CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 41: January 16 2023

January 16, 2023 Jim Guckin CyberSecurity News Byte 32:3246MB Comments Off on Episode 41: January 16 2023

Links

https://www.bankinfosecurity.com/medical-imaging-firm-faces-2-class-actions-in-2022-breach-a-20930

https://shields.com/notice-of-data-security-incident/

https://www.bitdefender.com/blog/hotforsecurity/hackers-disrupt-24-hours-of-le-mans-virtual-esports-event/

https://jimguckin.com/2023/01/16/back-to-work-security-thoughts-to-have/

https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-critical-bugs-in-popular-wordpress-plugins

Medical Imaging Firm Faces 2 Class Actions

  • Shields Health Care Group
    • prominent Massachusetts-based medical imaging services provider
      • 40 locations in New England
        • Including outpatient testing facilities and in hospitals
        • Most locations in Massachusetts
      • touts itself as the “official” provider of MRIs and related medical imaging services to several professional sports teams.
        • New England Patriots
        • the Boston Celtics
        •  the Boston Bruins.
    • facing proposed class action lawsuits in federal and state court
      • 2022 Breach
        • 2 million people were impacted.
      • Federal
        • Consolidation of 7 class action lawsuits
        • Everyone except Massachusetts
      • State
        • Everyone from Massachusetts
      • Claims
        • including negligence
        • recklessness in failing to protect sensitive information.
        • breach of contract
        • invasion of privacy
        • violations of various state laws.
        • failed to notify affected individuals in a timely manner
          • HIPAA
            • breach affecting 500 or more.
              • 60 days report
              • 60 days notify people.
  • Report
    • Ranks top 5 largest US health breaches.
    • U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool
      • reported the incident as a business associate.
      • a hacking incident involving a network server and affecting 2 million individuals.
  • Breach
    • According to Shields notification
    • March 28, 2022, it detected suspicious activity.
    • “an unknown actor” had gained access to certain Shields systems for the two-week period last year between March 7 and March 21.

Hackers disrupt virtual esports event

  • 24 Hours of Le Mans Virtual” competition
    • the biggest esports event in endurance racing
    • real-world FIA drivers compete alongside leading esports players.
    • $250,000 total prizes
    • 5 Rounds
      • Ends with 24-hour finale.
  • What happened?
    • Max Verstappen
      • Who was the Formula 1 World Champion
    • Leading the race by over a minute
    • Thrown out and disconnected.
    • When returned was in 17th?
      • Tried to regain his lead.
    • Quit when he was in 14th.
    • Raged online after
    • Several other drivers reportedly experienced similar problems
    • Earlier in the race, the Le Mans Virtual organizers had confirmed that it had suffered a “suspected security breach”
  • eSports
    • big business
    • multi-million-dollar sponsorship deals
    • gambling

Security Things to Remember as People Return to Work

  • Things to keep top of mind.
    • Employee education of information systems and protocols
    • Know your inventory.
      • Both Data and Physical
    • Delete redundant data.
    • Early detection systems
      • XDR and EDR
    • Data back-ups
    • Zero Trust, Least Privileged or Limiting access.
    • External Security Audits
    • Mutli-Factor Authentication
    • Update all systems before letting on network
    • Op Sec

PoC for critical bugs in popular WordPress plugins

  • WordPress
    • 3 popular plugins
      • 10 of thousands of active installations
      • Paid Memberships Pro
        • membership and subscriptions management tool
      • Easy Digital Downloads
        • e-commerce solution for selling digital files
      • Survey Marker
        • surveys and market research
    • High-severity or critical SQL injection vulnerabilities
    • PoC exploit now public.
  • SQL Injection
    • security flaw
    • allows attackers to input data into form fields or via URLs.
      • that modify database queries to return different data or modify a database.
      • This can be gain access to a site, delete data, inject malicious scripts, etc.
  • Joshua Martinelle
    • Tenable security researcher
    • reported them responsibly to WordPress on December 19, 2022
      • With PoC code
    • disclosed technical details about each vulnerability with proof-of-concept exploits using the SLEEP function to demonstrate how the flaws work
  • Plugin Authors
    • Plugins have been updated to address.
    • All problems fixed (as long as you updated)
  • CVE
    • Paid Memberships Pro –  CVE-2023-23488 (9.8)
      • affects all versions of the plugin older than 2.9.8. Paid Memberships Pro fixed the vulnerability on December 27, 2022, with the release of version 2.9.8.
    • Easy Digital Downloads – CVE-2023-23489 (9.8)
      • impacts all versions below 3.1.0.4, released on January 5, 2023.
    • Survey Marker – CVE-2023-23490 (8.8)
      • Attacker needs to be authenticated.
      • update on December 21, 2022, with version 3.1.2.