CISO Daily Update - October 14, 2024
NEW DEVELOPMENTS
Cyberattack Targets Healthcare Nonprofit Overseeing 13 Colorado Facilities
Source: The Record
Axis Health System, which oversees 13 healthcare facilities in Colorado, suffered a cyberattack that disrupted its patient portal. The Rhysida ransomware gang–known for attacking hospitals–is demanding over $1.5 million in ransom. While the investigation into compromised data continues, affected individuals will be notified if their information is exposed. This attack follows a report revealing widespread exposure of healthcare devices online–increasing concerns about unauthorized access and vulnerabilities within the healthcare sector.
American Water Starts to Reactivate Systems After Oct 3rd Cyberattack
Source: Cybernews
American Water is gradually reactivating its IT systems after a cyberattack on October 3rd, with the MyWater customer portal back online and billing services resuming. The company confirmed that water and wastewater services were not affected, and water quality remains safe. While the exact nature of the attack is still under investigation, some speculate it may have been ransomware-related. American Water is collaborating with security teams and law enforcement to strengthen its systems. No late fees will be applied for the service outage period.
Casio Says Ransomware Attack Exposed Info of Employees, Customers and Business Partners
Source: The Record
Casio confirmed a ransomware attack on October 5 that compromised the personal data of employees, customers, and business partners. Hackers accessed servers and stole sensitive information, though customer credit card details were unaffected. Casio is collaborating with external security firms and authorities to resolve the breach. The “Underground” ransomware gang, linked to the Russia-based RomCom group, claimed responsibility. Casio has warned affected individuals about potential phishing risks and urged caution when handling suspicious emails.
National Public Data Files for Bankruptcy, Citing Fallout From Cyberattack
Source: The Record
Leading background check company National Public Data filed for bankruptcy after a cyberattack in December 2023 exposed millions of social security numbers. The breach triggered legal claims from multiple states, federal investigations, and class action lawsuits, as stolen data–including information on both living and deceased individuals–was sold on the dark web. Parent company Jerico Pictures cited overwhelming liabilities and lost revenue as reasons for the bankruptcy, with its insurance refusing to cover the breach.
OpenAI Confirms Threat Actors Use ChatGPT to Write Malware
Source: Bleeping Computer
OpenAI confirmed that cybercriminals, including Chinese and Iranian groups, use ChatGPT to enhance malware development, vulnerability research, and social engineering. Threat actors such as SweetSpecter, CyberAv3ngers, and Storm-0817 have leveraged AI to automate malware debugging, scripting, and evading detection. OpenAI has already blocked over 20 malicious activities, banning accounts and sharing intelligence with cybersecurity partners. While these AI tools don’t create new types of threats, they are boosting the speed and sophistication of cyberattacks–making them a growing challenge for security teams.
US Border Agency Under Fire for App's Handling of Personal Data
Source: Infosecurity Magazine
The US Customs and Border Protection (CBP) faces criticism over the CBP One app's handling of migrants' personal data–i.e., concerns about transparency and potential misuse. Digital rights groups Access Now and Harvard Law’s Cyberlaw Clinic have sued CBP for failing to fully comply with Freedom of Information Act (FOIA) requests. In response, CBP released 2,912 heavily redacted pages of documentation. The ongoing investigation seeks to clarify how migrants' data is processed and whether it has been weaponized against them.
FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation
Source: The Hacker News
The FBI’s Operation Token Mirrors exposed rampant crypto market manipulation by creating a fake cryptocurrency called NexFundAI. This sting operation led to the arrests of 18 individuals and entities, seizing over $25 million in cryptocurrency and disabling several fraudulent trading bots. Defendants were charged with inflating token prices through wash trading and pump-and-dump schemes.
VULNERABILITIES TO WATCH
Update Now As Critical Windows 9.8/10 Vulnerability Confirmed
Source: Forbes
Microsoft's CVE-2024-43468 vulnerability, rated 9.8/10 for severity, poses a critical risk for users of Microsoft's Configuration Manager as it allows attackers to execute remote code. Although not a zero-day, the vulnerability's low complexity and no-interaction nature make it highly dangerous. Mitigating this issue is complex, requiring specific administrator actions and manual processes outlined in Microsoft's documentation. Experts urge immediate updates and recommend using alternate service accounts to reduce risk and prevent lateral movement within networks. Failure to act could lead to severe breach impact across enterprise environments.
Recommended by LinkedIn
Ransomware Operators Exploited Veeam Backup & Replication Flaw CVE-2024-40711 in Recent Attacks
Source: Security Affairs
Sophos identified ransomware operators exploiting the critical remote code execution vulnerability CVE-2024-40711 in Veeam Backup & Replication. Attackers are using this flaw to create rogue accounts and deploy ransomware. They are taking advantage of compromised credentials and VPN gateways without multifactor authentication, targeting Veeam’s URI on port 8000 to deploy malware and steal data. This issue reinforces the need for urgent patching, updating outdated systems, and enabling multifactor authentication for secure remote access.
CISA: Hackers Abuse F5 Big-IP Cookies to Map Internal Servers
Source: Bleeping Computer
CISA alerted administrators that hackers are exploiting unencrypted persistent cookies in F5 BIG-IP's Local Traffic Manager (LTM) module to map internal network devices and identify vulnerabilities. These default unencrypted cookies carry encoded data about internal servers, leaving networks open to attacks. CISA recommends following F5’s guidance to enforce cookie encryption using strong AES-192 encryption to reduce this risk. F5 has also released a diagnostic tool, BIG-IP iHealth, to help detect misconfigurations that may expose networks to cyber threats.
GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities
Source: Security Week
GitLab issued patches for eight vulnerabilities, including critical pipeline execution flaws (CVE-2024-9164 and CVE-2024-8970) that allow attackers to run pipelines on unauthorized branches or impersonate other users. Other high-severity issues include a server-side request forgery (SSRF) and a cross-site scripting (XSS) vulnerability. These vulnerabilities affect multiple versions of GitLab Community and Enterprise Editions. GitLab users are urged to update to the latest versions (17.4.2, 17.3.5, and 17.2.9).
HashiCorp Cloud Vault Vulnerability Let Attackers Escalate Privileges
Source: Cyber Security News
HashiCorp revealed a critical vulnerability (CVE-2024-9180) in its Vault platform that allows attackers with write permissions to escalate privileges to the root policy–potentially compromising the Vault instance. This flaw affects Vault Community and Enterprise Editions from versions 1.7.7 to 1.17.6. Although the impact is limited to the root namespace, successful exploitation could lead to severe consequences. HashiCorp urges users to update to the patched versions or implement mitigation measures, including policies and monitoring audit logs for suspicious activity.
SPECIAL REPORTS
Data Loss Incidents Impact Patient Care
Source: Help Net Security
A Proofpoint report reveals that 92% of healthcare organizations faced cyberattacks in the past year, with 69% experiencing disruptions to patient care, including delays in procedures and increased mortality rates. The most common attacks involved business email compromise, ransomware, and supply chain breaches, while employee negligence and insecure mobile apps posed significant risks. Although cybersecurity budgets have increased, 55% of respondents struggle with a lack of in-house expertise.
SOC Teams: Threat Detection Tools Are Stifling Us
Source: Darkreading
SOC teams are struggling with an overload of false positives from threat detection tools, leading to burnout and missed threats, according to a Vectra survey. Security professionals deal with an average of 3,832 alerts daily, with 62% ignored and 71% concerned about missing real attacks. Many blame vendors for flooding systems with alerts aimed at compliance rather than real security needs. However, AI is emerging as a solution, with 67% of respondents seeing improvements in threat detection and 73% reporting less burnout after adopting AI-powered tools.
Cyber Insurer Says Ransomware Attacks Drove a Spike in Claim Sizes
Source: The Record
A report from the cyber insurer Coalition reveals that while the number of claims decreased in the first half of 2024, the average claim size grew by 14%, reaching $122,000. This spike is driven by the increasing severity of ransomware attacks, with the average loss for ransomware claims soaring 68% to $353,000. Ransomware gangs are increasingly targeting larger businesses, with some open to negotiating ransoms. Business email compromise (BEC) remains the most frequent cyber event, making up nearly one-third of all claims.
Sonatype Reports 156% Increase in OSS Malicious Packages
Source: Infosecurity Magazine
Sonatype's latest report shows a 156% rise in open-source software (OSS) malware, identifying over 704,000 malicious packages since 2019. This surge is fueled by the rapid growth in OSS consumption, particularly in JavaScript (npm) and Python (PyPI) ecosystems. Despite fixed versions being available, many vulnerabilities persist due to outdated dependencies, with 13% of Log4j downloads still at risk. Sonatype urges stronger security practices as software supply chain attacks become more sophisticated.
Finding value in this newsletter? Like or share this post on LinkedIn
Cyber Resilience Thought Leader | CEO, Cyber Risk Opportunities | Cybersecurity LinkedIn Learning Course Instructor | Co-host Cyber Risk Management Podcast | Amazon Best Selling Author | International Keynote Speaker
2moI continue to find your Daily Update very useful. Thanks Marcos Christodonte II!!