CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Website Subscribe

Episode 38: December 12 2022

December 12, 2022 Jim Guckin CyberSecurity News Byte Weekly 30:5343.57M Comments Off on Episode 38: December 12 2022

Links
https://www.wired.com/story/sequoia-hr-data-breach
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare
https://www.bleepingcomputer.com/news/security/hackers-earn-989-750-for-63-zero-days-exploited-at-pwn2own-toronto/
https://www.bleepingcomputer.com/news/security/cisco-discloses-high-severity-ip-phone-zero-day-with-exploit-code/ 

Sequoia Discloses a Data Breach 

  •  Sequoia 
    • “professional employer organization,” or PEO 
    • Human Resources 
    • Payroll 
    • Benefits Management 
    • popular with US startups 
    • more than 500 venture-backed companies. 
  • Early December
    • detected unauthorized access to a cloud storage repository. 
    • Sequoia One customers sensitive and personal data 
      • Names 
      • Addresses 
      • dates of birth 
      • gender 
      • marital status 
      • employment status 
      • Social Security numbers 
      • work email addresses 
      • wage data related to benefits. 
      • ID cards 
      • Covid-19 test results. 
      • vaccine cards 
  • Incident 
    • September 22 and October 6
    • ‘read only,’ access 
    • forensic review by Dell Secureworks 
      • did not see evidence of a data extortion attempt. 
      • did not find any compromised computers or servers 
      • did not see evidence of ongoing unauthorized access to the company’s system 
  • No use of the data so far/ 

 

Health Dept warns of Royal Ransomware 

 

  • Health Sector Cybersecurity Coordination Center (HC3) 
  • U.S. Department of Health and Human Services (HHS) 
  • Thursday 
  • Warning for healthcare organizations 
  • ongoing attacks 
  •  
  • Royal Ransomware 
  • Sept 2022 increasing malicious activities 
  • new operation, the Royal ransomware gang 
  • behind multiple attacks against U.S. healthcare orgs 
  • without affiliates 
  • made up of experienced threat actors who worked for other groups. 
  • First spotted Jan 2022 
  • Initially used encryptors from other gangs like BlackCat, 
  • Quickly designed their own  
  • Zeon which generated Conti-like ransom notes 
  • mid-September, the ransomware gang rebranded again to “Royal” and uses a new encryptor that generates ransom notes with the same name. 
  • Techniques 
  • uses social engineering 
  • trick corporate victims into installing remote access software 
  • phishing attacks where the attackers impersonate software providers and food delivery services. 
  • infecting their targets and encrypting systems 
  • ransom payments ranging from $250,000 to $2 million 
  • hacked Twitter accounts 
  • tweet information on compromised targets to journalists 
  • the attack covered by news outlets 
  • put additional pressure on their victims 
  • Page Break 

Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto 

  • Pwn2Own Toronto 2022 
  • December 6th – 8th 
  • Hacking Competition 
  • Targeted devices 
  • Mobile phones 
  • Home Automation Hubs 
  • Printers 
  • Wireless Routers 
  • NAS 
  • Smart Speakers 
  • All fully updated. 
  • Default configuration 
  • Companies 
  • Canon 
  • HP 
  • Mikrotik 
  • NETGEAR 
  • Sonos 
  • TP-Link 
  • Lexmark 
  • Synology 
  • Ubiquiti 
  • Western Digital 
  • HP. 
  • competitors earning $989,750 
  • 63 zero-day exploits 
  • 66 entries 
  • 36 teams 
  • 14+ countries 
  • No teams signed up for 
  • iPhone 13 
  • Google Pixel 6 
  • hacked a fully patched Samsung Galaxy S22 four times 
  • STAR Labs Team first to exploit 0day 
  • improper input validation attack on their third attempt 
  • earning $50,000 and 5 Master of Pwn points 
  • Sec Researchers with Interrupt Labs and Pentest Limilted 
  • 2nd and 3rd days demoed a 0day in just 55 seconds. 

Page Break 

Cisco discloses high-severity IP phone zero-day 

  • Thursday 
  • Product Security Incident Response Team (PSIRT) 
  • high-severity zero-day vulnerability 
  • latest generation of its IP phones 
  • exposing them to remote code execution and denial of service (DoS) attacks 
  • Proof on Concept Code 
  • vulnerability has been publicly discussed. 
  • PSIRT added that it is not yet aware of any attempts to exploit 
  • has not released security updates to address this bug before disclosure 
  • patch will be available in January 2023. 
  • CVE-2022-20968 
  • caused by insufficient input validation 
  • received Cisco Discovery Protocol packets 
  • unauthenticated 
  • adjacent attackers can exploit to trigger a stack overflow. 
  • Cisco IP phones running 7800 and 8800 Series firmware version 14.2 and earlier. 
  • provides mitigation advice for admins who want to secure vulnerable devices in their environment from potential attacks. 
  • disabling the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery. 
  • not a trivial change and will require diligence on behalf of the enterprise 

CyberSecurity News Byte is a weekly podcast, condensing the latest cybersecurity news, in an easily digestible format. News that you need to know to keep yourself and your organization safe from today’s threats.

Facebook Twitter Instagram

© 2021-2022 All Rights Reserved. Developed By Podcrease