NDM Technologies Cyber News

Cybersecurity's Year of Frights: The Biggest Breaches of 2024

2024 has been a nightmare for data breaches, from telecom giants to healthcare providers and beyond. Let's take a terrifying tour of the most spine-chilling incidents that have haunted industries across the U.S.?

AT&T found itself at the center of two monstrous breaches. In March, nearly 73 million customer records surfaced online, exposing personal identifiers like names, phone numbers, and postal addresses. Even more alarming, the leaked data reportedly included encrypted passcodes for customer accounts. AT&T, still in the dark on the exact cause of this breach, encountered a second scare in July. This breach leaked phone numbers and call logs of nearly all AT&T customers, revealing a glaring vulnerability in data-sharing partnerships with cloud providers like Snowflake.?

The healthcare sector wasn’t spared either. Change Healthcare fell victim to a ransomware attack by a notorious hacking gang, causing widespread system outages at hospitals and clinics. Sensitive patient data, affecting up to 100 million individuals, was exposed.?

Finally, a chilling breach at Snowflake impacted countless organizations, including Ticketmaster, which allegedly lost 560 million records. Hackers exploited stolen credentials to siphon off massive amounts of data.?

These ghastly breaches underscore the importance of robust security practices and heightened vigilance. Beware: cyber threats are scarier than ever!?

Penn State Pays $1.25M Over Cybersecurity Violations

In a recent lawsuit, Penn State University agreed to a $1.25 million settlement over allegations that it violated federal cybersecurity standards in contracts with the Department of Defense (DoD) and NASA. The allegations, raised by the university’s former Chief Information Officer of the Applied Research Laboratory under a whistleblower lawsuit, point to failures in implementing mandated cybersecurity controls on 15 contracts and subcontracts from 2018 to 2023.?

According to the U.S. government, Penn State failed to align with NIST Special Publication 800-171 cybersecurity standards, now part of the Cybersecurity Maturity Model Certification (CMMC) required for many federal contracts. The university was accused not only of failing to comply but of misrepresenting its remediation efforts and using a cloud provider that lacked the required DoD security credentials.?

The case is a significant development in the Department of Justice’s Civil Cyber-Fraud Initiative, which leverages the False Claims Act to address cybersecurity fraud by contractors. The initiative targets organizations that misrepresent their cybersecurity protocols or fail to report breaches promptly. Penn State’s settlement underscores the increasing accountability for institutions entrusted with sensitive information—emphasizing that compliance is no longer optional but a critical requirement in safeguarding national interests. Don’t wait to meet the requirement, reach out to ProCern today for assistance.??

Emerging PaaS Platform Targets Microsoft 365 Accounts

A phishing-as-a-service (PhaaS) platform, Mamba 2FA, has emerged as a growing threat, to Microsoft 365 users. The platform targets users through advanced adversary-in-the-middle (AiTM) attacks where cybercriminals intercept and manipulate communication between users and their trusted services. Mamba 2FA allows attackers to bypass multi-factor authentication (MFA) by capturing victims' authentication tokens, posing a significant risk to both corporate and consumer accounts.??

Mamba 2FA is sold at competitive prices, making it a rapidly growing PaaS platform. The platform is continuously evolving to become even more threatening, with its operators implementing updates to increase stealth and evade detection. One such enhancement includes the use of proxy servers to mask the IP addresses of relay servers, making phishing attempts harder to trace. Additionally, phishing links are designed to be short-lived, reducing the chances of being blocked by security tools.??

With specialized phishing templates for OneDrive, SharePoint Online, and fake voicemail notifications, Mamba 2FA is highly effective at targeting Microsoft 365 users. As phishing tactics become more sophisticated, it is crucial for organizations to remain vigilant. Consider training staff to recognize phishing attempts and adopt additional security measures like hardware security keys, IP allowlisting, and token lifespan management to defend against these emerging threats.?

Upcoming Conferences & CPE Opportunities

WiCys Cyber Con

Calling all cyber students, enthusiasts, and leading experts! Forge alliances and exchange ideas to build a stronger, more secure cyber community. Join WiCys for an exclusive event featuring top local experts, including ProCern’s very own Brandon Clark .

November 13 Denver, CO

The Official Cybersecurity Summit

This Fourteenth Annual Cybersecurity Summit will connect you with C-Suite and Senior Executives responsible for protecting their companies' critical infrastructure. Learn innovative solution providers and access interactive panels and discussions.

November 15 New York, NY

B Sides Chicago

B Sides Chicago is where the worlds of hacking and infosec meet. Join this vibrant, diverse, and inclusive community of enthusiasts from every corner of the cybersecurity world to share knowledge and ignite ideas.

November 2 Chicago, IL