From the CloudCast Studios at Skyhigh Security, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Tuesday, September 17th, 2024.
U.S. authorities, including the FBI, CISA, and other agencies, have issued a joint advisory warning about the increasing threat of the RansomHub ransomware gang. The group has already targeted over 200 victims across critical sectors like healthcare, manufacturing, and government services. The advisory emphasizes the importance of implementing phishing resistant, multi factor authentication, prompt software updates, and phishing awareness training to mitigate ransomware risks.
RansomHub’s efficient ransomware as a service model has made it a prominent player in the ransomware landscape. The group has claimed responsibility for last week’s attack on Planned Parenthood, threatening to leak sensitive data, including 93 gigs of confidential patient and organizational information, and is threatening to publicly leak the data unless a ransom is paid. This attack is part of RansomHub’s broader campaign against healthcare organizations, marking a significant escalation in their ransomware activities.
In its September 24th patch, Tuesday, Microsoft addressed 79 security vulnerabilities, including four actively exploited zero days. Most critical flaws involve remote code execution and privilege escalation vulnerabilities affecting Windows Installer, Publisher, and Windows Update, among others. Microsoft is urging users to apply the patches immediately as some of these vulnerabilities could allow attackers to take full control of systems, compromising confidentiality and security. The patch releases a crucial update for both enterprise and individual users to safeguard against ongoing cyber threats.
Ivanti has released urgent security updates to address critical vulnerabilities in its Endpoint Manager software. Including a remote code execution flaw with a maximum severity score of 10. These vulnerabilities, if left unpatched, could allow attackers to execute arbitrary code and take control of affected systems. The company is urging users to apply the patches immediately. as there are reports of active exploitation of these vulnerabilities. Ivanti’s swift response aims to prevent further attacks and protect enterprise environments from these high-risk threats.
The Port of Seattle, which manages Seattle Tacoma International Airport, confirmed that an August 2024 outage was the result of a ransomware attack. This breach compromised sensitive data related to airport operations, with attackers potentially accessing critical system information. While the full extent of the breach is still under investigation, the incident highlights the vulnerability of critical infrastructure to cyberattacks. Authorities are working to mitigate the impact and strengthen defenses against future threats.
Google has introduced a new air gapped backup vault as part of its cloud backup and disaster recovery service to combat ransomware attacks. This feature offers immutable and indelible backups, meaning the stored data cannot be modified or deleted. Even by attackers who gain system access. The vault is designed to protect organizations from ransomware that targets backup data, ensuring that they have a secure, untouchable copy for recovery in case of an attack.
The U. S. based Free Russia Foundation suffered a cyberattack linked to Cold River, a Kremlin affiliated hacker group. Thousands of sensitive emails and documents were leaked online, potentially impacting the nonprofits pro-democracy efforts.
And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.
Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.