Full width home advertisement

Post Page Advertisement [Top]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Sasha Pereira, CISO, WASH.

To get involved you can watch live and participate in the discussion on YouTube Live
https://youtube.com/live/cZtk-TQe2As or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover, time permitting:

LockBit’s website is back
The NCA, FBI, and Europol are having a bit of fun with the LockBit ransomware gang’s former website. The agencies, which seized the site back in February, have replaced the original content with their own press releases, and are now planning to release new information about the hackers. On Monday, the site had a countdown to some of the teasable posts, including “Who is LockbitSupp?” and “More LBhackers exposed.” Here’s the good news: if you are reading this after 9 a.m. ET on Tuesday, May 7th, 2024, the posts should already be live.
(TechCrunch) , (Bleeping Computer)

Lockbit takes credit for Wichita attack
The pernicious ransomware organization added the city of Wichita to its leak site, giving officials until May 15th to pay an unspecified ransom. We previously covered the city’s announcement of the attack over the weekend. In the wake of the attack, city officials say it can only accept cash or checks for all city services, although the city will not shut off water services as a result until regular payment methods come back online. This attack also comes on the heels of the US law enforcement agencies publicly naming the suspected leader of LockBit, Dmitry Khoroshev.
(The Record)

Feds warn about North Korean exploitation of improperly configured DMARC
The FBI, the NSA and the State Department published a joint advisory last stating that hackers from the Kimsuky operation are targeting improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies.” DMARC is supposed to authenticate email messages to avoid spoofing. After identifying email systems whose DMARC is improperly configured, the group then prepares and sends convincing spearphishing emails which appear to have been sent from a legitimate domain.
(The Record)

NSC’s Neuberger suggests operational approach for on mitigating cyberattacks
In an interview with Click Here, a podcast from Recorded Future News, deputy national security adviser for cyber and emerging technologies Anne Neuberger suggests that more should now be done to build cybersecurity into an organization’s daily operations. Describing how much of the focus is on restoration as in “how quickly can an attacked hospital or pipeline recover from an attack,” she says now more than ever the process must shift to having “the right operational risk measures to ensure we’re taking the right steps.” As an example, she highlights with a pipeline “the network connecting the traditional corporate part and the operational part that controls gas flow [needs to] have separations, so a hacker hacking somebody’s email can’t disrupt oil in a pipeline.” From a threat perspective, she highlights the change in China’s cyber operations as a shift from espionage, stealing national secrets or corporate intellectual property, to pre-positioning in critical services like water systems and pipeline systems.
(The Record)

Two-thirds of organizations failing to address AI risks
According to new research from ISACA, just 34% of digital trust professionals believe organizations are paying sufficient attention to AI ethical standards. Under a third (32%) said organizations are adequately addressing AI concerns such as data privacy and bias. This despite 60% of respondents stating that employees at their organization are using generative AI tools in their work. The study said the number of organizations now formally permit the use of generative AI is up 14% compared to just six months ago. The three most common ways AI is currently used are to increase productivity (35%), automating repetitive tasks (33%) and creating written content (33%).
(Infosecurity Magazine)

Cancer patient data exposed for 5 years gets copied by unidentified third parties
California-based Guardant Health is now busy alerting patients that “information related to samples collected in late 2019 and 2020 was inadvertently exposed online to the general public after an employee mistakenly uploaded it.” The information included PII and test results. Affected people may never have been aware of Guardant’s existence let alone the breach, because it is a supplier of testing services to physicians and hospitals. The data was accessible from October 5, 2020, to February 29, 2024 - before being noticed by the company. Guardant confirms, “the file containing the sensitive data was copied by unidentified third parties between September 8, 2023, and February 28, 2024.
(BitDefender)

Gift card fraud ring targets retailers’ employees
A warning from the FBI regarding Storm-0539, a financially motivated hacking group that targets the mobile devices of retail department staff using a phishing kit that enables them to bypass multi-factor authentication. After stealing the login credentials of gift card department personnel, the group seeks out SSH passwords and keys, which along with employee PII can be sold online. They then use compromised employee accounts to generate fraudulent gift cards.
(BleepingComputer)

CISA is moving the needle on vulnerability remediation
CISA launched its Ransomware Vulnerability Warning Pilot in January 2023, and issued 1,754 warning notices to entities with vulnerable internet-accessible devices in its first year. The agency said that nearly half (for a total of 852) of these notifications resulted in organizations either patching, briefly taking systems offline to fix the issue, or otherwise mitigating exploitable flaws. The pilot program is set to launch as a fully automated warning system by the end of next year.Another CISA-led initiative called Known Exploited Vulnerabilities (KEV), which the agency introduced in 2021, is also speeding up vuln remediation times. The KEV is designed to notify government agencies and enterprises of high-risk threats in the wild. Bitsight reported that critical KEVs are remediated 2.6 times faster than a non-KEV threats, while high-severity KEVs are fixed 1.8 times faster. Non-profits and NGOs are the slowest to remediate, while tech companies and insurance and financial firms are the fastest.
(The Register and Dark Reading) submitted by /u/CISO_Series_Producer
[link] [comments]


http://dlvr.it/T6j5dD

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib