Cybersecurity News
A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.
Noteworthy Cyber Attacks Reported
There have been a tremendous amount of serious Cyber Attacks reported over the past month leading to major disruptions and breaches of data. It has become widely known in the Cybersecurity community that between the holidays in November and the end of the year, there is a major spike in attacks due to the increase of employee time-off and slimmer IT and Security teams, making it harder to react and respond to attacks. This year is no exception and we have absolutely seen this pattern to continue...
The Russian hacker group, KillNet, claims to have infiltrated the FBI’s database, allegedly stealing the personal information of more than 10,000 US federal agents. Like most of their attacks, this alleged attack also appears to have political undertones motivating the pro-Kremlin group. If that's not embarrassing enough, just last week a platform used by the FBI was breached exposing the information of nearly 100,000 contacts. The FBI is not looking great right now in the Cybersecurity community... https://www.hackread.com/russian-killnet-hackers-fbi-agents/
Avem Health Partners, a third-party provider of IT services to healthcare entities, filed a Breach report on Dec. 13 to the state of Maine's attorney general's office, stating that patient information stored on servers of one of its vendors was subject to unauthorized access in an external hacking incident back in May. The breach occurred back on 5/14/22, wasn't discovered until 10/6/22, and is only being reported to consumers as of 12/13/22. This is extremely poor discovery, response and reporting timeframes and should not be acceptable by any measures. This is the direct link to the breach notification: https://apps.web.maine.gov/online/aeviewer/ME/40/4a2de676-9c02-4132-af60-243bb245f388.shtml For more information, see this article: https://www.bankinfosecurity.com/hack-on-services-firms-vendor-affects-271000-patients-a-20755
According to an email notification sent by Okta, there was a security incident this month involving threat actors hacking their private GitHub repositories and stealing Okta's source code. https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/
DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident was initially disclosed in November and was the result of a credential stuffing attack but not a breach of DraftKings’ internal systems. DraftKings also announced that the attackers withdrew roughly $300,000 from some of the compromised accounts, but that it would restore all the stolen funds. On Friday, the company began sending out notifications to impacted customers, informing them that some of their personal information might have been compromised during the incident, reiterating that the attackers used leaked credentials to access the accounts. This is an important reminder to users of why not to use the same credentials for accounts on different services. https://www.securityweek.com/draftkings-data-breach-impacts-personal-information-68000-customers
Noteworthy Vulnerabilities / Threats Discovered
An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries. https://thehackernews.com/2022/12/godfather-android-banking-trojan.html?&web_view=true
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). https://thehackernews.com/2022/12/ransomware-hackers-using-new-way-to.html?&web_view=true
Noteworthy InfoSec News
HITRUST, an organization that offers information risk management certifications and assessments within the Healthcare industry, will release a new version of its CSF framework in January 2023. The new release, HITRUST CSF version 11, will “improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources and streamline the journey to higher levels of assurance", according to their statement. https://www.msspalert.com/cybersecurity-news/hitrust-announces-plans-to-release-new-version-of-csf-framework-in-january-2023/
Cybersecurity predictions for 2023 from AT&T Cybersecurity https://cybersecurity.att.com/blogs/security-essentials/2023-cybersecurity-predictions
A report released today by Big Four accounting firm KPMG found that large majorities of the American public are highly concerned about the security of their personal data, and that US companies aren’t helping matters by ramping up their collection of that data. https://edt.csoonline.com/c/1e7DCy938QhNrMAZmrEPbxj0WmZz
ISC2 has introduced new CISO Leadership Certificates which are a great way to earn CPEs and show verified career progression without having to obtain a new certification. https://www.isc2.org/certificate/CISO-Leadership-Certificates
Check our Twitter and Discord Server for more information:
If you missed the last rundown, check it out here:
Additional resources:
(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. Nearly 280,000 members, associates and candidates strong, we empower professionals who touch every aspect of information security. https://www.isc2.org/
HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management frameworks, related assessments and assurance methodologies. https://hitrustalliance.net/
