Podcasts
CyberWire Daily
Ep 2177
The CyberWire Daily Podcast 10.25.24
Ep 2177 | 10.25.24

UnitedHealth breach numbers confirmed.

Show Notes
Transcript

UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors. Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks!

Today is Friday, October 25th, 2024. I’m better than Dave Bittner, I’m Tré Hester!. And this is your CyberWire Intel Briefing.

UnitedHealth confirms breach numbers. 

In a follow-up to a big story for 2024, UnitedHealth confirmed the Change Healthcare data breach impacted over 100 million individuals, exposing sensitive information such as health insurance, medical records, billing, and personal identification. This is the first time the company admitted the number of people that were affected. The breach, attributed to the BlackCat ransomware group, involved exploiting Citrix remote access without multi-factor authentication. UnitedHealth paid a $22 million ransom, though the attackers later reneged, escalating the breach's cost to around $2.45 billion by Q3 2024. 

Patient privacy pains.

In adjacent healthcare news, OnePoint Patient Care, a US-based pharmacy service provider specializing in hospice and palliative care services, and also providing customized medications and support for patients with advanced illnesses, announced a breach affecting 795,916 individuals. The breach involved unauthorized access to systems containing patient records, with potential impacts on privacy and security. OnePoint has implemented new security measures and notified affected parties to manage risk and assist with recovery.

Amazon vs. APT29.

Amazon recently identified internet domains exploited by APT29 aka Midnight Blizzard,to a group affiliated with Russia’s Foreign Intelligence Service. The group launched a phishing campaign targeting government and military entities, attempting to steal Windows credentials by imitating AWS domains. Amazon swiftly moved to seize the compromised domains to disrupt these malicious activities according to Amazon CISO CJ Moses. CERT-UA has issued an advisory with additional details on their work.

CDK vulnerability threatens user security.

AWS recently patched a vulnerability in its Cloud Development Kit (CDK) that could allow attackers to fully compromise user accounts. This flaw, related to predictable naming in S3 staging buckets, enabled attackers to hijack bucket names and execute malicious code, risking complete account takeovers. AWS notified affected users and released CDK v2.149.0, urging users to upgrade and apply additional security measures. 

Fog and Akira take aim at SonicWall.

Arctic Wolf Labs has observed a surge in activity related to Fog and Akira ransomware groups, specifically exploiting vulnerabilities in SonicWall SSL VPNs. Attackers are leveraging these weaknesses to gain unauthorized network access, underscoring the need for companies using SonicWall VPNs to patch systems promptly and implement rigorous monitoring protocols.

Level up or log off.

The North Korean hacking group Lazarus exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors through a deceptive fake NFT game. The attack involved a crafted website mimicking a legitimate DeFi game to lure users, with malware hidden in downloadable content. Once the game was installed, the attackers could gain full access to victims' systems to extract sensitive information and potentially launch further attacks. 

LinkedIn in hot water.

Ireland’s Data Protection Commission fined LinkedIn $335 million for violating GDPR by using user data for targeted advertising without consent. The investigation revealed that LinkedIn processed personal data without transparent consent, breaching EU regulations. This penalty highlights the risks tech companies face for non-compliance with GDPR, especially in handling user data for ad tracking.

Open source, closed doors.

Linux creator Linus Torvalds recently supported the removal of several Russian maintainers from the Linux kernel project, a decision likely tied to compliance with new U.S. sanctions against Russia’s tech sector. The delisted maintainers were associated with sanctioned companies. This move has stirred debate within the Linux community, raising concerns about inclusivity in open-source development and the influence of geopolitical pressures on open-source contributions.

CISA sounds the alarm.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities in Cisco ASA, FTD, and Roundcube Webmail to its Known Exploited Vulnerabilities catalog. These flaws are actively exploited, posing serious risks to affected systems. Cisco’s issues involve access controls, while Roundcube’s bug affects webmail security. CISA recommends immediate patching to mitigate potential impacts and protect infrastructure. The CVE’s added were: 

  • CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

  • CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

Watt's the risk?

A study of 250 energy companies worldwide indicated that renewable energy firms deal with a large cyberattack surface area. Oil and natural-gas firms scored the highest — with the average company scoring a 94, or "A" — while the lowest scores belonged to renewable energy companies, which scored a median of 85, or a "B." Green energy firms tend to have distributed generation infrastructure (such as rooftop solar or wind turbines) and are usually more Internet-connected than traditional energy companies — both attributes that can undermine their defensive posture.

On our guest segment today, Dave speaks with Entro Security’s CEO and Co-Founder Itzik Alvas (pronounced It-sick all-vas), discussing their research team's work on non-human identities and secrets management. We’ll be right back

Welcome back. There is a link in our show notes to what Dave and Itzik discussed. 

Muni Metro hits Ctrl+Alt+Delete on floppy disks!

Who would’ve thought a 1998 floppy disk could bring a city to a standstill? Well, in San Francisco’s Muni Metro, those 5.25-inch relics were still controlling the Automatic Train Control System (ATCS), and after 26 years of service, they’ve reached the end of the line. Enter a whopping $212 million deal with Hitachi Rail to ditch the disks, part of a $700 million overhaul to modernize the entire system. The ATCS tech, installed when “Titanic” was box-office gold, has been holding its own—barely. SFMTA’s Jeffrey Tumlin even warned of a potential “catastrophic failure.” The upgrade will swap out outdated floppy disks and snail-paced loop cables for high-speed Wi-Fi and cellular communication, setting the stage for reliable, real-time control of Muni’s trains. So, what’s the takeaway? Ditching outdated tech doesn’t just improve service; it makes systems safer, faster, and future-ready. So let’s all give a round of applause to those floppies—they’ve earned their retirement.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Programming notes: 

Be sure to check out Research Saturday tomorrow, where Dave Bittner is joined by Mick Baccio (Bah-chee-oh), a global security advisor for Splunk SURGe, as he shares their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." That’s research Saturday, check it out. 

We also have a Special edition podcast this weekend featuring Brandon Karpf’s interview with BMNT’s Pete Newell. Their full conversation touches on the challenges associated with technology adoption and changes in the DoD. This special edition podcast can be found in your Daily Podcast feed this Sunday.

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.