Home » Newsletter – 3rd Edition Dec 2024

GSG Monthly Newsletter – 3rd Edition Dec 2024

Cybersecurity News

Cybersecurity and Infrastructure Security Agency (CISA) - Cybersecurity Alerts & Advisories
1. CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of flaws is below –

  • CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel (Patched by Adobe in March 2024)
  • CVE-2024-35250 (CVSS score: 7.8) – Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges (Patched by Microsoft in June 2024)

For more details: CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign – The Cyber Post

2. CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

  • CSA-24-354-01 Hitachi Energy RTU500 series CMU
  • ICSA-24-354-02 Hitachi Energy SDM600
  • ICSA-24-354-03 Delta Electronics DTM Soft

For more details: Cybersecurity Alerts & Advisories | CISA

3. CISA orders federal agencies to Implementing Secure Practices for Cloud Services (BOD 25-01)
​CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments.
While CISA has only finalized the required secure configuration baselines (SCBs) for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to enter scope in Q2 of FY 2025).
This government-wide directive aims to reduce the attack surface of federal networks by requiring mandatory secure practices for cloud services to protect Federal Civilian Executive Branch (FCEB) systems and assets.
For more details: BOD 25-01: Implementing Secure Practices for Cloud Services | CISA

BeyondTrust says hackers breached Remote Support SaaS instances
Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances.
BeyondTrust is a cybersecurity company specializing in Privileged Access Management (PAM) and secure remote access solutions. Their products are used by government agencies, tech firms, retail and e-commerce entities, healthcare organizations, energy and utility service providers, and the banking sector.
The company says that on December 2nd, 2024, it detected “anomalous behavior” on its network. An initial investigation confirmed that threat actors compromised some of its Remote Support SaaS instances.
For more details: BeyondTrust says hackers breached Remote Support SaaS instances

Ransomware attack on Rhode Island health services exposed personal data of hundreds of thousands
A ransomware attack on Rhode Island’s health services system has potentially exposed the personal data of hundreds of thousands of residents.
Hackers are threatening as early as this week to release the personal information of potentially hundreds of thousands of Rhode Islanders connected with RIBridge, the state’s health and social services system that suffered a cyberattack on Dec. 5, Gov. Dan McKee and state officials told media over the weekend.
Brian Tardiff, Rhode Island’s chief digital officer, said that the cybercriminals behind the attack threatened to release the data they claim to have obtained in the Dec. 5 cyberattack unless they receive a ransom payment.
For more details: Ransomware attack on Rhode Island health services exposed personal data of hundreds of thousands | StateScoop

Regional Care Data Breach Impacts 225,000 People
Nebraska-based healthcare insurance firm Regional Care has disclosed a data breach impacting more than 225,000 individuals.
The third-party insurance administrator is informing impacted individuals that their personal and medical information may have been compromised as a result of an incident identified in mid-September 2024.
Regional Care discovered at the time that there had been some unusual activity on an account in its network. The compromised account was immediately shut down.
An investigation conducted with the aid of cybersecurity experts determined that an “unauthorized party” had potentially acquired some files from its systems.
For more details: Regional Care Data Breach Impacts 225,000 People – SecurityWeek

Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.
Attackers are spoofing Google Calendar invites in a fast-spreading phishing campaign that can bypass email protections and aims to steal credentials, ultimately to defraud users for financial gain.
The campaign, discovered by researchers at Check Point Software, relies on modified “sender” headings to make emails appear as if they were sent via Google Calendar on behalf of a legitimate entity, such as a trusted brand or individual, they revealed in a blog post published Dec. 17.

For more details: Phishers Turn to Google Calendar Spoofing Globally
Reference: CISA, Darkreading, SecurityWeek, StateScoop, Bleepingcomputer

DIGITAL TRANSFORMATION NEWS
Salesforce has officially announced the launch of Agentforce 2.0
Salesforce has officially announced the launch of Agentforce 2.0, an advanced version of its AI-driven digital labor platform. This update brings several key enhancements designed to improve business operations and efficiency:

  • Slack Integration: Agentforce 2.0 now integrates seamlessly with Slack, enabling better collaboration and communication within teams.
  • Enhanced CRM and Analytics: The platform offers improved customer relationship management and data analysis capabilities, allowing businesses to gain deeper insights and make more informed decisions.
  • Atlas Reasoning Engine: Upgraded for greater accuracy and efficiency, this engine enhances the platform’s ability to understand and respond to complex queries.
  • New Library of Pre-Built Skills: This feature allows for rapid customization, enabling businesses to quickly deploy AI agents tailored to their specific needs.

Agentforce 2.0 aims to revolutionize business operations by integrating AI agents into everyday workflows. These autonomous AI agents are capable of handling complex tasks, helping enterprises scale their workforce and improve productivity.

Read more here: Salesforce – Introducing Agentforce 2.0: The Digital Labor Platform for Building a Limitless Workforce

Technical Summary of Ponemon Institute’s Report on Vulnerability Response in Government
The Ponemon Institute’s report on vulnerability response in government highlights several critical findings:

  1. High Breach Incidence: Approximately 50% of surveyed government agencies reported experiencing a data breach within the last two years, primarily due to unpatched vulnerabilities.
  2. Reliance on Manual Processes: 60% of agencies depend on manual vulnerability management processes, which impede their ability to effectively prioritize and remediate vulnerabilities.
  3. Automation Imperative: The report underscores the necessity of automating vulnerability response workflows to enhance operational efficiency and mitigate breach risks. Only 30% of agencies currently use automated tools for vulnerability management.
  4. Strategic Recommendations:
  5. Enhance Cyber Hygiene: Implement fundamental cybersecurity practices to reduce vulnerability exposure. 70% of breaches could be prevented with better cyber hygiene.
  6. Integrate Tools: Break down silos between disparate security tools to streamline vulnerability management. 40% of agencies report tool integration as a major challenge.
  7. Automate Workflows: Develop and deploy structured, automated workflows for vulnerability identification, prioritization, and remediation. Automation can reduce remediation time by up to 50%.

Read more: ponemon-vulnerability-reponse-in-government.pdf

*Disclaimer: This newsletter contains links to sites on the Internet that are owned and operated by third parties. We do not claim ownership of any third-party content. Trademarks, logos, and brand names are the property of their respective owners.
**These are basic steps; advanced issues may need expert intervention. Consult our team for detailed analysis.

Schedule a meeting with experienced advisors




    cf7captchaRegenerate Captcha

    The future of technology is faster and smarter, which makes it even more important for you to partner with trusted technical advisors who understand today's workplace challenges.

    Address

    Headquarter:
    31681 Dequindre Road, Madison Heights, MI 48071

    Branch Offices:
    13800 Coppermine Road, Herndon, VA 20171
    Boston, MA

    Phone

    313.397.8311

    Email

    info@globalsolgroup.com