Cyber Risk Update 5 JAN 2024

This is a selection of this week's events. For more news and advisories, check out our discord server. CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions. As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024. https://www.darkreading.com/cyber-risk/i-securely-resolve-cisos-it-security-leaders-share-2024-resolutions

JD Supra: Cybersecurity in 2024: Ten Top Issues to Consider (01/03) https://www.jdsupra.com/legalnews/cybersecurity-in-2024-ten-top-issues-to-4514797

Cyber Incidents

• 23andMe says users' bad password hygiene to blame for leak affecting 6.9M. The ancestry and biotech company said victims "were not affected by any security breach" under California's privacy law. https://www.scmagazine.com/news/23andme-says-users-bad-password-hygiene-to-blame-for-leak-affecting-6-9m

• 4.5 Million Individuals Affected by Data Breach at HealthEC https://www.securityweek.com/4-5-million-individuals-affected-by-data-breach-at-healthec/

• Fallon Ambulance Service Data Breach Impacts 911K Individuals https://healthitsecurity.com/news/fallon-ambulance-service-data-breach-impacts-911k-individuals

• Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts https://www.darkreading.com/application-security/cybercriminals-flood-dark-web-x-twitter-gold-accounts

• At Least 141 Were Hospitals Directly Affected by Ransomware Attacks in 2023 https://www.hipaajournal.com/2023-healthcare-ransomware-attacks/

• Web3 security firm CertiK's X account hacked to push crypto drainer https://www.bleepingcomputer.com/news/security/web3-security-firm-certiks-x-account-hacked-to-push-crypto-drainer/

• Memorial University recovers from cyberattack, delays semester start https://www.bleepingcomputer.com/news/security/memorial-university-recovers-from-cyberattack-delays-semester-start/

• Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html

Nation-State

• Ukraine: Russia hacked webcams to aid missile, drone strikes on Kyiv https://www.scmagazine.com/news/ukraine-russia-hacked-webcams-to-aid-missile-drone-strikes-on-kyiv

• Russia and Ukraine exchange long-range attacks as their front-line forces remain bogged down. https://apnews.com/article/russia-ukraine-war-missiles-crimea-cyberattack-d44099272ac424081df3a81c3a042087

• How Russia’s NoName057(16) could be a new model for hacking groups. The pro-Russia hacktivist group uses unique branding methods and financial incentives to build its DDoS network. https://www.csoonline.com/article/1270051/how-russias-noname05716-could-be-a-new-model-for-hacking-groups.html

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month. A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks. https://www.darkreading.com/cyberattacks-data-breaches/-cyber-toufan-hacktivists-leaked-100-plus-israeli-orgs-in-one-month

• Patch: Cyberattacks By Iran Actors Expose Vulnerability Of U.S. Water Systems (01/03) https://patch.com/us/across-america/cyberattacks-iran-actors-expose-vulnerability-u-s-water-systems

Cyber Kidnappings

Events

• The CSO guide to top security conferences https://www.csoonline.com/article/559539/the-cso-guide-to-top-security-conferences.html

Cybersecurity Strategy

• Cross-Agency Planning Key to Cybersecurity in San Francisco https://www.govtech.com/workforce/cross-agency-planning-key-to-cybersecurity-in-san-francisco

Privacy

• Google is going forward with sweeping changes to how companies track users online. By year’s end, Google plans to eliminate cookies for all users of its Chrome web browser. Consumer advocates have argued third-party cookies invade user privacy because they can be used to compile detailed profiles, including sensitive information such as a person’s medical history. https://www.wsj.com/tech/google-is-finally-killing-cookies-advertisers-still-arent-ready-7582fcac

• Exclusive: Russian hackers were inside Ukraine telecoms giant for months https://www.reuters.com/world/europe/russian-hackers-were-inside-ukraine-telecoms-giant-months-cyber-spy-chief-2024-01-04/

• Police in major cities move to encrypt radio traffic https://www.nytimes.com/2023/12/22/us/police-scanner-encryption.html

TTP & Malware

• Highly exploited Chromium bug traced to a Google OAuth endpoint https://www.csoonline.com/article/1285861/highly-exploited-chromium-bug-traced-to-a-google-oauth-endpoint.html

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html

• SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails https://thehackernews.com/2024/01/smtp-smuggling-new-threat-enables.html

Vulnerabilities

• The Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies of two recently identified vulnerabilities that have been exploited. The vulnerabilities include a Google Chrome flaw and a bug in the open-source Perl library "Spreadsheet::ParseExcel" for reading information in Excel files. The vulnerabilities expose systems to potential remote code execution and data theft. https://www.hackread.com/cisa-chrome-excel-parsing-library-vulnerabilities/

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches. Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch. https://www.darkreading.com/vulnerabilities-threats/apache-erp-0day-underscores-dangers-of-incomplete-patches

Career

• Navigating the New Age of Cybersecurity Enforcement. The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives. https://www.darkreading.com/cyberattacks-data-breaches/navigating-new-age-cybersecurity-enforcement

AI

• How to Red Team a Gen AI Model https://hbr.org/2024/01/how-to-red-team-a-gen-ai-model

• AI Is Driving a Silent Cybersecurity Arms Race https://www.govtech.com/artificial-intelligence/ai-is-driving-a-silent-cybersecurity-arms-race

• Foreign Affairs: Artificial Intelligence's Threat to Democracy (01/03) https://www.foreignaffairs.com/united-states/artificial-intelligences-threat-democracy

Liability

• Hospitals Sue LockBit, Ask Cloud Firm to Return Stolen Data. NY Hospital Group Claims Cybercriminals Kept Data on Boston-Based Firm's Servers. https://www.govinfosecurity.com/hospitals-sue-lockbit-ask-cloud-firm-to-return-stolen-data-a-24031

Cybersecurity Insurance

• Viewpoint: Scoring Cyber Insurance Predictions of 2023 https://www.insurancejournal.com/news/national/2024/01/04/754341.htm

• The Most Listened Insuring Cyber Podcast Episodes of 2023 https://www.insurancejournal.com/news/2023/12/20/752689.htm

Other News

• Government Technology: What's It Like to Be the Victim of Cyber Crimes? (01/03) https://www.govtech.com/security/whats-it-like-to-be-the-victim-of-cyber-crimes