October 11, 2024 at 04:53PM American Water, the largest US water utility, is reactivating its systems after a cyber incident reported on October 7. The company confirmed no impact on its services and resumed standard billing. This incident underscores vulnerabilities in critical infrastructure, emphasizing the need for improved cybersecurity measures across the industry. ### Meeting … Read more
October 11, 2024 at 12:38PM CISA warns that threat actors are exploiting unencrypted persistent F5 BIG-IP cookies to identify and target additional internal devices within compromised networks. This highlights the importance of securing sensitive cookies to prevent unauthorized access and potential breaches. **Meeting Takeaways:** 1. **Threat Actor Activity:** CISA has issued a warning regarding the … Read more
October 11, 2024 at 12:30PM CISA warns that unencrypted F5 BIG-IP persistent cookies are being exploited by threat actors to map internal devices, potentially identifying vulnerabilities for cyberattacks. Administrators are advised to enable cookie encryption and consult F5’s guidelines to protect against these security risks, emphasizing the importance of proper configurations. **Meeting Takeaways:** 1. **CISA … Read more
October 11, 2024 at 07:54AM Two former RAC employees received suspended sentences for illegally copying and selling personal data from accident victims. Debbie Okparavero and Maliha Islam accessed about 29,500 lines of information, allegedly for profit, resulting in guilty pleas under data protection laws. The ICO commended RAC for reporting the breach promptly. ### Meeting … Read more
October 11, 2024 at 07:39AM Threat actors use hybrid password attacks, combining techniques like brute force and dictionary methods to enhance their effectiveness in stealing credentials. To defend against these attacks, organizations should implement multi-factor authentication, require longer passwords, prevent weak patterns, and audit for compromised passwords through tools like Specops Password Policy. ### Meeting … Read more
October 10, 2024 at 11:04PM Star Health, an Indian health insurance provider, confirmed a cyber attack exposing over 30 million client records, initially stating no data breaches. A hacker named “xenZen” claimed to have acquired the data from Star Health’s CISO. The company is pursuing legal action and conducting a forensic investigation alongside authorities. ### … Read more
October 10, 2024 at 06:10PM Ransomware gangs are exploiting a critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication servers, allowing remote code execution. Disclosed on September 4 with updates, attackers used compromised VPNs to deploy Akira and Fog ransomware. Veeam has a history of vulnerabilities attracting such malicious activity, impacting many global organizations. **Meeting Takeaways:** … Read more
October 10, 2024 at 05:35PM Fidelity Investments informed 77,099 individuals about a data breach in August, assuring that their accounts were not compromised. The breach involved unauthorized access to customer information between August 17-19. Fidelity is offering two years of free credit monitoring and has engaged an external firm to investigate the incident. ### Meeting … Read more
October 10, 2024 at 03:05PM Marriott International and Starwood Hotels will pay $52 million to settle data breach claims affecting over 344 million customers. They must implement a comprehensive security program, allow data deletion requests, and provide transparency in data handling. Additionally, they agreed to pay 49 states to resolve related allegations. ### Meeting Takeaways … Read more
October 10, 2024 at 12:57PM Fidelity Investments reported a data breach in August, exposing personal information of over 77,000 customers. An unknown attacker accessed data through two newly created accounts. Fidelity has initiated an investigation and offers affected individuals two years of free credit monitoring services while advising vigilance against identity theft. ### Meeting Takeaways: … Read more