CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 38: December 12 2022

December 12, 2022 Jim Guckin CyberSecurity News Byte 30:5343.57M Comments Off on Episode 38: December 12 2022

Links
https://www.wired.com/story/sequoia-hr-data-breach
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare
https://www.bleepingcomputer.com/news/security/hackers-earn-989-750-for-63-zero-days-exploited-at-pwn2own-toronto/
https://www.bleepingcomputer.com/news/security/cisco-discloses-high-severity-ip-phone-zero-day-with-exploit-code/ 

Sequoia Discloses a Data Breach 

  •  Sequoia 
    • “professional employer organization,” or PEO 
    • Human Resources 
    • Payroll 
    • Benefits Management 
    • popular with US startups 
    • more than 500 venture-backed companies. 
  • Early December
    • detected unauthorized access to a cloud storage repository. 
    • Sequoia One customers sensitive and personal data 
      • Names 
      • Addresses 
      • dates of birth 
      • gender 
      • marital status 
      • employment status 
      • Social Security numbers 
      • work email addresses 
      • wage data related to benefits. 
      • ID cards 
      • Covid-19 test results. 
      • vaccine cards 
  • Incident 
    • September 22 and October 6
    • ‘read only,’ access 
    • forensic review by Dell Secureworks 
      • did not see evidence of a data extortion attempt. 
      • did not find any compromised computers or servers 
      • did not see evidence of ongoing unauthorized access to the company’s system 
  • No use of the data so far/ 

 

Health Dept warns of Royal Ransomware 

 

  • Health Sector Cybersecurity Coordination Center (HC3) 
  • U.S. Department of Health and Human Services (HHS) 
  • Thursday 
  • Warning for healthcare organizations 
  • ongoing attacks 
  •  
  • Royal Ransomware 
  • Sept 2022 increasing malicious activities 
  • new operation, the Royal ransomware gang 
  • behind multiple attacks against U.S. healthcare orgs 
  • without affiliates 
  • made up of experienced threat actors who worked for other groups. 
  • First spotted Jan 2022 
  • Initially used encryptors from other gangs like BlackCat, 
  • Quickly designed their own  
  • Zeon which generated Conti-like ransom notes 
  • mid-September, the ransomware gang rebranded again to “Royal” and uses a new encryptor that generates ransom notes with the same name. 
  • Techniques 
  • uses social engineering 
  • trick corporate victims into installing remote access software 
  • phishing attacks where the attackers impersonate software providers and food delivery services. 
  • infecting their targets and encrypting systems 
  • ransom payments ranging from $250,000 to $2 million 
  • hacked Twitter accounts 
  • tweet information on compromised targets to journalists 
  • the attack covered by news outlets 
  • put additional pressure on their victims 
  • Page Break 

Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto 

  • Pwn2Own Toronto 2022 
  • December 6th – 8th 
  • Hacking Competition 
  • Targeted devices 
  • Mobile phones 
  • Home Automation Hubs 
  • Printers 
  • Wireless Routers 
  • NAS 
  • Smart Speakers 
  • All fully updated. 
  • Default configuration 
  • Companies 
  • Canon 
  • HP 
  • Mikrotik 
  • NETGEAR 
  • Sonos 
  • TP-Link 
  • Lexmark 
  • Synology 
  • Ubiquiti 
  • Western Digital 
  • HP. 
  • competitors earning $989,750 
  • 63 zero-day exploits 
  • 66 entries 
  • 36 teams 
  • 14+ countries 
  • No teams signed up for 
  • iPhone 13 
  • Google Pixel 6 
  • hacked a fully patched Samsung Galaxy S22 four times 
  • STAR Labs Team first to exploit 0day 
  • improper input validation attack on their third attempt 
  • earning $50,000 and 5 Master of Pwn points 
  • Sec Researchers with Interrupt Labs and Pentest Limilted 
  • 2nd and 3rd days demoed a 0day in just 55 seconds. 

Page Break 

Cisco discloses high-severity IP phone zero-day 

  • Thursday 
  • Product Security Incident Response Team (PSIRT) 
  • high-severity zero-day vulnerability 
  • latest generation of its IP phones 
  • exposing them to remote code execution and denial of service (DoS) attacks 
  • Proof on Concept Code 
  • vulnerability has been publicly discussed. 
  • PSIRT added that it is not yet aware of any attempts to exploit 
  • has not released security updates to address this bug before disclosure 
  • patch will be available in January 2023. 
  • CVE-2022-20968 
  • caused by insufficient input validation 
  • received Cisco Discovery Protocol packets 
  • unauthenticated 
  • adjacent attackers can exploit to trigger a stack overflow. 
  • Cisco IP phones running 7800 and 8800 Series firmware version 14.2 and earlier. 
  • provides mitigation advice for admins who want to secure vulnerable devices in their environment from potential attacks. 
  • disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. 
  • not a trivial change and will require diligence on behalf of the enterprise