Clorox CISO departs months after cyberattack
As reported in Bloomberg, Amy Bogac has departed after about two and a half years in the role. No official mention was made for her departure, however, this follows a major cyberattack attributed to Scattered Spider, which “paralyzed the company’s manufacturing operations for weeks and led to nationwide shortages of several products.” Bloomberg adds that Clorox has noted “organic sales tumbling 18% in its most recent quarter, which ended Sept. 30, and that it expected ongoing operational impacts in the current quarter.”
ALPHV/BlackCat Ransomware gang files SEC complaint
The gang is apparently unhappy that one of their victims, MeridianLink, has not complied with the U.S. Securities and Exchange Commission’s requirement in Form 8-K, under Item 1.05, to disclose a cybersecurity incident that impacted “customer data and operational information.” ALPHV/BlackCat claims to have breached the company on November 7. The SEC complaint is intended to add more pressure to the company. According to Reuters, however, this rule only takes effect on December 15 of this year.
(Bleeping Computer and Reuters)
Drenan Dudley acting national cyber director while Coker confirmation process continues
On Friday, the White House confirmed that Dudley will take over as acting director while the nomination process for Harry Coker as National Cyber Director continues. No date for a vote on his nomination has yet been set. Dudley has served as the deputy national cyber director for strategy and budget since August, and prior to that spent 16 years on the staff of the Senate Appropriations Committee.
FCC adds rules for wireless providers to combat SIM swapping
These rules will force wireless companies to “adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider.” This includes requiring wireless providers to “immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts and taking additional steps to protect customers from SIM swap and port-out fraud.”
(FCC)
Huge thanks to this week’s episode sponsor, Egress
Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
Medicare recipients affected by MOVEit breach
The U.S. Center for Medicare & Medicaid Services (CMS) has revealed that more than 330,000 Medicare recipients have been affected by a leak of sensitive data related to the ongoing MOVEit breach. The breach itself happened to Maximus Federal Services , contractor to CMS that used the Progress Software MOVEit Transfer. The data leaked includes standard PII, but also includes insurance claim numbers, medical histories, healthcare provider and prescription information, and health insurance claims and policy/subscriber information.
8Base ransomware operators used Phobos ransomware variant in recent attacks
This observation was made by researchers from Cisco Talos, and it follows a significant increase in activity for this particular ransomware group. The variation in the use of Phobos, as reported in Security Affairs, is that rather than being distributed by SmokeLoader, 8Base campaigns has the ransomware component embedded in its encrypted payloads. It is then decrypted and loaded into the SmokeLoader process’ memory.
Ransomware attacks on Yamaha and WellLife network, possibly from INC group
An attack on Yamaha’s motorcycle manufacturing and sales subsidiary in the Philippines is still being assessed to understand the extent of the damage. It soon appeared on the leak site of the INC ransomware gang. The site also listed WellLife Network, a large organization that provides services to people with intellectual or developmental disabilities as well as those with mental illness. Although both of these incidents are still under investigation, researchers at SentinelOne state that the group has been seen exploiting CVE-2023-3519, a vulnerability affecting products from Citrix such as NetScaler.
Last week in ransomware
The just mentioned Yamaha and WellLife attacks put these organizations in company with Toyota Financial Services, Industrial and Commercial Bank of China (ICBC), DP World, Allen & Overy, and Boeing, all of whom have suffered cyberattacks related to vulnerable Citrix NetScaler devices. Last week, The British Library as well as Toronto Public Library confirmed data thefts, and the FBI and CISA released a joint advisory on the Rhysida ransomware operation. As we reported last Monday, the moving company Dolly.com allegedly paid the ransom charged by its attacker only to find out that its sensitive data was published anyway, due to the payment being “not generous enough.”