Bugs Found in OpenVPN by Microsoft

Microsoft recently discovered four security flaws in OpenVPN, a popular tool used for creating secure virtual private network (VPN) connections. These flaws could be combined to allow hackers to take full control of a targeted computer, leading to serious risks like data breaches and unauthorized access to sensitive information.

The vulnerabilities affect all versions of OpenVPN before 2.6.10 and 2.5.10, and exploiting them requires user credentials and a deep understanding of how OpenVPN works. Attackers could use stolen credentials or other methods to exploit these flaws, potentially bypassing security measures and compromising critical system functions.

As of now, the only way to avoid these vulnerabilities is to make sure that the version of OpenVPN being used is the most recent and up to date build. This is a great example of why security patches and updates to software should be addressed and placed as a high priority task.

Senators Introduce Bill to Tighten Vulnerability Disclosure

US Senators Mark Warner and James Lankford have introduced a bipartisan bill to improve cybersecurity for federal contractors. The proposed Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 would require these contractors to follow specific guidelines from the National Institute of Standards and Technology (NIST) for handling and disclosing software vulnerabilities.

This legislation aims to ensure that contractors implement formal vulnerability disclosure policies, allowing researchers to report and address security issues before they can be exploited. By mandating these practices, the bill seeks to enhance the protection of critical infrastructure and sensitive data from cyberattacks.

Phishing Evolves in the Age of AI

Since late 2022, generative AI has significantly impacted cybersecurity, with cybercriminals leveraging these technologies to enhance their attacks. In 2023, over $1.1 billion was paid in ransomware, and AI's role in making attacks more efficient and sophisticated has raised concerns among business leaders and cybersecurity experts.

AI tools are improving phishing tactics, automating attacks, and evading traditional security measures. To combat these threats, businesses need to focus on continuous, engaging employee training and simulations, along with adopting advanced security technologies. Building a strong cybersecurity culture requires everyone in the organization to understand the evolving risks and stay vigilant against increasingly sophisticated threats.

If you are interested in training on spotting phishing attempts, please reach out to Cyber Defense to learn more!

Defensible Strategies

Learn from those who have been attacked

Record Ransom Payments Made to Ransomware Group

Recently, the ransomware group Dark Angels made headlines by receiving an unprecedented $75 million ransom payment from a major Fortune 50 company. Dark Angels, a low-profile group active since 2021, has gained notoriety for their massive data thefts rather than for disrupting operations. Unlike many ransomware gangs that aim to cause high-profile disruptions, Dark Angels focuses on stealing large volumes of data while keeping a low profile, avoiding the flashy tactics and public shaming sites common among their peers.

Ranked as a top ransomware threat for 2024 by security firm Zscaler ThreatLabz, Dark Angels stands out for their methodical approach and the sheer scale of data they exfiltrate, often ranging from 10 to 100 terabytes. Their recent victims include major companies like Sysco and Sabre.

The identity of the company that paid the record ransom is speculated to be Cencora, a pharmaceutical giant, though they have not confirmed the payment. This significant ransom reflects a broader trend, as reported by Sophos, where the average ransom payment has surged dramatically, with many payments now funded through a combination of organizational resources and insurance.

East Valley Institute of Technology Data Breach Affect over 200,000

The East Valley Institute of Technology (EVIT) has notified over 200,000 people that their personal and health information was compromised in a data breach that occurred on January 9. The breach exposed a wide range of sensitive data, including names, Social Security numbers, medical records, and biometric information.

The ransomware group LockBit claimed responsibility for the attack, though it's unclear if the stolen data was published online as their website was taken down. EVIT has since taken steps to secure their systems, report the incident, and is offering affected individuals one year of free identity protection and theft recovery services.