Flair Data Systems Cybersecurity News Update 5-15-2024
My name is Brent Forrest and I serve as a vCISO at Flair Data Systems. Here is your cybersecurity news update for 5/15/2024...
Good afternoon!
This week has been pretty crazy in its own way right, to say the least. With this being Patch Tuesday week, take time to review the updates released. Also, Apple released updates for all devices as there are active exploits occurring and the patches are necessary to fix this gap.
As for Microsoft, the following types of vulnerabilities were addressed:
- 26 Remote Code Execution (RCE) Vulnerabilities
- 17 Elevation of Privilege (EoP) Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 4 Spoofing Vulnerabilities
- 3 Denial of Service (DoS) Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 1 Cross-site Scripting (XSS) Vulnerability
- 1 Tampering Vulnerability
With that, let’s get into this week's cybersecurity news update.
Ascension healthcare suffers cyberattack, goes offline
Ascension operates 140 hospitals across 19 states has been facing an ongoing outage due to a cyber attack
- The incident became apparent on May 7th and was disclosed on May 8th
- This is a prime example of having a proper BCP in place to make sure the business can operate effectively during an incident like this when the core systems are completely down
- Also, how is this affecting other organizations that are connected to a network affected by an incident of this magnitude
Link (1): https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack
Lockbit takes credit for Wichita attack
On May 6th, Wichita disclosed the cyber incident (a day after the incident occurred) and Lockbit has added the city to their site as of May 7th
- This incident has impacted water utility, municipal court, cultural, and public transportation payments
- The city also announced that public Wi-Fi was not working at the airport, and arrival and departure screens stopped working due to the hack
- Government sectors, specifically city and county, need to take into account all aspects of their operational systems - how will 911 continue to operate if they are on a VoIP system
Link (1): https://www.securityweek.com/lockbit-takes-credit-for-city-of-wichita-ransomware-attack/
Microsoft April patch causing AD issues and 2 Zero Days fixed in May patches
April patches began causing NTLM authentication
- May patches fixed 2 Zero Days actively being exploited in the wild and publicly disclosed before the patches were made available
- CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability
- CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability
Dell announces data breach affecting 49 million customers
This was originally discovered in late April, which involved a partner portal where the attacker accessed customer information by posing as a reseller
- Threat actor, "Menelik", claims that the ability to create an account on the partner portal was simple and once in the system was able to scrape data at a rate of 5,000 requests per minute over 3 weeks
- Data stolen included customer names, physical addresses, Dell hardware details, order information, service tags, item descriptions, order dates, and warranty information
- Being on the "partner" side I have noticed that a lot of vendors do not put any type of MFA on their portals, and the validation on account creations can vary from vendor to vendor - and almost everyone one of them use a 3rd party provider to host the portals
Link (1): https://techround.co.uk/news/dell-data-breach-sells-customer-data-on-dark-web/
Other May Patches for other vendors
- Adobe has released security updates for After Effects, Photoshop, Commerce, InDesign, and more.
- Apple backported an RTKit zero-day to older devices and fixed a Safari WebKit zero-day flaw exploited at Pwn2Own.
- Cisco released security updates for its IP phone products.
- Citrix urged Xencenter admins to manually fix Putty flaw, which can be used to steal an admin's private SSH key.
- F5 releases security updates for two high-severity BIG-IP Next Central Manager API flaws.
- Google released an emergency update to fix the sixth zero-day of 2024.
- TinyProxy fixes a critical remote code execution flaw that was disclosed by Cisco.
- VMware fixes three zero-day bugs exploited at Pwn2Own 2024.
Until next week, it’s Brent Forrest signing off. Be cyber safe my friends!
About the Author: Brent Forrest is a Field CISO with Flair Data Systems. In this role, Brents acts as an advisor to customers that span across different verticals providing guidance to include; developing strategies to reduce risk with existing or modern technology while enabling the business. With over 20 years of experience in the IT industry, Brent has been able to be a part of multiple groups within the IT field spanning from Telecom, Network, Wireless, Infrastructure, and eventually finding his passion within Security. Roughly 20 years of that time was spent within the Oil and Gas industry working across multiple teams and leading initiatives. Specifically with EnLink Midstream, he spent most of his time building resilience and developing the cybersecurity program.
Brent has been with Flair Data for 3 years and is CISSP, C|CISO, CvCISO, & Sec+ certified. In his free time, he likes to spend time with family, working out, or staying up with personal development. He lives in Dallas, Texas with his wife and children.
About: Flair Data Systems is a strategically priced IT solutions company, serving clients in the U.S., with offices in Texas and Colorado. Now a technology industry leader, we began in 1916 as the Porter Burgess Company. Flair Data Systems is your Trusted Advisor for: Collaboration, Unified Communications, Networking, Cloud, Infrastructure, Data Analytics, and Cybersecurity, serving the U.S. We provide trusted cyber solutions in Dallas, TX.
