Cyber Defense

View Original

This Month in Cybersecurity - June Edition

VMWare Gives Warning of Two Critical Flaws

VMware, managed by Broadcom, has identified two critical security flaws in its vCenter Server software, which is crucial for managing virtual machines and hosts in its Cloud Foundation and vSphere suites. These flaws, CVE-2024-37079 and CVE-2024-37080, have been rated 9.8 out of 10 in severity.

The vulnerabilities involve how a specific protocol (DCE/RPC) is implemented, potentially allowing a malicious attacker to execute remote code on the vCenter Server through specially crafted network packets. Although Broadcom has not detected any exploitation of these vulnerabilities in the wild, patches for affected versions have been released.

Additionally, a third flaw, CVE-2024-37081, has been identified, which could allow a local user to elevate their privileges on the server. This issue has been rated as important (7.8 score) and also has patches available.


Data Breach at Los Angeles County Public Health Agency Affects 200,000

The County of Los Angeles’ Department of Public Health has reported a data breach affecting 200,000 individuals, stemming from a phishing attack on February 19-20, 2024, targeting 53 employees' login credentials. Attackers accessed personal details like names, birth dates, Social Security numbers, medical records, and financial information using compromised credentials.

Although it's unclear if the data was misused, the agency is notifying affected individuals and offering one year of free credit monitoring. This incident follows similar breaches in other county health agencies earlier this year, affecting thousands more individuals.


Blackbaud on the Hook for Millions More in Settlement

Blackbaud, a software company specializing in apps for education and nonprofits, has agreed to pay $6.75 million to settle with California's attorney general over a 2020 data breach. This comes months after they were able to initially avoid fines from the FTC.

The settlement criticizes Blackbaud for poor cybersecurity practices and lack of transparency regarding the breach's impact, which affected millions worldwide. The company initially downplayed the breach, only revealing its full extent months later.

This fine concludes the final state-level investigation following earlier settlements with other states and regulatory bodies totaling $49.5 million. Blackbaud is also required to improve its data security measures as part of the settlement terms.

Defensible Strategies

Learn from those who have been attacked

CISA Warns of Being Impersonated by Scammers

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a rise in impersonation scams where fraudsters pretend to be CISA employees to deceive people into giving away money or personal information. These scams often involve fake communications that appear genuine, such as emails or phone calls, and employ urgent requests or threats to manipulate victims into immediate action.

CISA emphasizes that its staff will never ask for payments via wire transfer, cryptocurrency, or gift cards, nor will they demand secrecy. If targeted, individuals are advised to hang up, verify the contact details independently, and report the incident to CISA or law enforcement to prevent further harm.

If you would like to learn more about Phishing attempts, or social engineering and get your team trained on how to avoid instances like these, please reach out to us today!


Exploiting Mistyped URLS

Web users often click hyperlinks without verifying them, assuming they're correct. However, some links may contain errors that can be exploited by malicious actors to mimic legitimate websites and trick users into disclosing personal information through phishing. This practice, known as typosquatting, involves registering misspelled domain names to capitalize on user mistakes when typing URLs.

Research reveals that many active web links lead to unregistered "phantom domains," with over 572,000 dot-com domains currently unclaimed. By registering a sample of these domains, researchers found significant traffic potential, indicating a widespread issue that could be exploited by attackers at a minimal cost.