Cyber security update, September

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber Security Update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

In a significant data breach at the Centers for Medicare & Medicaid Services (CMS), health and personal information of more than three million health plan beneficiaries was exposed. The breach stemmed from an attack on Wisconsin Physicians Service (WPS) through the MOVEit Transfer vulnerability. Exposed data includes personal details like names, Social Security numbers, and Medicare information. CMS is offering credit monitoring services to affected individuals.

Fortinet suffered a data breach resulting in the theft of 440GB of files from its Microsoft SharePoint server, compromising limited customer data. The threat actor, "Fortibitch," attempted to extort Fortinet for ransom, but the company refused to pay, leading to the data leak.

Russian anti-malware company Dr.Web experienced a cyberattack over the weekend, prompting a temporary halt in virus database updates and a disconnection of its servers.

Despite the security breach, Dr.Web confirmed that none of its customers were impacted and it has since resumed virus database updates after implementing measures to isolate and eliminate the threat.

The city of Arkansas City, Kansas, experienced a cybersecurity incident at its Water Treatment Facility, prompting a switch to manual operations to ensure water safety and service continuity. Despite the incident, efforts are underway to resolve the issue and safeguard the water supply for Arkansas City residents.

In another significant data breach, The Star Health data leak includes highly sensitive information such as policy documents, claims forms, personal identification numbers, tax details, medical reports, and more. The threat actor, operating under the pseudonym “xenZen,” has been distributing free samples through chatbots on Telegram.

MoneyGram International has experienced a cybersecurity incident, leading to disruptions in its operations. The company is collaborating with cybersecurity experts and law enforcement to address the attack's impact. The frequency and severity of cyberattacks on the financial sector have increased, with potential direct and indirect financial losses emphasizing the critical need for effective cybersecurity management.

Huntress construction firm was breached by hackers who used brute-force attacks on accounting software, particularly targeting exposed Microsoft SQL servers. These attacks allowed cybercriminals to exploit weak credentials, gaining access to privileged accounts and executing system commands. The breaches impacted various construction companies, including plumbing and HVAC firms.

In another data breach, Transport for London (TfL) has confirmed that customer data, including names, contact details, and bank account information for some customers, has been compromised in a cyberattack. Despite minimal impact on customers so far, TfL is still facing system outages and disruptions, with certain services temporarily suspended or unavailable.

Cyber security awareness

CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. Federal agencies have been given three weeks to secure vulnerable systems and private organizations worldwide are advised to prioritize mitigating this vulnerability to block ongoing attacks.

National Insider Threat Awareness Month emphasizes the importance of employee security and awareness training to mitigate insider threats at all levels within an organization. Over the past two decades, cybersecurity threats have evolved from simple attacks on files to complex attacks targeting entire ecosystems, leading to the need for advanced protection measures.

The 2024 Cybersecurity Awareness Campaign in Hong Kong aims to enhance public understanding of cybersecurity through interactive games and exhibits, featuring a new mascot designed to symbolize strength, courage, and wisdom. The event, supported by government officials and industry leaders, seeks to promote cybersecurity awareness and engage the public in creating a more secure cyberspace in Hong Kong.

CISA has added a critical remote code execution (RCE) flaw in Apache HugeGraph-Server to its Known Exploited Vulnerabilities (KEV) catalogue, with active exploitation observed in the wild. Users of HugeGraph-Server are advised to upgrade to version 1.3.0, use Java 11, enable the Auth system, and implement the "Whitelist-IP/port" function to secure the RESTful-API execution.

CISA and the FBI are urging technology manufacturing companies to review their software and ensure future releases are free of cross-site scripting vulnerabilities to prevent exploitation by threat actors. This alert is part of CISA's "Secure by Design" series, aimed at highlighting persistent software vulnerabilities and urging manufacturers to eliminate them.

The Walt Disney Company is moving away from Slack for internal communications following a major data breach that exposed over a terabyte of sensitive information. While the move from Slack will occur by the end of Disney’s next fiscal year, Disney continues to utilize Salesforce products in its business.

Cybersecurity Awareness Month 2024

October is Cyber Security Awareness Month, a crucial initiative aimed at educating individuals and organizations about the importance of cybersecurity. As you fine-tune your cybersecurity strategy, learn how to avoid cybersecurity overload.