Qiliin ransomware upgrade, Sharepoint KEV flaw, Rhysida ransoms Easterseals
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Researchers reveal upgraded Qilin ransomware-as-a-service
According to researchers at cybersecurity firm Halcyon, the makers of the Qilin ransomware-as-a-service have modified their product into a variant that is being called Qilin.B. In a report published yesterday, Thursday, the researchers started, “Qilin.B’s combination of enhanced encryption mechanisms, effective defense evasion tactics, and persistent disruption of backup systems marks it as a particularly dangerous ransomware variant.” It also includes additional obfuscation techniques that makes signature-based detection difficult. Qilin is best known for its attacks on healthcare organizations, including June’s attack on the UK health provide Synnovis.
(Cyberscoop and Halcyon)
CISA adds Microsoft SharePoint flaw to its KEV catalog
The flaw in question is the Microsoft SharePoint Deserialization Vulnerability, which has a CVSS v4 score of 7.2 and a CVE number: CVE-2024-38094.This means “an authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.” Federal agencies must fix this vulnerability by November 12, and of course it is recommended that private organizations review the Catalog and address this vulnerability.
Rhysida ransoms Easterseals
Another ransomware gang famous for attacking healthcare organizations has claimed responsibility for a ransomware attack on the central Illinois location of Easterseals, a non-profit organization that focuses on care for the disabled. The attack itself happened in April, resulting in the theft of PII as well as medical information, health information and passport information of almost 15,000 people. The gang is demanding payment of 20 bitcoin.
Cisco warns of ASA and FTD software vulnerability under active attack
Cisco is in the news for a second time this week, this time in regard to a flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. This flaw impacts the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. The company says, “an attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device…resulting in a DoS of the RAVPN service on the affected device.” This is also known as resource exhaustion. Cisco has released updates to address this flaw.
领英推荐
Thanks to today’s episode sponsor, SpyCloud
Penn State fined for failing to meet cyber requirements in federal contracts
The university has been fined $1.25 million for “failing to comply with cybersecurity requirements laid out in its contracts with federal agencies.” The issue involves 15 contracts made between the school and the Department of Defense and NASA in which the school was accused of “failing to implement cybersecurity controls between 2018 and 2023, and after acknowledging the issues it allegedly subsequently failed to develop or implement any plans to correct the issues.” The DOJ has added that said Penn State “admitted its cybersecurity failings in assessment filings and pledged to fix them but misrepresented the dates by which it would implement them and did not pursue plans of action to do so.
67% of organizations say employees lack basic security awareness, says Fortinet
According to Fortinet’s 2024 Security Awareness and Training Global Research Report, two thirds of organizations are concerned that their employees lack fundamental security awareness. This is an increase from last year when the number was 56%. Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security, suggests that in addition to improving employee security awareness training, “IT security teams must implement strong identity and access management (IAM) frameworks with compensating controls like multi-factor authentication (MFA) to mitigate phishing attempts.”
White House issues updated AI National Security Memo
This document sets out “key actions for the federal government to advance the safe, secure and trustworthy development of the technology in the interests of U.S. national security,” including steps to track and also counter adversarial development and use of AI. The document builds on President Biden’s Executive Order of October 2023 that sought to establish new standards for AI safety and security, and also builds on the international Bletchley declaration on responsible AI development published in November 2023. A link to a summary of the memo’s key actions” is available in the show notes.
Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland
On the first day of the first ever Pwn2Own contest held in Ireland, hackers demonstrated 52 zero-day vulnerabilities across a wide range of devices, earning a total of $486,250 in cash prizes. The biggest prize of the day went to a group named Summoning Team who revealed “a chain of nine vulnerabilities to go from QNAP QHora-322 router to TrueNAS Mini X device. This earned them a $100,000 payout and 10 Master of Pwn points. The event concludes today.