Week of June 7th, 2024
Welcome to Your Cybersecurity Recap: a bite-sized weekly newsletter by cybersecurity enthusiasts, for cybersecurity enthusiasts.
Here are this week’s top takeaways:
Urgent Remote Exploit Alert Issued for Blood Pressure Monitors?
This week, the HHS Health Sector Cybersecurity Coordination Center (HC3) published a sector alert regarding two recently disclosed critical cybersecurity vulnerabilities in Baxter products that could result in credential exposure if exploited. The vulnerabilities impact both the Baxter Welch Allyn Configuration Tool (versions 1.9.4.1 and prior) and the Baxter Welch Allyn Connex Spot Monitor (versions 1.52 and prior). The configuration tool vulnerability (CVE-2024-5176) received a Common Vulnerability Scoring System (CVSS) score of 9.4, while the spot monitor vulnerability (CVE-2024-1275) received a CVSS score of 9.1.
This alert followed a Cybersecurity and Infrastructure Security Agency (CISA) industrial control systems (ICS) medical advisory on the topic, which first flagged the healthcare sector at large of the potential risks associated with these remote exploit vulnerabilities.
Baxter proactively disclosed the vulnerabilities to CISA and stated in a recent release that it has not found any evidence that either vulnerability has yet been exploited. However, both are exploitable remotely and could lead to the unintended exposure of credentials to unauthorized users. Additionally, exploitation of these vulnerabilities could allow an attacker to modify both device configuration and firmware data–leading to significant threats to patient care and safety.?
“Successful exploitation of one of these vulnerabilities could result in an impact and/or delay to patient care,” HC3 noted.
The configuration tool vulnerability involves insufficiently protected credentials. In this case, the product transmits authentication credentials in an insecure way that makes it susceptible to unauthorized interception.
With 47% of healthcare breaches originating from third-party insiders, proactive cybersecurity investment has never been more critical.
Oil and Gas Giant Investigating Potential Security Breach
Oil and gas giant Shell says it is investigating a possible cybersecurity incident. Their recent statement reads: “On May 29, Shell was made aware of a potential cybersecurity incident. An internal investigation is underway to fully understand the details of the potential cybersecurity incident."
Shell is a multinational company headquartered in London, England, and operating in more than 70 countries. It has not yet confirmed whether customer data has potentially been leaked, if the incident would impact company operations, or any other details about the scale or nature of the incident.?
Oil and gas organizations tend to have a broad attack surface of connected digital systems. These systems could include business information technology (IT) systems, industrial operational technology (OT) assets, and connected web of suppliers of digital products and services.?
领英推荐
As noted in the official National Cyber Threat Assessment 2023-2024, the more Internet-connected assets an organization has, the larger the threat surface, which could increase the cyber threat it faces. For oil and gas, this equates to a higher attack risk: Statistics Canada survey data shows that about 25% of all Canadian organizations classified as oil and gas reported a significant cyber incident annually–the highest of any critical infrastructure sector.
This recent data breach is a prime example of how no organization is 100% fortified against cyberattacks, no matter how small or large their attack surface may be. When it comes to how long the average cyberattack lasts in 2023, the average across North America is an estimated 24 days.
However, this is highly dependent on an organization's cybersecurity efforts. Other critical statistics surrounding the length of cyberattacks in 2023 include, but aren't limited to:
However, ensuring that an organization's cybersecurity is up to regulatory standards can help diminish both the risk of an attack and the financial and reputational losses that may be faced in the wake of a successful one.
Privacy Incidents Revealed Via Google Database Leak
An internal Google document not meant for public view has been obtained by publication 404 Media, and it catalogs six years of privacy breaches previously unknown outside of the company.
The database leak contains incidents flagged as potential security or privacy breaches ranging from 2013 to 2018. Google has verified to media sources that the leak is legitimate. The leaked database in question contains incidents flagged internally by employees of assorted departments, which are then sent to a reviewer who determines how to proceed.?
There are over thousands of incidents in total compiled in the database leak, but in their statement Google states that a portion of these “ultimately are not determined to be actual issues or are found to be a problem with a third party vendor or partner.”
One of the highest-level incidents orbited around an unspecified government agency that is, according to the leaked database, a Google cloud storage client, which unknowingly had its sensitive data transferred to a consumer product. Another serious recorded incident involves a bug in a specific filter used by a Google speech service, which resulted in over 1,000 hours of audio of various children speaking to be recorded and stored. Google stated that the team involved, after an undefined amount of time, registered the bug and deleted the data.
Cloud-related challenges are one of the top hurdles for organizations worldwide in 2024 and beyond. Namely:
Are you looking to take the next steps towards robust cloud security? Reach out to our team today.