Good morning, Security Gang! On this packed episode of the CyberHub Podcast, I delved into some major cybersecurity incidents and updates, sharing actionable insights for practitioners and leaders. Let’s break down today’s top stories:
Healthcare Data Breach at Phreesia
Phreesia’s subsidiary, Connect On Call, experienced a significant data breach exposing the personal and health information of over 910,000 individuals. The breach, which occurred between February and May 2024, highlights vulnerabilities in M&A cybersecurity practices. Phreesia has since taken the affected service offline, but the incident serves as a stark reminder for companies growing through acquisitions to include security practitioners in M&A processes to identify and mitigate risks early.
Cisco DevHub Data Leak
Cisco confirmed a data breach involving its Dev Hub environment, exposing 2.9GB of sensitive data. The files, inadvertently made public due to a configuration error, included source code and certificates for major Cisco products like Webex, Umbrella, and Secure Access Service Edge (SASE). While Cisco has downplayed potential impact, practitioners using Cisco should be cautious, as leaked code could provide valuable insights to attackers.
Meta Fined for GDPR Breach
Meta was slapped with a €251M fine by Ireland’s Data Protection Commission for a 2018 GDPR violation involving a Facebook video upload system that exposed sensitive user information. While Meta argues that much of the exposed data was publicly available, the incident raises questions about the enforcement of data privacy regulations and the financial implications for global companies operating in Europe.
Russian APT Leveraging RDP Attacks
Russia’s APT-T has repurposed a legitimate red-teaming tool to target government and military entities, primarily in Ukraine. Using malicious RDP configurations, the group seeks to gain machine access and deploy malware. As the geopolitical situation in Ukraine evolves, organizations in adjacent regions should prepare for similar threats, feeding indicators of compromise into their threat hunting programs.
Turkey Targeted by Bitter Group
The Bitter cyber-espionage group launched attacks on Turkish defense organizations using a new malware, Maya RAT. These attacks, tied to broader geopolitical tensions involving Turkey, Iran, and Russia, underscore the need for Turkish organizations to strengthen their defenses against nation-state cyber operations. The malware exploits phishing tactics and employs sophisticated techniques like scheduled PowerShell tasks for persistence.
Critical Vulnerabilities in Apache Struts and BeyondTrust
Two critical vulnerabilities were highlighted:
Apache Struts 2 (CVE-2024-53677) – An actively exploited path traversal vulnerability allowing remote code execution. It recalls the infamous Equifax breach and emphasizes the need for prompt patching.
BeyondTrust Privileged Remote Access – A command injection flaw (CVE-2024-12356) with a CVSS score of 9.8. Affected systems must patch immediately to prevent exploitation.
CISA’s 2024 Milestone
CISA reported issuing 2,131 pre-ransomware notifications in 2024—nearly double the previous year. With the end of Director Jen Easterly’s tenure approaching, this milestone reflects the agency’s proactive measures in defending critical infrastructure.
Nebraska Sues Change Healthcare
Nebraska’s Attorney General is suing Change Healthcare and United Health Group following a ransomware attack that disrupted medical payment systems statewide. The lawsuit accuses Change Healthcare of negligent security practices, marking a significant step in state-level accountability for cybersecurity failures.
AI Governance Blueprint by U.S. House Task Force
The House Task Force on AI released a comprehensive report with over 80 recommendations for AI regulation, advocating an incremental approach to avoid stifling innovation. This contrasts with Europe’s more restrictive measures and underscores the U.S.'s pro-innovation stance.
Action List for Practitioners
M&A Cybersecurity: Integrate security teams early in acquisition processes to uncover potential risks like legacy vulnerabilities.
Patch Management: Apply updates for Apache Struts and BeyondTrust products to mitigate critical vulnerabilities.
Threat Intelligence: Share IOCs from Russian APT and Bitter group attacks to strengthen defenses.
Cisco Response: Review and secure configurations if using Cisco's affected products.
Data Privacy: Audit compliance practices to avoid regulatory fines, especially for companies operating in GDPR jurisdictions.
AI Strategy: Align your organization’s AI development with the House Task Force’s principles to stay ahead of potential regulations.
Thanks for tuning in! Subscribe and stay cyber safe!
✅ Story Links:
https://www.securityweek.com/hacker-leaks-cisco-data/
https://therecord.media/meta-fined-263-million-gdpr-violations-data-breach
https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html
https://www.cybersecuritydive.com/news/cisa-pre-ransomware-alerts-double/735785/
https://therecord.media/nebraska-ag-sues-change-healthcare-unitedhealth-after-ransomware-attack
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post