Information Technology Security Awareness Posts

PIH Health Data Breach: What You Need to Know and How to Protect Yourself

In December 2024, hackers claimed to have stolen 17 million patient records and 2 terabytes of sensitive data from PIH Health in California. The breach exposed confidential medical and personal information, putting affected patients at risk of identity theft and financial fraud. Learn what happened, the risks involved, and the steps you can take to protect yourself in the wake of this significant cyberattack.

By Cybersecurity Team on December 17, 2024

Addressing Drone Threats: Ensuring Safety and National Security

Recent drone incursions have disrupted operations at Wright-Patterson Air Force Base and Syracuse Hancock International Airport, highlighting vulnerabilities in critical airspaces. These events risk public safety, military readiness, and air traffic operations. To mitigate such threats, stricter regulations, investment in counter-drone technology, and enhanced coordination between agencies are essential to ensure safety and national security.

By Cybersecurity Team on December 16, 2024

Rhode Island Cybersecurity Breach

Rhode Island's RIBridges system, managing public assistance programs like Medicaid and SNAP, was hit by a ransomware attack in December 2024. Sensitive data, including Social Security numbers and banking details, was compromised, putting beneficiaries at risk of identity theft. Impacted individuals should monitor for fraud, update passwords, and consider credit freezes to protect their information. This incident highlights the urgent need for stronger cybersecurity measures.

By Cybersecurity Team on December 16, 2024

Exploring the Potential Connection Between Drones Over New Jersey and Iran's Drone Ships

The rise in unauthorized drone sightings over New Jersey coincides with Iran's advancements in drone-equipped maritime vessels. While no direct link has been established, the timing raises questions about potential surveillance or probing activities by foreign entities. These developments highlight the need for enhanced counter-drone measures and global cooperation to address emerging security threats.

By Cybersecurity Team on December 14, 2024

US Agencies Issue Cybersecurity Guidance Against China-Linked Threats

U.S. agencies, including the NSA, FBI, and CISA, have issued new cybersecurity guidance to combat threats from China-linked actors. The nine-page document outlines strategies to enhance network visibility, enforce secure protocols, and address vulnerabilities, particularly in telecom systems. This global effort with Five Eyes nations highlights proactive defense measures to secure critical infrastructure

By Cybersecurity Team on December 12, 2024

Microsoft's December 2024 Patch Tuesday: Critical Updates

Critical vulnerabilities patched in Microsoft's December 2024 update, emphasizing the need for immediate action to safeguard systems against actively exploited threats and other significant issues. For more technical details, refer to resources like Microsoft’s security bulletin or reputable cybersecurity blogs.

By Cybersecurity Team on December 11, 2024

CVE-2024-50623: Widespread Exploitation of Cleo File Transfer Software

CVE-2024-50623 is a critical vulnerability found in Cleo file transfer software, including Cleo Harmony, VLTrader, and LexiCom versions before 5.8.0.21. This flaw allows unrestricted file uploads and downloads, potentially leading to remote code execution. Users are urged to update to version 5.8.0.21 to mitigate risks. Additional security measures, such as restricting file uploads and monitoring system logs, are also recommended.

By Cybersecurity Team on December 10, 2024

Examining Drone Incursions Near Critical Installations

Recent drone incursions near sensitive military bases like RAF Lakenheath in the UK and Picatinny Arsenal in the U.S. raise concerns about espionage, public safety, and operational disruptions. Authorities are investigating and deploying counter-drone measures to protect critical infrastructure while balancing the benefits of drone technology. Vigilance and innovation are key to addressing these emerging challenges. Read more on The War Zone and The Guardian.

By Cybersecurity Team on December 10, 2024

The Importance of a Robust Data Handling, Protection, and Retention Policy

A strong data handling, protection, and retention policy is critical for protecting sensitive data and preventing breaches, as seen with incidents like MOVEit and Finastra. Organizations must enforce strict controls both internally and with vendors, including thorough assessments, clear contracts, and continuous monitoring. By adopting these practices, businesses can reduce risks, ensure compliance, and safeguard their reputation.

By Cybersecurity Team on December 09, 2024

Mystery Drones Over New Jersey: Monitoring and Mitigation

Recent sightings of large drones flying in formation over New Jersey have raised privacy and security concerns. Authorities are investigating, but the situation highlights the need for advanced technologies like radar, RF signal analysis, AI, and geofencing to monitor and counter unauthorized drone activity. Enhanced collaboration among agencies and the private sector is vital for managing this growing challenge effectively.

By Cybersecurity Team on December 09, 2024

Windows Zero-Day Vulnerability: Credential Theft Across Windows Versions

A critical zero-day vulnerability affects Windows 7 through 11 and Windows Server 2008 R2 onward, enabling NTLM credential theft via malicious theme files. Attackers exploit external network paths in theme files to intercept hashed credentials for pass-the-hash or NTLM relay attacks. Mitigation includes using ACROS Security's micropatch, disabling NTLM, and educating users about theme file risks.

By Cybersecurity Team on December 06, 2024

Senators Warn Pentagon About China's Telecom Hacks

U.S. senators have urged the Pentagon to address vulnerabilities in telecommunications infrastructure following the Salt Typhoon espionage campaign, attributed to Chinese state-sponsored hackers. This sophisticated attack targeted telecom networks globally, exposing critical gaps in cybersecurity. Lawmakers are calling for stronger enforcement of security standards and reforms to protect national security. Learn more from The Register and WSJ.

By Cybersecurity Team on December 05, 2024

Cisco Releases Security Updates for NX-OS Software

Cisco has released critical security updates for NX-OS software to address vulnerabilities that could lead to authentication bypass, denial of service, or arbitrary code execution. These flaws pose significant risks to network security. Administrators are urged to review Cisco’s advisories and apply patches immediately to protect systems from potential exploits. Learn more: Cisco Security Advisories

By Cybersecurity Team on December 05, 2024

FBI Urges Telecoms to Enhance Security After China-Backed Hack

The FBI has issued an urgent warning following a China-backed cyberattack targeting major U.S. telecom providers, compromising call records and live communications. The breach exploited vulnerabilities in CALEA-compliant systems, prompting recommendations for robust encryption, system updates, and cybersecurity education. The attack highlights growing threats to national security and the importance of fortified defenses in critical infrastructure.

By Cybersecurity Team on December 05, 2024

Understanding the Recent T-Mobile Hack

The recent T-Mobile hack, attributed to the Salt Typhoon group linked to China's PLA, highlights critical vulnerabilities in telecommunications infrastructure. The breach raises significant concerns about national security, as hackers may have accessed surveillance tools and sensitive data. This incident underscores the urgent need for robust encryption and advanced cybersecurity measures to protect critical systems. Read more about the implications below.

By Cybersecurity Team on December 03, 2024

North Korean Kimsuky Hackers Exploit Russian Email Services

North Korea's Kimsuky hackers are using Russian email services to conduct spear-phishing attacks, targeting think tanks, academics, and media organizations. By impersonating trusted entities, they aim to steal credentials and gather sensitive geopolitical intelligence, aiding North Korea's cyber espionage and weapons programs. Enhanced email security measures and vigilance are essential to counter these threats. Read more: The Hacker News.

By Cybersecurity Team on December 03, 2024

LogoFAIL Exploit: A Critical UEFI Vulnerability

LogoFAIL is a newly discovered UEFI vulnerability that exploits image-parsing components in firmware, enabling attackers to inject malicious payloads through boot-up logos. These flaws allow code execution during the boot process, bypassing protections like Secure Boot and creating persistent, undetectable malware. The exploit affects a wide range of devices and highlights the importance of securing overlooked components.

By Cybersecurity Team on December 02, 2024

NetSupport RAT and RMS in Malicious Emails

NetSupport RAT and RMS are legitimate tools misused in phishing emails for unauthorized remote control. Cybercriminals trick victims into installing them through malicious attachments or scripts, enabling data theft and malware deployment. Recent campaigns exploit advanced tactics like OLE manipulation in Office documents, targeting sectors like healthcare and finance. Vigilance and layered defenses are crucial to combat these threats.

By Cybersecurity Team on December 02, 2024

Understanding "Rockstar 2FA" Phishing-as-a-Service (PaaS)

"Rockstar 2FA" is a Phishing-as-a-Service tool that targets two-factor authentication by intercepting credentials and one-time passwords. It provides hackers with pre-built phishing kits to mimic login and 2FA verification pages, making advanced attacks accessible to novices. The service poses a significant threat to accounts relying solely on 2FA for protection. HENDRY ADRIAN ps://www.hendryadrian.com/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas/).

By Cybersecurity Team on December 02, 2024

Adversary: Stealth Mango And Tangelo

"Stealth Mango" and "Tangelo" are both surveillanceware tools that have been identified as part of targeted cyber campaigns.

By Cybersecurity Team on November 30, 2024