November 29, 2024 at 07:05AM
This week’s cybersecurity news roundup highlights significant developments, including the doubling of a data breach affecting OnePoint Patient Care, Meta’s crackdown on scam operations, malware exploiting Avast’s software, and various vulnerability patches from notable companies. Additional stories cover hacking incidents, Cloudflare’s log loss, and recent data breaches at Keesal, Young & Logan, and Walsworth Publishing.
### Meeting Takeaways – Cybersecurity News Roundup
1. **OnePoint Patient Care Data Breach**: The impact of the data breach at OnePoint Patient Care has increased from an initial estimate of 800,000 to over 1.7 million individuals affected. The Inc Ransom ransomware group has claimed responsibility.
2. **Meta’s Actions Against Scams**: Meta has taken actions against scam operations, particularly “pig butchering,” working with law enforcement to eliminate over two million accounts associated with scams in various countries.
3. **Malware Exploiting Avast Driver**: A new malware has been discovered that uses a legitimate Avast anti-rootkit driver to disable security software and seize control of infected systems.
4. **Hacking Charges in Kansas City**: Nicholas Michael Kloster faces charges for hacking and physically accessing multiple victims’ locations, manipulating systems to gain financial benefits.
5. **Recent Security Patches**:
– **Mozilla**: Fixed high-severity flaws in Firefox.
– **GitLab**: Resolved a high-severity privilege escalation issue.
– **Splunk**: Addressed vulnerabilities in third-party packages.
– **Nvidia**: Patched a DoS vulnerability in its products.
6. **Snowflake Hacking Investigation**: A potential link to a US soldier is being investigated in relation to the hacking of Snowflake accounts, raising concerns about military personnel involvement in cybercrimes.
7. **Cloudflare Log Loss Incident**: Cloudflare experienced an incident on November 14 that caused the loss of approximately 55% of customer logs for around 3.5 hours.
8. **Windows Server 2012 Vulnerability**: A vulnerability discovered allows attackers to bypass the Mark of the Web security check. An unofficial patch has been released while awaiting a Microsoft official fix.
9. **Data Breaches at Keesal, Young & Logan and Walsworth Publishing**:
– Keesal, Young & Logan reported a breach affecting over 316,000 individuals between June 7-13, with personal and financial data potentially compromised.
– Walsworth Publishing Company disclosed a breach impacting over 107,000 individuals, with potential exposure of name and payment card details.
10. **Related Notes**: Additional discussions included a critical Nvidia flaw, a Chinese Linux backdoor, new TSA cyber rules, and arrests of individuals involved in SIM swapping and scam call detection.
These takeaways provide a concise overview of key developments in the cybersecurity sector as highlighted during the meeting.