Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Don’t forget printer security
A Wi-Fi credential vulnerability discovered in Canon printer equipment this week reminds us that printers can be threat vectors as well. From onboard storage to unsecured credentials to simply leaving confidential print jobs unattended on printers or copiers, these devices can be forgotten when assessing your team’s security awareness and network defences. Don’t let this happen to you!
Five Eyes release top exploited vulnerabilities of 2022
On August 3, cybersecurity teams from the “Five Eyes” nations (viz.: Canada, the U.K., Australia, New Zealand, and the United States) released a joint cybersecurity advisory (CSA) detailing the top “routinely exploited” vulnerabilities of 2022.
“This advisory provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2022, and the associated Common Weakness Enumeration(s) (CWE), to help organizations better understand the impact exploitation could have on their systems,” according to CISA’s press release regarding the report.
The Five Eyes’ CSA lists the top 12 vulnerabilities exploited in the wild, along with a list of 30 additional vulnerabilities that have seen a heightened amount of malicious activity in the past year. The CSA provides mitigation strategies, guidance, recommendations, patch links and other resources for end-user organizations, as well as vendors, designers, and developers.
New data privacy regulations in the United States
In an August 4 article, Security Magazine provides an overview of some emerging data privacy regulations in the United States. Many states have introduced, or are in the process of introducing, stricter rules around data privacy; while this is laudable, it has created complexity for individuals and businesses alike. The article explores the scope of the new regulations in several jurisdictions, and explains the importance of understanding the implications of the rules on business, conducting impact assessment, and building comprehensive data privacy practices to protect sensitive data, and avoid financial penalties and reputational damage.
U.S. Federal Reserve releases cyber resilience report
On August 1, the United States Federal Reserve released a new Cybersecurity and Financial System Resilience Report. The report to Congress identified geopolitical tensions, the global cyber-criminal ecosystem, supply-chain/third-party attack, and insider threats as the biggest areas of risk for the monetary system. The report also pointed to areas of emerging risk, including fintechs and other third-party service providers, quantum computing and AI – all areas in which there are risks that technology innovation may outpace defensive and regulatory measures.
Multiple U.S. healthcare facilities facing cyber attack
On August 3, a ransomware attack on Prospect Medical Holdings (PMH) disrupted networks in several hospitals and clinics in California, Texas, Connecticut, Rhode Island, and Pennsylvania. The incident forced emergency rooms to close and ambulances to be diverted to other facilities; elective surgeries, outpatient appointments, blood drives and other services were also suspended; and some facilities resorted to using paper files to get through the crisis. While some ERs re-opened by August 4, many primary care services were closed into the weekend.
PMH, which operates 16 hospitals and more than 165 clinics and outpatient centres in the U.S., has been silent about the incident on its website and social media channels. However, some of its individual state affiliates have provided updates: for example, the Eastern Connecticut Health Network (ECHN) posted a status page on its website, and their Vice President for Communications and Public Affairs Nina Kruse made a statement about the incident: “Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations… Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”
Astronomy research lab suffers cyber attack
Think you’re not a target for a cyber attack? Consider that an astronomy research laboratory in the U.S. suffered a cyber incident on August 1. The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory (NOIRLab) published an announcement regarding the attack, reporting that the incident had forced its Gemini North telescopes in Hawai‘i to suspend observations.
No details have been provided on the nature of the attack as the facility “conducts its investigation and develops the recovery plan in consultation with NSF’s cyber specialists.” The facility reported that the “Gemini website and proposal tools are currently offline but the NOIRLab website remains online,” and there was no impact to the infrastructure of other NOIRlab facilities, or to its Gemini South telescope on Cerro Pachón in the Chilean Andes. NOIRlab is an international science partnership between the U.S., Canada, Chile, Brazil, Argentina, and South Korea.
Tennis Canada data allegedly posted to dark web
In a report by the French language Le Journal de Québec, Tennis Canada was the target of a cyber attack leading to the “leak of sensitive information, including names, addresses, social insurance numbers and employee banking information.”
Tennis Canada had earlier acknowledged having been the victim of a “cyber incident” on June 8, when reports surfaced that the Aikira ransomware gang had listed them as a victim on their data leak site, presenting alleged stolen financial records. At that time, Marc-Antoine Farly, spokesperson for Tennis Canada, stated that the situation had been resolved, and based on a subsequent investigation, “there was no evidence that any personal data was compromised.”
However, according to the report from the Quebec news outlet, sensitive documents belonging to employees of the organization, were allegedly disclosed on August 1 on the dark web.