SAN MATEO, CA, October 28, 2024 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
Largest healthcare data breach ever reported
Change Healthcare, owned by UnitedHealth, has reported that data from over 100 million customers may have been compromised in a recent ransomware incident. The company, which processes billions of medical claims annually in the US, has spent $2.5 billion to address the breach and may spend more. The CEO of UnitedHealth, Andrew Witty, has testified to Congress that approximately one-third of individuals in the United States may be impacted by this hack. Read more.
CISA detects new deserialization vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has detected a new vulnerability, CVE-2024-38094, a deserialization issue that affects Microsoft Sharepoint. The federal agency highlights the risk of remote code execution from unauthorized users who exploit this weakness. Microsoft has given the vulnerability a maximum risk rating and links it back to the deserialization of untrusted data. CISA’s flagging means that under Binding Operational Directive 22-01, this issue must be prioritized for immediate safeguarding. Read more.
SEC charges four new companies in SolarWinds hack
The SEC has charged companies Avaya, Check Point, Mimecast, and Unisys for their “materially misleading disclosures” in the wake of the major 2020 SolarWinds hack, leading to fines of close to $7 million. The SEC alleges that all four publicly traded companies received information that Russian hackers had infiltrated their systems during the infamous data breach and chose to downplay the risk to their investors. Doing so violates the Securities Exchange Act and federal investor protection rules. Read more.
Possible change to HIPAA health data cybersecurity protocols
As the healthcare sector reels against the rise of data breaches and ransomware intrusions, the White House OMB has announced a possible change to the powerful Health Insurance Portability and Accountability Act (HIPAA) due this year. This rule is expected to reclassify certain areas of what is considered “ePHI”, or electronic protected health information, in an effort to safeguard medical information and protect higher-risk areas for hackers like geolocation features on appointment scheduling, translation tools and chatbots. Read more.
CISA discredits cybersecurity threats for upcoming election
According to CISA, while threats to election security have never been so evolved, the protection around ballots is also more robust than ever. Approximately 97% of registered voters will have access to a paper record of how their vote is cast, in addition to pre-election testing of ballot machines and post-election audits. CISA warns that a large amount of the risk comes not from ballot tampering but from misinformation campaigns online led by bad actors from China, Russia, and Iran and the spoofing of websites like Fox News and the Washington Post. Read more.
LinkedIn fined $335 million for privacy violations
The Data Protection Commission fined LinkedIn $335 million for violating its users’ privacy to sell targeted advertising. The company allegedly conducted behavioral analyses of personal data and tracked user activity without consent or disclosure to provide targeted ads. Doing so violates the European Union’s General Data Protection Regulation (GDPR). The Microsoft-owned platform has been given a 3-month timeline to bring its operations into compliance. Read more.
Maritime industry infostealers named in new report
Amidst a rise in ransomware in the maritime industry, the most common “info stealers,” or malware designed to appropriate login credentials, financial data, browser history, and other sensitive information, have been named in a new report by MarLink’s Security Operations Center. In the first half of 2024, the most common infostealers in the maritime industry are RedLine, Raccoon, Vidar, Mars Stealer, and LokiBot. Read more.
401% increase in social media data breaches
The Identity Theft Resource Center reports that more than 1.3 billion data breach victims have been reported in the US so far this year, a 401% increase from September 2023. The report details that connected social media accounts linked to personal banking and financial information are driving the rising trend. Read more.
$10 million reward for information on Iranian cybercriminals
Rewards for Justice has posted a $10 million reward for information on key actors in Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). The hackers of interest are Shahid Hemmat, Manuchehr Akbari, Amir Hosein Hoseini, Mohammad Hosein Moradi, and Mohammad Reza Rafatinezhad. Efforts from the IRGC-CEC have been linked to attacks on critical US infrastructure, including military defense and international transportation. Read more.
Major US water utility Veolia hit by ransomware attack
One of the world’s largest private water utility companies, US-based Veolia, was affected by a ransomware hack that infiltrated backend servers and systems. Hackers are thought to have gained access through the municipal water system’s online bill payment functionality. Personal information from users was reported stolen, but water and wastewater treatment systems were allegedly not affected by the breach. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
