Welcome to this week’s edition of Nomios Weekly CyberWednesday, where we highlight the most critical cybersecurity and networking developments from around the globe. This week’s updates include significant data breaches, newly discovered vulnerabilities, and emerging cyber threats, providing essential insights for IT professionals and enterprises across Europe.
1. Gryphon Healthcare, Tri-City Medical Center disclose significant data breaches
Gryphon Healthcare and Tri-City Medical Center have disclosed data breaches affecting over 500,000 individuals. Gryphon, a Houston-based medical billing provider, suffered a third-party breach in August 2024, which exposed sensitive patient data, including Social Security numbers, medical records, and health insurance information.
Tri-City Medical Center’s breach, dating back to November 2023, involved ransomware and exposed data for over 100,000 individuals. Both organisations are offering affected individuals identity theft protection services, including credit monitoring and recovery assistance, to mitigate the potential impacts of these incidents. Source: SecurityWeek
2. CISA warns of critical Fortinet flaw as Palo Alto and Cisco issue urgent security patches
CISA added Fortinet’s critical vulnerability (CVE-2024-23113) to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild. This remote code execution flaw impacts multiple Fortinet products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, and allows unauthenticated attackers to send specially crafted requests to execute arbitrary code or commands.
Additionally, Palo Alto Networks and Cisco have issued security patches addressing vulnerabilities in their systems. Federal Civilian Executive Branch agencies have been given an October 30, 2024 deadline to apply vendor-provided mitigations to remain compliant. Source: The Hacker News
3. Juniper Networks patches dozens of vulnerabilities
Juniper Networks has issued patches for dozens of vulnerabilities affecting its Junos OS and Junos OS Evolved platforms, with several critical vulnerabilities patched across multiple components like the packet forwarding engine (PFE), routing protocol daemon (RPD), and HTTP daemon. High-severity flaws include bugs that could lead to denial-of-service (DoS) attacks, unauthorised access, and full control of the affected devices.
Juniper has also addressed vulnerabilities in third-party components, such as Nginx and OpenSSL, some of which have been unpatched for years. These updates are critical for maintaining secure enterprise network environments, especially for large-scale organisations dependent on Juniper hardware. Source: SecurityWeek
4. Firefox zero-day under attack: update your browser immediately
Mozilla has issued an emergency patch for a critical vulnerability (CVE-2024-9680) affecting Firefox, Firefox Extended Support Release (ESR), and the Tor Browser. The vulnerability, described as a use-after-free bug in the Animation timeline component, has been exploited in the wild. This flaw allows attackers to execute remote code on targeted devices, potentially giving them control over user systems.
Mozilla resolved the issue within 25 hours of responsible disclosure by ESET researchers, but users are strongly advised to update their browsers immediately to prevent exploitation. Source: The Hacker News
5. Microsoft: schools grapple with thousands of cyberattacks weekly
Educational institutions, from K-12 schools to universities, have become the third most-targeted sector globally, facing an average of 2,507 cyberattacks per week, according to Microsoft’s latest threat intelligence report. Attackers are drawn to the vast amounts of sensitive data stored in educational systems, including financial, medical, and personal student information.
Nation-state actors, as well as ransomware gangs, are exploiting security weaknesses such as outdated IT systems, insufficient security staff, and vulnerable remote learning platforms. Microsoft recommends improving core cyber hygiene practices, such as scaling security awareness across all users and hardening security posture, to mitigate the increasing volume of attacks. Source: Dark Reading
6. Only Belgium and Croatia adopt EU cyber rules for critical sectors
With the deadline for implementing the NIS2 Directive fast approaching, only Belgium and Croatia have fully adopted the new EU cybersecurity rules, which aim to improve the resilience of critical infrastructure sectors like energy, transport, and healthcare. The updated directive requires businesses to issue warnings within 24 hours and submit incident reports within 72 hours in the event of significant cyber incidents.
Non-compliant organisations face fines of up to €10 million or 2% of global revenue, creating a sense of urgency for the remaining 25 EU member states that have yet to implement the directive. Source: Euronews.com
7. OpenAI says Iranian hackers used ChatGPT to plan ICS attacks
OpenAI revealed that Iranian state-sponsored hackers, known as CyberAv3ngers, have used ChatGPT to assist in planning cyberattacks on industrial control systems (ICS). The group, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), targeted water utilities in Ireland and the US, exploiting default credentials and exposed ICS systems.
While ChatGPT’s capabilities added limited incremental value to the attackers, OpenAI’s investigation shows that the hackers leveraged AI to aid in reconnaissance, vulnerability exploitation, and evasion techniques. This highlights the growing concern over the misuse of AI-powered tools in critical infrastructure attacks. Source: The Hacker News
8. AI-powered cybercrime cartels on the rise in Asia
The United Nations Office on Drugs and Crime (UNODC) has reported a massive increase in AI-powered cybercrime activities across the Asia-Pacific region, with cybercriminal cartels leveraging AI for phishing, social engineering, and deepfake operations. From February to June 2024, mentions of deepfakes in underground forums surged by 600%, while deepfake crimes in Asia have skyrocketed by 1,500% since 2023.
Cybercriminals use generative AI tools to create realistic fake content, including video and audio, to manipulate victims in high-value fraud schemes. This rise in AI-powered attacks highlights the growing need for regional and global cooperation to combat these evolving threats. Source: Dark Reading
9. Hackers abusing legitimate file hosting services for sophisticated phishing attack
Cybercriminals are exploiting trusted file-hosting services such as OneDrive, Dropbox, and SharePoint to launch advanced phishing attacks, according to a report by Microsoft’s cybersecurity team. These attacks involve sharing malicious files through legitimate notification systems and using restricted access mechanisms to bypass security measures like multi-factor authentication.
The phishing emails often come from compromised vendor accounts and use convincing file names like “Audit Report” or “IT Filing Support” to trick recipients into entering their credentials, which are then harvested for financial fraud or further exploitation within the organisation. Source: CybersecurityNews.com
10. Microsoft’s take on kernel access and safe deployment following CrowdStrike incident
Following the massive Windows Blue Screen of Death (BSOD) outage caused by a faulty CrowdStrike update in July 2024, Microsoft has convened with security partners to evaluate how to improve kernel access and safe deployment practices. David Weston, Microsoft’s VP of Enterprise and OS Security, emphasised the need for careful testing before deploying updates, especially for kernel-level access, which can cause extensive system-wide crashes.
While there are no immediate plans to revoke kernel access for third-party security providers, Microsoft is pushing for the development of equivalent user-mode solutions. The company has also emphasised adopting safe deployment practices (SDP) to prevent similar incidents in the future. Source: SecurityWeek
Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.
Do you want to know more about this topic?
Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.