TLDR Information Security 2024-05-24

CentroMed data breach πŸ₯, Self Driving IDE πŸ€–, Growing Gift Card Fraud πŸ’³

Attacks & Vulnerabilities

400,000 Impacted by CentroMed Data Breach (3 minute read)

A cyberattack on healthcare provider CentroMed exposed the personal and medical data of 400,000 patients, including names, addresses, birth dates, medical information, Social Security numbers, and financial details. The breach was discovered on May 1st after unauthorized access on April 30th.

Microsoft Pushes Emergency Fix for Windows Server 2019 Update Errors (3 minute read)

Microsoft released an emergency out-of-band update to fix a bug that causes errors when trying to apply the May 2024 patch Tuesday updates in Windows Server 2019. The error is more likely to affect servers without the English (United States) language pack, but has been seen in servers that do as well. Microsoft confirmed that the bug was connected to the English (United States) language pack and that the update will fail if the language pack can't be located.

Canada's London Drugs confirms ransomware attack after LockBit demands $25M (4 minute read)

London Drugs confirmed a ransomware attack stole corporate files with employee information but stated it is unwilling and unable to pay the demanded ransom. Patient/customer databases currently appear uncompromised. LockBit ransomware group claims London Drugs was willing to pay $8 million initially. It is now demanding $25 million to avoid a data leak.
Strategies & Tactics

A Step-By-Step Guide to Securely Upgrading Your EKS Clusters (7 minute read)

A guide to upgrading EKS clusters that includes an overview as well as detailed commands. Kubernetes supports security updates for the current and previous 2 minor versions, which means that version upgrades are frequently necessary. During upgrades, users are responsible for initiating the upgrade and upgrading the data plane whereas AWS manages the control plane upgrades.

The Self-Driving IDE is Coming (12 minute read)

A blog post that describes the difficulty in creating IDE plugins and how Sourcegraph aims to solve this by implementing plugins for its AI assistant, Cody. There are over a dozen popular IDEs that each utilize different APIs, leading to plugin developers needing to reimplement each feature for every IDE, an insurmountable barrier. Sourcegraph is attempting to solve this problem with Cody by utilizing a separate Cody binary to orchestrate interactions with each IDE's API instead of fully implementing each feature for each IDE.

β€œGot that Boomer!”: How Cybercriminals steal OTPs for SIM Swaps and Raiding Bank Accounts (8 minute read)

This article details findings from the leak of logs belonging to Estate, an interception operation that carried out thousands of automated phone calls for phishing attacks. Members can only sign up to Estate with referral codes and once registered can search through breached account passwords for victims. Estate contains automated scripts to convince victims to provide SMS OTPs or credit card security codes.
Launches & Tools

Amplifier (Product Launch)

Amplifier has launched a self-healing AI copilot (Ampy) that helps employees understand the risks they are creating and helps them address the identified issues. The AI copilot guides employees through security protocols, involving them in the process of improving the organization's security posture.

Eraser (GitHub Repo)

Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.

CSTC (Github Repo)

The Cyber Security Transformation Chef (CSTC) is a Burp Suite extension. It enables security experts to extend Burp Suite by chaining simple operations on each incoming or outgoing HTTP message. It can also be used to quickly apply custom formatting on each message.

In Seoul summit, heads of states and companies commit to AI safety (3 minute read)

Government officials and AI industry executives have agreed to apply basic safety measures and establish an international AI safety research network. The agreement will promote a common understanding of AI safety, aligning research, standards, and testing to accelerate advancements.

JAVS courtroom recording software backdoored in supply chain attack (3 minute read)

Rapid7 discovered that attackers had backdoored JAVS courtroom recording software with malware, allowing them to take over systems. JAVS has removed the compromised version and advises reimaging all potentially affected endpoints.

Cyber Signals: Inside the growing risk of gift card fraud (7 minute read)

A Moroccan cybercrime group called Atlas Lion upgraded the gift card scam by compromising retailer portals used to issue gift cards, enabling them to "print" money at will without targeting individual victims. This automated approach eliminates labor-intensive social engineering tactics while maximizing profitability.
Quick Links

UK Watchdog Looking into Microsoft AI Taking Screenshots (2 minute read)

The UK has launched an investigation into the β€œprivacy nightmare” that is Microsoft's recently announced Recall, a feature of its new Copilot+ PCs that stores encrypted screenshots on devices.

2024 Attack Intelligence Report (30 minute read)

This attack report covers zero-day exploits, mass supply chain compromise incidents, and multi-factor authentication woes.

The SEC slaps NYSE's parent company with a $10M fine for not immediately reporting a hack (2 minute read)

The SEC fined Intercontinental Exchange (ICE) $10 million for not promptly reporting a cybersecurity breach to its subsidiaries.
Curated news πŸ“°, research πŸ§‘β€πŸ”¬, and tools πŸ”’ for information security professionals
Join 300,000 readers for