Cybersecurity Saturday - Ermer and Suter PLLC

From the cybersecurity breaches and vulnerabilities front —

Cybersecurity Dive tells us,
- “Distributed denial of service attacks surged during the second quarter as criminal and state-linked hacking organizations unleashed a number of sophisticated attacks against critical infrastructure providers and other organizations across the globe, Cloudflare said in a report released Tuesday.
- “Experts linked pro-Russia hacktivist groups, including Killnet and Anonymous Sudan, to recent major DDoS attacks against Microsoft and threats against financial centers in the U.S. and Europe.
- “Cloudflare research shows a sharp increase in deliberately engineered and targeted DNS attacks.”

Health IT Security adds,
- “Healthcare organizations face an uptick in cyber threats as malicious actors turn to tools like ransomware, artificial intelligence (AI), and Internet of Things (IoT) attacks. These threats are becoming increasingly significant in the dynamic cyber threat landscape, a Trustwave SpiderLabs report revealed.
- “The report “Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape” provides insights and practical strategies to address the specific threats faced by healthcare organizations.”

Security Week informed us on July 21, 2023,
- “Researchers at cloud security startup Wiz have an urgent warning for organizations running Microsoft’s M365 platform: That stolen Microsoft Azure AD enterprise signing key gave Chinese hackers access to data beyond Exchange Online and Outlook.com.
- “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, and OneDrive,” Wiz researcher Shir Tamari said in a document posted online.
- “Tamari said the hackers may have also accessed Microsoft customer applications that support the “login with Microsoft” functionality and multi-tenant applications in certain conditions.”

Also per Security Week on July 18, 2023, “At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that the software giant has not completely patched.”

The Cybersecurity and Infrastructure Security Agency added one more known exploited vulnerability to its catalog on July 19, 2023, and two more on July 20, 2023.

From the ransomware front —

The FEHBlog welcomes back Bleeping Computer’s Week in Ransomware after two weeks away. This week’s article covers news from July 8 forward.

From the cybersecurity defenses front —

What’s more, CISA “has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transition into a cloud environment and identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.”

HHS’s Health Sector Cybersecurity Coordination Center (HC3) on July 18, 2023, informed us about patches available for Critical and High Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway) vulnerabilities.

HC3 also issued an analyst note on July 21, 2023, about Remote Identity Management.
- “Identity theft is not limited to stolen medical records, social security numbers, and financial data. Threat actors can also target institutions by capitalizing on gaps in user access protocols, hiring processes, and mitigation capabilities to conceal some aspect of their identity and attention. Identity verification, fraud detection and user authentication are imperative when implementing a robust Identity and Access Management (IAM) program.”

ISACA explains how to build cybersecurity resilience throughout an organization.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog