CISA Highlights Flaw in MirthConnect Product
The Cybersecurity and Infrastructure Security Agency (CISA) has added a significant vulnerability in NextGen Healthcare's MirthConnect product to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, tracked as CVE-2023-43208, involves a data deserialization issue that can lead to unauthenticated remote code execution. Despite a patch being released with version 4.4.1, more than 1,200 internet-exposed instances remain unpatched and vulnerable.
Action Points:
1. Patch Immediately: Ensure that all instances of MirthConnect are updated to the latest version to mitigate the risk of exploitation.
2. Regular Assessments: Conduct regular vulnerability assessments to identify and address any unpatched systems within your network.
EPA Issues Cybersecurity Alert for U.S. Drinking Water Systems
The Environmental Protection Agency (EPA) has issued an enforcement alert highlighting critical cyber vulnerabilities in U.S. drinking water systems. Inspections since September revealed that over 70% of water systems failed to comply with the Safe Drinking Water Act, with issues ranging from default passwords to inadequate incident response plans.
Action Points:
1. Enhance Security Measures: Reduce internet exposure, change default passwords, and develop comprehensive incident response and recovery plans.
2. Community Outreach: Cybersecurity practitioners should offer their expertise to local water system operators to help them improve their security posture.
OmniVision Discloses Data Leak from Ransomware Attack
OmniVision has revealed that a ransomware attack in September last year resulted in data leakage, including personal identifiable information (PII). The attack, attributed to the Cactus ransomware group, led to the exposure of confidential documents, NDAs, and passport scans.
Action Points:
1. Monitor for Breaches: Utilize identity monitoring and restoration services to mitigate the impact of compromised PII.
2. Strengthen Defenses: Implement advanced threat detection and response mechanisms to prevent future ransomware incidents.
New Variants of Bibi Wiper Malware Identified
Checkpoint has reported new variants of the Bibi Wiper malware, which has been used in cyberattacks primarily targeting Israel and Albania. The malware, linked to Iranian threat groups, aims to prolong downtime by making data restoration more difficult.
Action Points:
1. Update Security Protocols: Ensure robust backup and recovery procedures are in place and regularly tested.
2. Threat Intelligence Sharing: Participate in threat intelligence sharing to stay informed about emerging malware variants and defensive strategies.
Severe Vulnerability Found in FluentBit Logging Utility
Researchers have discovered a severe memory corruption vulnerability in FluentBit, a widely used cloud logging utility. This issue, dubbed "Linguistic Lumberjack," can lead to denial of service, data leakage, or remote code execution.
Action Points:
1. Apply Patches: Update FluentBit to the latest version to address the vulnerability.
2. Review Security Practices: Incorporate regular security reviews of all cloud services and logging utilities used within your infrastructure.
Open Source Security Foundation Launches Threat Sharing Platform
The Open Source Security Foundation has launched a new platform to share information on actively exploited vulnerabilities and attack techniques. This initiative aims to provide an early warning system for the open-source community.
Action Points:
1. Join the Platform: Register and actively participate in the threat sharing platform to stay updated on emerging threats.
2. Contribute Data: Share relevant threat intelligence to help the broader community strengthen its defenses.
Dark Web Market Operator Arrested at JFK Airport
Rui Xiang Lin, the alleged owner of the dark web marketplace Incognito Market, was arrested at JFK Airport. The marketplace facilitated the sale of over $100 million worth of narcotics before being shut down by law enforcement.
Google Challenges Microsoft 365 Dominance
Google has criticized Microsoft's dominance in the public sector, highlighting the risks of using a single vendor for multiple services. This move follows a critical report on Microsoft's security practices, with Google promoting its G Suite as an alternative.
Cyber Force Measure Resurfaces in U.S. House Debate
A bipartisan effort to create a dedicated cyber force within the U.S. military is gaining traction. This initiative aims to address the growing cyber threats facing national security.
CyberArk Acquires Venafi in Major Deal
CyberArk has announced the acquisition of Venafi for $1.5 billion, aiming to enhance its capabilities in machine identity security. This move reflects ongoing consolidation in the cybersecurity industry.
Thank you for tuning in to today's CyberHub Podcast. Stay informed, stay vigilant, and most importantly, stay cyber safe.
✅ Story Links:
https://www.securityweek.com/cisa-warns-of-attacks-exploiting-nextgen-healthcare-mirth-connect-flaw/
https://www.securityweek.com/omnivision-says-personal-information-stolen-in-ransomware-attack/
https://www.cybersecuritydive.com/news/open-source-threat-platform-xz-utils/716585/
https://www.securityweek.com/google-cites-monoculture-risks-in-response-to-csrb-report-on-microsoft/
https://therecord.media/cyber-force-study-house-ndaa-amendment
https://www.securityweek.com/cyberark-to-acquire-machine-identity-firm-venafi-for-1-54-billion/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
✅ Important Links to Follow:
👉Website:
https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Website:
https://www.cyberhubpodcast.com
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our series of podcasts that provide everything from highlighting CISO in our CISOTalk Podcast or our signature CyberHub Podcast giving you the latest news live daily.
Share this post