Healthcare Breaches Confirmed, Microsoft Releases Patches, FBI Issues Advisory – Cybersecurity News [November 11, 2024]

by DuoCircle

 

Your week’s wait is over since we are once again at your service, delivering the latest news and happenings in the cybersecurity world. The news pieces are freshly curated from authentic sources, providing you with insights on recent threat landscape scenarios. The news sections we cover further down the article include significant data breaches affecting healthcare providers, Microsoft’s latest patch addressing its vulnerabilities, the FBI’s warning about usage of hacked police email accounts, the rise of the new Interlock ransomware, and finally, the success of CISA’s ScubaGear tool, improving Microsoft 365 security configurations in cloud settings. Let’s explore and understand each section in detail.

Data Breaches Acknowledged and Confirmed by Two Large Healthcare Industries

Recently, news headlines about the South West Family Associates in Texas allegedly reported a data breach, which was first identified in August 2024. The total number of figures suggested was nearly around 36,959 individuals, and that’s a considerable number to specify the devastating impact of information breaches in the state. This breach significantly led to the theft of sensitive patient and employee data, leaving a question mark on the existing robustness of security measures in their infrastructure.

Also, information such as, medical histories, and health insurance details were suggested to have been exposed. But to our relief, to some extent, officials found no misuse of data or unauthorized use of information in any platform online or offline. The organization offered its affected customers credit monitoring and identity theft protection services. 

 

data breach

 

Yet another similar data breach was identified in Tennessee on August 27, 2024, impacting up to 27,000 patients admitted to Sango Family Dentistry. This incident led to the exfiltration of sensitive health information like diagnosis codes and health insurance details relating to patients. To consolidate the affected individuals, the organization offered them identity protection services.

These two news pieces highlight the importance of safeguarding crucial information assets, including but not limited to healthcare providers, as they hold susceptible information in-house, making them prime targets in the first place. 

 

Critical Security Vulnerabilities Patches Recently Released Online By Microsoft

Microsoft’s November 2024 Patch Tuesday released 89 security vulnerabilities, including two zero-day flaws. Among these security flaws, the most critical labeled vulnerability identified were:

 

zero-day flaws

 

  1. CVE-2024-49039: It is a Windows Task Scheduler bug that can potentially escalate privileges.
  2. CVE-2024-43451: It is a spoofing flaw allegedly exposing NTLMv2 hashes.

These documented vulnerabilities enable malicious attackers to bypass the hash mechanisms by simply impersonating legitimate users and consequently enabling them to move laterally within networks. These security fixes underscore the potential risks attackers typically target authentication systems. Organizations are urged and advised to apply these updates promptly to mitigate the risk with flying colors.

Microsoft also detected and addressed active directory Certificate Services, Microsoft Exchange Server, and Windows Kerberos vulnerabilities. One more security vulnerability that has been recognized as CVE-2024-43498 received a CVSS score of 9.8, which clearly represents a severe remote code execution flaw that could have been exploited to install malware maliciously.

Security administrators should prioritize applying these patches to prevent the exploitation of these critical flaws. The patch release highlights the importance of updating systems to defend against ever-evolving cyber threats. For a more detailed breakdown, check out the SANS Internet Storm Center’s list.

 

Malware

 

FBI Released Advisory Relating To Spikes in Hacked Police Emails and Fake Subpoenas

Recently, esteemed columns of newspapers have been covering the news regarding the recent warnings circulated by the FBI. The alert highlighted the risks of a new type of cybercriminal services, which suggests that the malicious, ill-intent actors have been compromising hacked police email accounts to send fake subpoenas and data requests to targeted individuals. In these fraudulent requests, the organization is asked to release customer data or freeze specific individuals’ accounts, which puts the firm in an uncomfortable position.

The FBI reports that cybercriminals exploit compromised government email accounts to forge emergency data requests (EDRs), which are supposedly hard to authenticate. Recently, these EDRs have led to unauthorized access to sensitive personal information.

The FBI emphasizes that law enforcement agencies to take stringent security measures within their infrastructure to eradicate such nuisances and alterations in the future by specially focusing on email security and multifactor authentication aspects. This cybersecurity incident critically highlights the underlying inefficiency of government and law enforcement entities in regards to handling valuable information assets

 

email security

 

Malicious Interlock Group Targets U.S. Healthcare Organizations Demanding Ransom

Since September 2024, The Interlock ransomware group has become a significant threat to U.S. healthcare organizations. This ransom-motivated group claims to target organizations to highlight their poor security practices and controls in place, not just an alleged cybersecurity attack but more like a reality check. Interlock can compromise and gain unauthorized access to network infrastructure via phishing techniques, including fake Chrome browser updates, and silently deploys a remote access tool (RTA) to steal data and transmit the information remotely from a distance. Their methodology includes:

  • Exfiltrating sensitive data first.
  • Turning off security measures.
  • Encrypting files.
  • Demanding a heavy ransom in exchange for data deletion or decryption.

Interlock’s tactics also involve disabling endpoint detection and response (EDR) software using the remote desktop protocol (RDP), which allows lateral movement within systems. They use tools like AnyDesk and LogMeIn to maintain access, which is one of the crucial phases in the cyber kill chain process. Large healthcare organizations are prime targets of the ransomware group and have a significant signature of demanding ransoms with tight headlines; even if not paid within the set date, they publish data online, damaging the city’s reputation.

 

cloud security

 

CISA’s Celebrating ScubaGear Tool’s Success, Improves Security for Organizations

One of the cybersecurity tools designed and developed by CISA, formally launched on October 22 and named the ScubaGear tool, is celebrating a significant milestone with more than 30,000 downloads to date. What’s so important to discuss about this tool? Well, the tool functionalities are to be taken note of. The tool helps organizations identify security gaps in their Microsoft 365 (M365) configurations. Not only this, but it also provides actionable information and recommendations to improve cloud security infrastructure and its relevant attacks.

We, the mob, have been primarily witnessing attacks explicitly exploiting misconfigurations in Saas environments; this is where ScubaGear comes into play. It plays a crucial role in securing M365 tenants by highlighting vulnerabilities that could potentially lead to data breach-related incidents in the future.

The tool is now available on PowerShell Gallery. A recent update formally introduced in the tool makes it more user-friendly and accessible. ScubaGear now supports easier installation, making it easily accessible to organizations irrespective of their size (large, mid-level, or small) with varying levels of technical expertise. For more detailed information, one can visit CISA’s official website.

Pin It on Pinterest

Share This