CISO Daily Update - October 25, 2024
NEW DEVELOPMENTS
UnitedHealth Says Data of 100 Million Stolen in Change Healthcare Breach
Source: Bleeping Computer
UnitedHealth confirmed that over 100 million individuals had their personal and healthcare data stolen in a February 2024 ransomware attack on its subsidiary, Change Healthcare. This incident marks the largest healthcare data breach in recent history. The breach exposed sensitive information including health insurance details, medical records, billing information, and social security numbers. The BlackCat ransomware gang carried out the attack–causing significant disruptions across the U.S. healthcare system and leading to a $22 million ransom payment. Despite the payment, additional data leaks occurred, with total losses from the breach projected to reach $2.45 billion by the end of September 2024.
Insurance Admin Landmark Says Data Breach Impacts 800,000 People
Source: Bleeping Computer
Insurance administrative services provider Landmark Admin disclosed a data breach affecting over 800,000 people due to a cyberattack in May 2024. The breach exposed sensitive data including social security numbers, financial account details, medical information, and insurance policy data. Landmark detected suspicious activity on May 13 and hired a third-party cybersecurity firm to investigate. Affected individuals will be notified and advised to monitor their credit reports and bank accounts for potential fraud. The investigation is ongoing.
Yearlong Henry Schein Breach Probe Surges Victim Total Five-Fold
Source: Cybernews
Healthcare technology and distribution company Henry Schein has concluded its investigation into the 2023 ransomware attack by the ALPHV/BlackCat group, disclosing that the breach impacted over 166,000 individuals—more than the initially estimated 30,000. The October 2023 attack led to the theft of 35 TB of sensitive data, including personal, financial, employee, and medical records. The investigation was extensive and the breach severely disrupted Henry Schein’s operations, affected its revenue, and prompted a reduction in its annual profit forecast.
Autobell Breach Impacts Over 52K
Source: SC Media
A data breach at U.S. car wash network Autobell exposed sensitive information from over 52,000 individuals after a system compromise that lasted nearly a week in early April. Stolen data may include names, addresses, social security numbers, driver's license numbers, tax IDs, passport details, and medical and financial information. The breach is potentially linked to the Medusa ransomware group and allegedly involved the exfiltration of 183.3 GB of data–including customer records, contracts, and payroll details.
Ransomware Gang Stoops to New Low, Targets Prominent Nonprofit for Disabled People
Source: The Record
The Rhysida ransomware gang has attacked the disability nonprofit Easterseals, demanding $1.3 million in Bitcoin after compromising the personal data of nearly 15,000 individuals. The attack targeted Easterseals' Central Illinois location and occurred in April. While Easterseals has not publicly addressed the ransom demand, the organization has strengthened its security by adding endpoint protection and multi-factor authentication. Rhysida is notorious for targeting hospitals and nonprofits and has threatened to leak the stolen data if their demands are not met by October 30.
Wisconsin Sued Over Voting System’s Allegedly Weak Cyber Protections
Source: The Record
An election clerk and a voter have sued the Wisconsin Elections Commission (WEC), claiming weak cybersecurity in the state's MyVote portal. The lawsuit alleges that the system, which handles voter registration and absentee ballot requests, allows anyone with a name and birthdate to request ballots without proper verification–raising concerns about potential fraud. The plaintiffs want the platform suspended until a security audit is completed. This case adds to ongoing election security concerns, echoing issues seen in states like Georgia, despite federal reassurances that election infrastructure remains secure.
Penn State Fined $1.25 Million for Failing to Meet Cyber Requirements in Federal Contracts
Source: The Record
Penn State University was fined $1.25 million for failing to meet cybersecurity requirements in 15 federal contracts with the Department of Defense and NASA from 2018 to 2023. The university admitted to not implementing the necessary cybersecurity controls and misrepresenting the timelines for addressing these issues. The case, filed under the False Claims Act, was revealed by whistleblower Matthew Decker, the university's former CIO, who will receive $250,000. This settlement falls under the Department of Justice’s Civil Cyber-Fraud Initiative.
VULNERABILITIES TO WATCH
Cisco ASA, FTD Software Under Active VPN Exploitation
Source: Darkreading
Cisco issued a patch for a denial-of-service (DoS) vulnerability (CVE-2024-20481) in its Remote Access VPN (RAVPN) software, found in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This medium-severity flaw is actively exploited in the wild. It allows unauthenticated threat actors to remotely cause resource exhaustion through brute-force attacks–potentially requiring a device reload to restore services. While no workaround exists, Cisco recommends updating the software and implementing measures like logging, threat detection for VPN services, and blocking unauthorized access attempts to mitigate risk.
Recommended by LinkedIn
U.S. CISA Adds Fortinet FortiManager Flaw to Its Known Exploited Vulnerabilities Catalog
Source: Security Affairs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager vulnerability (CVE-2024-47575) to its Known Exploited Vulnerabilities (KEV) catalog, marking it as a critical issue with a CVSS score of 9.8. This flaw, caused by missing authentication, allows remote attackers to execute arbitrary code or commands through specially crafted requests. Fortinet confirmed that the vulnerability is being exploited in the wild, though they haven't seen malware or backdoors installed yet. CISA has given federal agencies a deadline of November 13, 2024 to address the flaw. Fortinet has released updates and provided workarounds to help mitigate the risk.
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
Source: The Hacker News
A critical security vulnerability in Amazon Web Services (AWS) Cloud Development Kit (CDK), called “FortiJump” (CVE-2024-47575) was discovered, posing a risk of account takeovers. If exploited, attackers could gain administrative access to AWS accounts by targeting predictable S3 bucket names created during the CDK bootstrapping process. AWS patched the flaw in CDK version 2.149.0, urging users to update and adopt unique bucket naming strategies. The vulnerability impacted 1% of CDK users, and AWS has notified affected customers while reinforcing security measures.
Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers
Source: Security Week
Nvidia released urgent security updates to address eight high-severity vulnerabilities in its GPU drivers for Windows and Linux and its virtual GPU (vGPU) software. These vulnerabilities, identified as CVE‑2024‑0117 through CVE‑2024‑0121 and CVE‑2024‑0126, could allow attackers to execute code, escalate privileges, cause denial-of-service, access sensitive information, and tamper with data. Two critical flaws, CVE‑2024‑0127 and CVE‑2024‑0128, in the vGPU software, could enable users to escalate privileges and modify data. Nvidia strongly urges users to update affected drivers immediately to protect their systems from these threats.
GitLab Patches HTML Injection Flaw Leads to XSS Attacks
Source: GBHackers
GitLab released critical updates for its Community and Enterprise Editions to fix a high-severity HTML injection vulnerability (CVE-2024-8312) that could lead to cross-site scripting (XSS) attacks. This flaw, found in the Global Search field on diff views, affects versions 15.10 through the latest pre-patch releases and poses a significant risk to confidentiality and integrity, with a CVSS score of 8.7. The patches are available in versions 17.5.1, 17.4.3, and 17.3.6, also address a medium-severity DoS vulnerability (CVE-2024-6826). GitLab strongly urges users to update self-managed installations immediately.
SPECIAL REPORTS
Ransomware’s Ripple Effect Felt Across ERs as Patient Care Suffers
Source: The Register
According to Microsoft, ransomware attacks have hit 389 U.S. healthcare organizations this fiscal year, severely disrupting patient care and costing facilities up to $900,000 per day in downtime. The financial impact is significant, with average ransom payments reaching $4.4 million and, in some cases, soaring to $22 million. Beyond the monetary losses, these attacks are directly harming patient outcomes, with an 81% increase in cardiac arrests and a sharp decline in survival rates for out-of-hospital cardiac arrests. The rise of ransomware-as-a-service, supported by safe havens like Russia and involvement from Iranian and Chinese threat actors, has led to a 300% increase in attacks.
AI and Deepfakes Fuel Phishing Scams, Making Detection Harder
Source: Help Net Security
AI-driven impersonation and deepfakes have made phishing scams more sophisticated and harder to detect, with 52% of cybersecurity professionals identifying AI impersonation as the toughest attack vector to defend against. Tools like WormGPT enable criminals to launch more convincing phishing campaigns quickly and cheaply, increasing the risk of credential theft and social engineering attacks. While 68% of companies use AI-enhanced tools to combat these threats, experts caution against overconfidence. They advise focusing on eliminating credential-based vulnerabilities through cryptographic identity and least privileged access to better defend against these evolving attacks.
Cybersecurity Teams Largely Ignored in AI Policy Development
Source: Infosecurity Magazine
Despite the growing adoption of AI in organizations, cybersecurity teams are largely being excluded from AI policy development, with only 35% of professionals involved in shaping these strategies, according to ISACA research. Cybersecurity’s limited role in policy creation raises concerns about its integration into governance frameworks. Experts warn that excluding cybersecurity from AI policy development could expose enterprises to significant risks.
Finding value in this newsletter? Like or share this post on LinkedIn
Global Chief Marketing & Growth Officer, Exec BOD Member, Investor, Futurist | AI, GenAI, Identity Security, Web3 | Top 100 CMO Forbes, Top 50 Digital /CXO, Top 10 CMO | Consulting Producer Netflix | Speaker
2moMarcos, thanks for sharing! How are you doing?
Entrepreneur | Career Transition Coach | Customer Service Advocate | Mocktail Distributor Martial Artist | Author | Speaker
2moBeast, awesome coverage and depth of information and appropriate links. It’s a pleasure to always run through your newsletter. Bravo and happy Friday TGIF 🏆🤗🌴🦋💕🎶