In today’s cybersecurity news…
Evolve Bank data breach is…. evolving
Following up on a story we brought to you this past Friday on Cyber Security Headlines, loan company Affirm is now warning that payment card holders had their personal information exposed in the third-party data breach suffered by its card issuer, Evolve Bank & Trust. Affirm is required to share customer data with Evolve in order to issue its debit cards. The Evolve breach has potentially affected several other U.S. fintech firms including Wise and Bilt. Evolve said it has responded to the incident by resetting passwords, reconstructing critical access systems, including Active Directory, and implementing various network hardening measures.
Patelco Credit Union cyberattack disrupts services for nearly 500,000 members
Ohio-based Patelco Credit Union fell victim to a ransomware attack on Saturday preventing its members from accessing the company’s online banking platform, mobile app, and call centers. Patelco was forced to shut those systems down to contain the attack leaving members unable to perform electronic transactions such as transfers (including Zelle), direct deposits, balance inquiries, and online bill payments. The company assured members that they can still access cash from ATMs and also set up a webpage to provide updates related to the incident.
LockBit claims cyberattack on Croatia’s largest hospital
The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia’s University Hospital Centre which we covered on Cyber Security Headlines on Monday. The attack took place last week and forced the hospital to shut down IT systems for one day. Lockbit is now claiming to have gained access to patient and employee information, medical records, and third-party contracts. Health Minister Vili Beros said Tuesday that the government will not negotiate with hackers who are likely “looking for money.” LockBit’s operations were disrupted by an international operation in February but the group has since resurfaced.
Google fixes 25 Android flaws, including critical privilege escalation bug
Google has released patches for 25 security vulnerabilities in the Android operating system, including a critical-severity flaw in the Framework component. The critical bug (tracked as CVE-2024-31320), impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. That flaw, along with fixes for seven other high-severity issues, were released by Google on Monday. This coming Friday, Google plans to release updates that resolve an additional 17 vulnerabilities in Kernel, Arm, Imagination Technologies, MediaTek, and Qualcomm components.
Huge thanks to our sponsor, Demoed
Passkey redaction attacks subvert GitHub, Microsoft authentication
While passkeys are being increasingly adopted to protect online accounts, researchers say those accounts are still vulnerable to adversary-in-the-middle (AitM) attacks. Researcher, Joe Stewart, says the problem is not with passkeys themselves but instead with sites that support alternative account recovery options. In several Proofs of Concept (PoCs) Stewart demonstrated how an AitM can manipulate a user’s login screen to remove passkeys as an option, thus forcing them to downgrade to a less-secure alternative that they can then intercept. In one case, Stewart leveraged Evilginx AitM software to proxy and alter a GitHub login page, to hide the “Sign in with a passkey” prompt. In another scenario using a Microsoft consumer account, he again showed how the passkey sign-in option can be hidden from a user. Stewart reiterated that these attacks are possible due to a general lack of maturity in authentication models and not because of any inherent security bugs associated with passkeys. He published several strategies to help organizations protect against these AitM scenarios.
French authorities seize nearly $6M in illicit online platform takedown
In a coordinated international effort, French authorities have seized servers and proceeds worth millions belonging to the “Coco” chat website. Authorities said the site facilitated child pornography, other sexual exploitation, drug dealing and violent acts including homicides. The website is owned by a Bulgarian company and had over 850,000 users in France alone as of 2023. Child rights activists have been lobbying against the site they referred to as a “predators den” since 2013. The Coco site has been replaced with a seizure notice from the French national police.
Cyber workforce numbers on the rise at large orgs
According to Wavestone’s “Cyber Benchmark 2024” report, larger organizations have made significant progress in bolstering their cyber workforce this year. On average, organizations with more than $1 billion in revenue had one cyber professional per every 1,086 employees, up 15% compared to 2023. Financial businesses have made the most progress ramping up their cyber teams to one cyber pro per every 267 employees. Industrial groups are lagging behind, with an average of one cyber expert per 1,390 employees. Wavestone said that one factor in the overall positive trend is that “more companies have launched initiatives to ensure talent retention.”
Newsletter author says Evolve Bank sent him a cease and desist letter
The situation around the Evolve Bank data breach is getting even weirder. Evolve has sent a cease and desist letter to Jason Mikula, author of the respected Fintech Business Weekly publication. Mikula confirmed that he has seen some of the leaked files from Evolve breach and revealed some impacted fintech companies on X. Evolve instructed Mikula not to share files from the dark web with any allegedly impacted fintech companies. Looking at hacked information is a common practice among journalists during the course of their reporting on security breaches. Mikula’s primary concern is that some impacted fintechs have not been formally notified and thus may not have taken action to mitigate risk or inform users.