Tag Archive for: Register

Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes • The Register

/in


A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.

These cyber-spy campaigns, dubbed “ArcaneDoor” by Cisco, were first spotted in early January and revealed on Wednesday. And they targeted VPN services used by governments and critical infrastructure networks around the globe, according to a joint advisory issued by the Canadian Centre for Cyber Security (Cyber Centre), the Australian Signals Directorate’s Cyber Security Centre, and the UK’s National Cyber Security Centre (NCSC).

A Cisco spokesperson declined to comment on which country the snooping crew – tracked as UAT4356 by Talos and as STORM-1849 by Microsoft – is affiliated with. The disclosures, however, come as both Russian and China-backed hacking groups have been found burrowing into critical infrastructure systems and government agencies, with China specifically targeting Cisco gear.

The mysterious nation-state group “utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor,” according to a Talos report published today.

The attacks exploit two vulnerabilities, CVE-2024-20353 and CVE-2024-20359, in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, and the networking giant issued fixes for both on Wednesday, plus a fix for a related flaw.

CVE-2024-20353 is a high-severity vulnerability in the management and VPN web servers for Cisco ASA and FTD devices, and could allow an unauthenticated, remote attacker to cause the machines to reload unexpectedly, resulting in a denial of service (DoS) attack. It received an 8.6 CVSS rating.

Two other flaws, CVE-2024-20359 and CVE-2024-20358 received a 6.0 CVSS score, and could allow an authenticated local attacker to execute arbitrary code with root-level privileges. Exploiting either, however, requires administrator-level privileges.

Cisco says it hasn’t yet…

Source…

Nearly 3M people hit in Harvard Pilgrim healthcare data theft • The Register

/in


Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2.9 million people in all US states.

Pilgrim’s problems were first admitted last year after a March ransomware infection that affected systems tied to the health services firm’s commercial and Medicare Advantage plans. While the intrusion occurred on March 28, 2023, it wasn’t discovered until April 17. Pilgrim says it believed customer data was extracted in the interim period.

“After detecting the unauthorized party, we proactively took our systems offline to contain the threat,” Harvard Pilgrim said in its latest notification letter sent out this month. “We notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.”

Names, physical addresses, phone numbers, birth dates, clinical information including lab results, and social security ID numbers were all compromised, Harvard Pilgrim said. 

The latest notification letters mark the fourth time Harvard Pilgrim has updated the total number of victims. An update in February put the total number at 2,632,275 individual records exposed; now it is reporting a total of 2,860,795 people. 

As is usually the case in these sorts of dramas, credit monitoring and identity protection services are being offered, and the business doesn’t believe any of the stolen data has been misused as a result of the theft – that it knows about at least. 

It’s not uncommon for victim numbers to increase during the course of an investigation, though 2.8 million is a lot of people and may not be the final tally yet.

“Our investigation is still underway and we will continue to provide notification in the event we identify additional individuals whose information may have been impacted,” a spokesperson told The Register.

Critical vulnerabilities: A very Cisco week

There weren’t a ton of critical vulnerabilities to report this week, though Cisco did have a pretty busy few days with a series of updates going out for IOS and other products.

Source…

CSUF cybersecurity students compete to hack into vulnerable systems – Orange County Register

/in


Last fall, Cal State Fullerton cybersecurity students competed in the Collegiate Penetration Testing Competition where teams of students from the region met to determine how to hack the security systems of an airport and then presented a report of their findings to executives.

The Cal State Fullerton team of six students placed second in the high-pressure competition, which provided real-world experience that they will bring to the jobs that await them once they graduate. Business sponsors often recruit winners for employment during these events, said Mikhail Gofman, professor of computer science and director of the ECS Center for Cybersecurity in the College of Engineering and Computer Science.

Penetration testing means trying to break through the security systems of a business by using the same tools and techniques that hackers use. If a penetration tester can discover and exploit a vulnerability, Gofman said, then so can an attacker.

“This is often called the security governance,” Gofman said, “the goal of which is to ensure the cybersecurity of the company. It is driven by risk management, and, of course, cyberattacks are a big part of the company risk management, because a cyberattack can have very devastating consequences.”

The regional competition focused on the security systems of an airport. “They weren’t actually real airport systems, but real networks which simulated what a network infrastructure of an airport would look like,” Gofman said. “The students had 12 hours, from morning to night, to conduct the penetration test to find and exploit as many security vulnerabilities as possible.”

Then they had to write a professional penetration testing report that communicated their findings in plain language.

“Our goal as a team was to try to fully compromise the company, given only a set of IP ranges and some scattered fictitious employee information they left on the internet for us to exploit,” said fourth-year student Katherine Chen, who was a member of the winning team.

“You use public information on the internet to impersonate someone and use their information for malicious purposes, which we were successfully able to do,” Chen said. “At…

Source…

Crypto scams more costly to US than ransomware, Feds say • The Register

/in


The FBI says investment fraud was the form of cybercrime that incurred the greatest financial loss for Americans last year.

Investment scams, often promising huge returns, led to reported losses of $4.57 billion throughout the year – a 38 percent increase from $3.31 billion in 2022. The vast majority prey on those looking to make a quick buck with cryptocurrency, with these kinds of scams contributing just shy of $4 billion to the overall losses.

The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud.

These cons also led to a rise in scams themed around the recovery of funds lost to investment scams, preying on vulnerable victims at their lowest. In some cases, victims would be strung along for long periods of time and convinced to make multiple payments to recovery services that would never reunite them with their stolen funds.

The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI’s Internet Crime Complaint Center (IC3). It was barely even a comparison, in fact, with ransomware apparently costing victims just $59.6 million for the entire year.

That figure is adjusted, not including the cost of downtime for businesses still in their recovery phases, for example, but it still seems especially low to a reporter who’s covered one-off ransom fees in the $15 million region.

The average ransom demand in the US is also said to be around $1.5 million, and with the IC3’s reported 2,825 ransomware-related complaints throughout the year, something isn’t adding up.

El Reg asked the feds for clarity but they didn’t immediately respond.

A…

Source…