TLDR Information Security 2024-05-24

Legacy MFT often means inadequate encryption, poor access controls, and insufficient monitoring. And that's before we talk about compliance, compatibility, and user experience.

Time for something better? Kiteworks' Private Content Network lets you do MFT like it's 2024:

➡️ Consolidate policy management, tracking and control, audit logs, file sharing, file transfer, web forms, and APIs.

➡️ Advanced security with hardened virtual appliance, anomaly detection, built-in network firewall and WAF, integrated CDR, DLP, and ATP, and more.

➡️ Exceptional visibility and governance via full integration of NIST CSF for digital rights management.

➡️ Deploy on-premises, private cloud, hybrid cloud, hosted, or FedRAMP.

Get a demo at kiteworks.com >>

A cyberattack on healthcare provider CentroMed exposed the personal and medical data of 400,000 patients, including names, addresses, birth dates, medical information, Social Security numbers, and financial details. The breach was discovered on May 1st after unauthorized access on April 30th.

Microsoft released an emergency out-of-band update to fix a bug that causes errors when trying to apply the May 2024 patch Tuesday updates in Windows Server 2019. The error is more likely to affect servers without the English (United States) language pack, but has been seen in servers that do as well. Microsoft confirmed that the bug was connected to the English (United States) language pack and that the update will fail if the language pack can't be located.

London Drugs confirmed a ransomware attack stole corporate files with employee information but stated it is unwilling and unable to pay the demanded ransom. Patient/customer databases currently appear uncompromised. LockBit ransomware group claims London Drugs was willing to pay $8 million initially. It is now demanding $25 million to avoid a data leak.

A guide to upgrading EKS clusters that includes an overview as well as detailed commands. Kubernetes supports security updates for the current and previous 2 minor versions, which means that version upgrades are frequently necessary. During upgrades, users are responsible for initiating the upgrade and upgrading the data plane whereas AWS manages the control plane upgrades.

A blog post that describes the difficulty in creating IDE plugins and how Sourcegraph aims to solve this by implementing plugins for its AI assistant, Cody. There are over a dozen popular IDEs that each utilize different APIs, leading to plugin developers needing to reimplement each feature for every IDE, an insurmountable barrier. Sourcegraph is attempting to solve this problem with Cody by utilizing a separate Cody binary to orchestrate interactions with each IDE's API instead of fully implementing each feature for each IDE.

This article details findings from the leak of logs belonging to Estate, an interception operation that carried out thousands of automated phone calls for phishing attacks. Members can only sign up to Estate with referral codes and once registered can search through breached account passwords for victims. Estate contains automated scripts to convince victims to provide SMS OTPs or credit card security codes.

Amplifier has launched a self-healing AI copilot (Ampy) that helps employees understand the risks they are creating and helps them address the identified issues. The AI copilot guides employees through security protocols, involving them in the process of improving the organization's security posture.

Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.

The Cyber Security Transformation Chef (CSTC) is a Burp Suite extension. It enables security experts to extend Burp Suite by chaining simple operations on each incoming or outgoing HTTP message. It can also be used to quickly apply custom formatting on each message.

Looking to enhance your application security reporting? Check out Snyk's latest resource Reporting AppSec Risk Up to Your CISO- a guide for you on risk prioritization, risk introduction and measuring your AppSec program. Be proactive on risk reporting and gauge your CISO early on in your application development workflow! Download the guide

Government officials and AI industry executives have agreed to apply basic safety measures and establish an international AI safety research network. The agreement will promote a common understanding of AI safety, aligning research, standards, and testing to accelerate advancements.

Rapid7 discovered that attackers had backdoored JAVS courtroom recording software with malware, allowing them to take over systems. JAVS has removed the compromised version and advises reimaging all potentially affected endpoints.

A Moroccan cybercrime group called Atlas Lion upgraded the gift card scam by compromising retailer portals used to issue gift cards, enabling them to "print" money at will without targeting individual victims. This automated approach eliminates labor-intensive social engineering tactics while maximizing profitability.

The UK has launched an investigation into the “privacy nightmare” that is Microsoft's recently announced Recall, a feature of its new Copilot+ PCs that stores encrypted screenshots on devices.

This attack report covers zero-day exploits, mass supply chain compromise incidents, and multi-factor authentication woes.

The SEC fined Intercontinental Exchange (ICE) $10 million for not promptly reporting a cybersecurity breach to its subsidiaries.