply chain attack targeting the WordPress ecosystem has compromised multiple plug-ins. The attack injected malicious code into the plug-ins, potentially allowing attackers to take control of affected websites.https://www.darkreading.com/cloud-security/wordpress-supply-chain-attack-multiple-plug-ins

Santander Employees' Database Hacked, Data Up for Sale: A database containing information on Santander employees has been hacked, and the data is now being sold on the dark web. The breach highlights the ongoing threat of cyberattacks against financial institutions.https://www.cybersecuritydive.com/news/santander-employees-database-hack/719394/

Researchers Warn of Flaws in Widely Used OPC UA Industrial Protocol: Researchers have discovered several flaws in the OPC UA industrial protocol. These flaws could be exploited by attackers to disrupt industrial processes or cause physical damage.https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html

Key Takeaways From the British Library Cyberattack: The British Library suffered a cyberattack that impacted its website and online services. This article examines the key takeaways from the attack and offers lessons for other organizations.https://www.darkreading.com/cyberattacks-data-breaches/key-takeaways-from-the-british-library-cyberattack

Chinese Cyberspies Employ Ransomware in Attacks for Diversion: Chinese cyberspies are using ransomware as a diversionary tactic in their attacks. This allows them to distract defenders while they steal sensitive data.https://www.bleepingcomputer.com/news/security/chinese-cyberspies-employ-ransomware-in-attacks-for-diversion/

MFA Fatigue Attacks Growing More Common, Cisco Talos Warns: Cisco Talos, a cybersecurity research team, warns that MFA (multi-factor authentication) fatigue attacks are becoming more common. These attacks involve bombarding users with MFA prompts until they approve a malicious login attempt.https://www.cybersecuritydive.com/news/mfa-multi-factor-authentication-cisco-talos-cyber/719254/

CDK Attack Contingency Planning Critical for SaaS Customers: This article emphasizes the importance of CDK (customer data key) attack contingency planning for SaaS (Software-as-a-Service) customers. It outlines the risks of CDK attacks and provides guidance on how to develop a response plan.https://www.darkreading.com/cloud-security/cdk-attack-contingency-planning-critical-saas-customers

Infosys Data Compromised in Cyberattack, LockBit Claims Responsibility: LockBit, a ransomware group, claims to have stolen data from Infosys, a global IT consulting firm. Infosys has confirmed the attack but has not yet commented on the extent of the data breach.https://cybernews.com/news/infosys-data-compromised-cyberattack/

30 Million Affected in Ticketek Australia Cloud Breach: Ticketek Australia, a ticketing company, has suffered a data breach that exposed the personal information of 30 million customers.https://www.darkreading.com/cloud-security/30m-affected-tickettek-australia-cloud-breach

Korean Internet Provider Secretly Infects Users With Malware for Ad Fraud: A Korean internet provider has been caught secretly infecting users' computers with malware for ad fraud.https://cybernews.com/news/korean-internet-provider-infects-users-with-malware/

NYSE $10 Million Wake-Up Call on Insider Threats: The New York Stock Exchange (NYSE) has been fined $10 million for failing to properly monitor insider threats. This case highlights the importance of having robust insider threat programs in place.https://www.darkreading.com/vulnerabilities-threats/nyse-10-million-wake-up-call

For businesses in Hawaii, Cyber Security Hawaii can help you develop a cybersecurity strategy that is tailored to your specific needs. We offer a free 15-minute cybersecurity strategy session with one of our local experts to help you get started. Schedule yours today: https://strategy.cybersecurehawaii.info .