The attorney general of the state of New York, Letitia James has sued Citibank over the financial institution’s alleged failure to protect customers against hackers and fraudsters, as well as its refusal to reimburse victims. According to the AG, “Customers have lost their life savings, their children’s college funds, or even money needed to support their day-to-day lives as a result of Citi’s illegal and deceptive acts and practices.”
While there’s no indication of weaknesses in the bank’s technology infrastructure, the AG believes Citi should have more efficient systems in place to detect signs of fraud, for instance, based on unrecognized device locations, suspicious password or username changes, and suspicious transfers.
The threat actors rely heavily on social engineering to trick victims into handing over the information needed to access their accounts and conduct unauthorized transfers.
In response to the lawsuit, Citi said it works hard to prevent fraud and assist impacted customers, but noted, “Banks are not required to make customers whole when those customers follow criminals’ instructions and banks can see no indication the customers are being deceived.”
A botnet known as FritzFrog is using the vulnerability Log4Shell and it is being exploited in a brute-force manner. FritzFrog is targeting as many vulnerable java applications as possible. In general, it targets healthcare, education, and government sectors. The FritzFrog has claimed more than 1500 victims over the years. Constant patching is needed to defend against this kind of vulnerability and has been enumerating several system logs on each of its victims with the SSH brute force component. It remains elusive because it tries to avoid dropping files to disk whenever possible.
A new “ineffable cryptography” technology developed by RMIT University and Tide Foundation allows critical infrastructure access authority to be spread securely across a decentralized network. This eliminates single points of failure vulnerable to hacking. The cryptography generates keys across independent servers where no one party can access full keys or processes. Prototype system KeyleSSH integrates this tech to securely manage infrastructure. Successfully trialled on companies like Smart Building Services, the solution makes access controls virtually tamper-proof. Overall, this breakthrough enables a new cybersecurity approach for vital systems by distributing rather than centralizing control. https://techxplore.com/news/2023-11-ineffable-cryptography-critical-infrastructure-cyber.html
This news discusses the rising use of deepfake technology in committing financial frauds, particularly emphasizing a case where a company lost $25.5 million due to deepfake-assisted deception. It highlights the easy availability of deepfake tools, especially from the Dark Web, posing significant threats to information security and necessitating advanced countermeasures.
Canon has released software updates to address seven critical severity vulnerabilities in small office printers. If connected directly to the internet without using a router, an unauthenticated remote attacker may execute arbitrary code or launch a denial-of-service attack. The vulnerabilities have a CVSS score of 9.8. Canon advises customers to install the latest firmware for affected models to enhance security and recommends restricting printer access by using firewalls or routers.
https://www.infosecurity-magazine.com/news/latest-ivanti-zero-day-exploited/
A zero-day vulnerability recently disclosed by Ivanti is being actively exploited, with over 170 IP addresses involved in attempted attacks leveraging CVE-2024-21893. This vulnerability is a server-side request forgery (SSRF) flaw in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Attackers can access restricted resources without authentication, and the vulnerability has a CVSS score of 8.2. These attacks began before Rapid7 released a proof-of-concept exploit for the bug. The vulnerability is being exploited to bypass a previous mitigation released by Ivanti for two other zero-day vulnerabilities disclosed earlier. Chinese threat actor UTA0178 (UNC5221) had been exploiting CVE-2023-46805 and CVE-2024-21887 to compromise Ivanti products. Ivanti is releasing patches for these vulnerabilities, including a new one (CVE-2024-21888), along with additional mitigation measures. CVE-2024-21893 was previously identified as CVE-2023-36661 and patched in June 2023. It can be chained with CVE-2024-21887 for unauthenticated command injection with root privileges.
The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials would not confirm or deny the cause Monday.
The hospital initially described the issue Wednesday as a network outage. On Thursday, officials released public statements saying the hospital had taken its networks offline as part of its response to a “cybersecurity matter.”“We are taking this very seriously, investigating with the support of leading experts, and are working in collaboration with law enforcement agencies,” the hospital said in a statement Thursday.
My concern is that the decision to take the hospital’s networks offline indicates a significant disruption to essential services, including patient care, medical records access, and communication between healthcare providers. This disruption could potentially affect the delivery of urgent medical care and ongoing treatment for pediatric patients, underscoring the immediate impact of cyberattacks on healthcare operations.
However, my question is that ,does the offline status of the hospital’s networks suggests a proactive response to mitigate further unauthorized access to patient data and prevent potential data breaches.
New York Sues Citibank Over Poor Data Security
The attorney general of the state of New York, Letitia James has sued Citibank over the financial institution’s alleged failure to protect customers against hackers and fraudsters, as well as its refusal to reimburse victims. According to the AG, “Customers have lost their life savings, their children’s college funds, or even money needed to support their day-to-day lives as a result of Citi’s illegal and deceptive acts and practices.”
While there’s no indication of weaknesses in the bank’s technology infrastructure, the AG believes Citi should have more efficient systems in place to detect signs of fraud, for instance, based on unrecognized device locations, suspicious password or username changes, and suspicious transfers.
The threat actors rely heavily on social engineering to trick victims into handing over the information needed to access their accounts and conduct unauthorized transfers.
In response to the lawsuit, Citi said it works hard to prevent fraud and assist impacted customers, but noted, “Banks are not required to make customers whole when those customers follow criminals’ instructions and banks can see no indication the customers are being deceived.”
https://www.securityweek.com/new-york-sues-citibank-over-poor-data-security-anti-breach-practices/
https://thehackernews.com/2024/02/fritzfrog-returns-with-log4shell-and.html
A botnet known as FritzFrog is using the vulnerability Log4Shell and it is being exploited in a brute-force manner. FritzFrog is targeting as many vulnerable java applications as possible. In general, it targets healthcare, education, and government sectors. The FritzFrog has claimed more than 1500 victims over the years. Constant patching is needed to defend against this kind of vulnerability and has been enumerating several system logs on each of its victims with the SSH brute force component. It remains elusive because it tries to avoid dropping files to disk whenever possible.
A new “ineffable cryptography” technology developed by RMIT University and Tide Foundation allows critical infrastructure access authority to be spread securely across a decentralized network. This eliminates single points of failure vulnerable to hacking. The cryptography generates keys across independent servers where no one party can access full keys or processes. Prototype system KeyleSSH integrates this tech to securely manage infrastructure. Successfully trialled on companies like Smart Building Services, the solution makes access controls virtually tamper-proof. Overall, this breakthrough enables a new cybersecurity approach for vital systems by distributing rather than centralizing control. https://techxplore.com/news/2023-11-ineffable-cryptography-critical-infrastructure-cyber.html
This news discusses the rising use of deepfake technology in committing financial frauds, particularly emphasizing a case where a company lost $25.5 million due to deepfake-assisted deception. It highlights the easy availability of deepfake tools, especially from the Dark Web, posing significant threats to information security and necessitating advanced countermeasures.
https://www.darkreading.com/threat-intelligence/deepfake-apps-explode-multimillion-dollar-corporate-heists
https://www.securityweek.com/canon-patches-7-critical-vulnerabilities-in-small-office-printers/
Canon has released software updates to address seven critical severity vulnerabilities in small office printers. If connected directly to the internet without using a router, an unauthenticated remote attacker may execute arbitrary code or launch a denial-of-service attack. The vulnerabilities have a CVSS score of 9.8. Canon advises customers to install the latest firmware for affected models to enhance security and recommends restricting printer access by using firewalls or routers.
https://www.infosecurity-magazine.com/news/latest-ivanti-zero-day-exploited/
A zero-day vulnerability recently disclosed by Ivanti is being actively exploited, with over 170 IP addresses involved in attempted attacks leveraging CVE-2024-21893. This vulnerability is a server-side request forgery (SSRF) flaw in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA. Attackers can access restricted resources without authentication, and the vulnerability has a CVSS score of 8.2. These attacks began before Rapid7 released a proof-of-concept exploit for the bug. The vulnerability is being exploited to bypass a previous mitigation released by Ivanti for two other zero-day vulnerabilities disclosed earlier. Chinese threat actor UTA0178 (UNC5221) had been exploiting CVE-2023-46805 and CVE-2024-21887 to compromise Ivanti products. Ivanti is releasing patches for these vulnerabilities, including a new one (CVE-2024-21888), along with additional mitigation measures. CVE-2024-21893 was previously identified as CVE-2023-36661 and patched in June 2023. It can be chained with CVE-2024-21887 for unauthenticated command injection with root privileges.
A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack.
https://www.securityweek.com/a-chicago-childrens-hospital-has-taken-its-networks-offline-after-a-cyberattack/
A Chicago children’s hospital has been forced to take its networks offline after an unspecified cyberattack, limiting access to medical records and hampering communication by phone or email since the middle of last week.
The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials would not confirm or deny the cause Monday.
The hospital initially described the issue Wednesday as a network outage. On Thursday, officials released public statements saying the hospital had taken its networks offline as part of its response to a “cybersecurity matter.”“We are taking this very seriously, investigating with the support of leading experts, and are working in collaboration with law enforcement agencies,” the hospital said in a statement Thursday.
My concern is that the decision to take the hospital’s networks offline indicates a significant disruption to essential services, including patient care, medical records access, and communication between healthcare providers. This disruption could potentially affect the delivery of urgent medical care and ongoing treatment for pediatric patients, underscoring the immediate impact of cyberattacks on healthcare operations.
However, my question is that ,does the offline status of the hospital’s networks suggests a proactive response to mitigate further unauthorized access to patient data and prevent potential data breaches.