In today’s cybersecurity news…
General Dynamics says employees targeted in phishing attack
The aerospace and defense company says threat actors “compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel.” The activity was discovered on October 10, and took the form of a fraudulent advertising campaign that directed General Dynamics employees to a phishing site where they were deceived into entering their usernames and passwords. A total of 37 people were affected, and in addition to accessing PII and government ID numbers, in some cases the attackers changed bank account information.
Japan Airlines systems are back to normal after cyberattack
The airline announced yesterday, Thursday, that its systems have returned to normal following a cyberattack delayed some international and domestic flights. The attack occurred at 7:24 a.m. local time and shut down a router that was causing malfunctions and which suspended ticket sales for flights departing on Thursday. Representatives said no customer data was leaked, and no damage was registered. This event follows on the heels of a brief outage that affected flights for American Airlines on Tuesday evening, Christmas Eve. This particular outage was “issued at the airline’s request after it experienced trouble with its flight operating system, or FOS. The airline blamed technology from one of its vendors.”
American Addiction Centers suffers data breach
The organization, which runs a network of addiction rehab facilities across California, Florida, Texas, Nevada, Massachusetts, Mississippi, New Jersey and Rhode Island, suffered the attack in September, and started mailing breach notifications to more than 400,000 people just prior to the Christmas break. The stolen data includes Social Security numbers and health insurance information. Representatives from the organization declined to say whether ransomware was involved, but the Rhysida ransomware gang, which is known for attacking numerous healthcare networks in the U.S., made a claim on November 16 regarding this attack.
Huge thanks to our sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Windows 11 installation media bug causes security update failures
A warning from Microsoft yesterday regarding a problem that may occur when using physical media such as CDs or USB flash drives to install Windows 11, version 24H2. Copies of this version of Windows 11 that include security updates released between October 8 and November 12 may cause the operating system to not accept any further security updates. Microsoft is working on a fix, but recommends that people performing Windows 11 24H2 installations use the December 2024 security update, released on December 10, to avoid problems.
Lumma infostealer takes top spot with near 400% surge
According to cybersecurity firm ESET in its H2 2024 Threat Report, the Lumma Stealer infostealer is the one increasingly being sought after by cybercriminals, with “a 369% surge in detections in its telemetry in the second half of 2024.” Lumma Stealer is known for targeting two-factor authentication browser extensions, user credentials and cryptocurrency wallets. ESET’s report also highlight XLoader, also known as Formbook, a malware-as-a-service in constant demand because it is under constant development. ESET also adds that the infostealer-as-a-service Redline Stealer, having been taken down by international authorities in October, is unlikely to be resurrected, but will simply lead to the expansion of other similar threats. A link to the ESET report is available in the show notes to this episode.
(InfoSecurity Magazine and ESET H2 2024 Report)
Adobe warns of critical ColdFusion bug with PoC exploit code
As reported in BleepingComputer, “Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code.” An advisory was released on Monday, which stated that the flaw, which has a CVE number, is “caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers.” The company has assigned a “Priority 1” severity rating to the flaw because it has “a higher risk of being targeted, by exploits in the wild.” It also urges administrators to install emergency security patches that were released the same day, December 23.
TechCrunch lists the most badly handled data breaches of 2024
TechCrunch is out with its annual summary of breaches whose behavior or response could at least be seen as a learning opportunity for others. This year’s list includes 23andMe, who blamed their customers for not sufficiently securing their accounts, Change Healthcare who “took months to confirm hackers stole most of America’s health data” by breaching a basic user account with a lack of multi-factor authentication. Also on the list, Snowflake, whose breach was a result of a ’s lack of mandated use of multi-factor security, and the City of Columbus, Ohio, sued a security researcher for truthfully reporting on a ransomware attack. Details on these stories and four more – one of which is, of course, Salt Typhoon, are available through the link in the show notes to this episode.