Friday 6th September 2024

Good morning everyone! A very happy Friday to you all and thank you for joining me for today's edition of Cyber Daily. Today's edition is covering everything from ransomware gangs targeting Planned Parenthood, to Cisco patching some serious security flaws, and even a new twist in the geopolitical thriller of election meddling, the news is buzzing with high-stakes moves.

Planned Parenthood Hit by Cyberattack

Planned Parenthood is grappling with a recent cyberattack that impacted its IT systems, prompting parts of its infrastructure to be taken offline to contain the damage. The attack, which occurred in late August, has sparked an ongoing investigation to determine its scope and impact.

RansomHub, a known ransomware group, has claimed responsibility for the attack, threatening to release 93GB of allegedly stolen data in six days. The group has already published confidential documents on its dark web portal as proof. In response, Martha Fuller, CEO and President of Planned Parenthood of Montana, stated that the organisation immediately implemented security protocols and is actively working to restore affected systems.

Given Planned Parenthood’s role as a major provider of reproductive health services in the U.S., a data breach could have severe privacy implications for its patients. Fuller assured that federal authorities, including the FBI, have been notified and the organisation is closely monitoring the situation.

This isn’t the first time Planned Parenthood has faced such an attack—back in 2021, its Los Angeles department saw 400,000 patient records stolen in a similar breach.

Cisco Patches Critical Security Flaws

Cisco has released updates addressing two critical vulnerabilities in its Smart Licensing Utility, which could allow unauthenticated, remote attackers to escalate privileges or access sensitive data.

The two flaws, both rated with a CVSS score of 9.8, are serious:

• CVE-2024-20439: An undocumented static credential for an admin account that could enable attackers to log in to affected systems.
• CVE-2024-20440: A verbose debug log file flaw that attackers could exploit via a crafted HTTP request to obtain sensitive credentials.

While these vulnerabilities are independent of one another, they require the Cisco Smart Licensing Utility to be actively running to be exploitable. Users of versions 2.0.0, 2.1.0, and 2.2.0 should update to version 2.3.0, which is not vulnerable.

Additionally, Cisco has patched a medium-severity flaw (**CVE-2024-20469**, CVSS score: 6.0) in its Identity Services Engine (ISE). This vulnerability, which could allow an attacker with admin privileges to execute arbitrary commands and elevate privileges to root, has a proof-of-concept exploit available but has not yet been exploited in the wild.

Cisco urges users of its affected products to apply the latest updates to mitigate these risks.

US Seizes Pro-Kremlin Websites Ahead of 2024 Election

The Biden administration has seized 32 websites and charged two employees of a Russian state-owned media outlet in connection with a $10 million scheme to spread pro-Kremlin propaganda. The move aims to counter Russia’s ongoing efforts to influence the upcoming US presidential election. Deputy Attorney General Lisa Monaco emphasized that the seizure shows "Russia remains a predominant foreign threat to our elections."

Dubbed Operation Doppelg?nger, the campaign uses fake social media accounts, deepfakes, and typosquatted domains—like "washingtonpost.pm"—to mimic legitimate news outlets and spread disinformation. The seized sites were part of a network promoting false narratives favoring "Political Party A" (Republicans) over "Political Party B" (Democrats).

In addition, the Justice Department charged two Russian nationals, Kostiantyn Kalashnikov and Elena Afanasyeva, for conspiracy and money laundering. They allegedly funneled $10 million through RT to a US-based media company and co-opted social media influencers to spread pro-Russian content.

The Treasury Department sanctioned ten individuals and two entities tied to the Kremlin's disinformation campaigns, while the State Department introduced visa restrictions and offered a $10 million reward for information on foreign influence operations.