Happy Wednesday!
The FBI released their IC3 Annual Report, and it has some interesting statistics, such has between 2019 and 2023 there have been 3.79 million complaints and $37.4 Billion in total losses. These are "reported" complaints and losses to the IC3 program specifically. Let's be honest, those numbers are much higher because not everyone is going to report that type of information to the FBI/IC3 - either because they are not aware of the process, its availability, or the desire to share the information with the feds. Also in the report, it shows that Phishing is the leader in the crimes across every year. It is a great report to understand the landscape from their perspective.
IC3 Annual Report 2023- Link: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
With that, let’s jump into this week’s cyber security news update.
Change Healthcare - AHA asks for aid, HHS questions HIPAA compliance, and UnitedHealth fronts over $2 billion in recovery efforts
U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) [ok, that's a long name for a single department....] has issued a letter addressing the cyber incident affecting Change Healthcare that states they will be initiating an investigation into the incident
Fortinet warns of severe SQLi vulnerability in FortiClientEMS software
FortiClient Enterprise Management Server (EMS) has recently been patched due to being vulnerable to a RCE attack
Yacht company MarineMax announces cyberattack
MarineMax (Billion-dollar boat seller) has filed an 8K with the SEC on March 12th describing a cyber incident
Link (1): https://therecord.media/boat-seller-marinemax-reports-cyberattack-sec
Global McDonald’s outage blamed on third-party vendor, not cyberattack
McDonalds had to suspend operations in multiple countries last weekend due to an IT outage (per McDonalds)
Link (1): https://www.computerweekly.com/news/366574032/Global-McDonalds-IT-outage-result-of-third-party-error
Network outages hit Birmingham Alabama
Birmingham still experiences outages limiting government services more than a week after a network "disruption"
Cisco closed its $28b all-cash acquisition of Splunk
It is official, Cisco closed the $28 billion acquisition of Splunk!
Link (1): https://www.theregister.com/2024/03/19/cisco_closes_splunk_acquisition/
Microsoft announced deprecation of 1024 bit RSA Keys
Not a lot more to share here, other than it is finally coming to an end - several years after it should have been depreciated
Link (1): https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Fortra FileCatalyst Vulnerability CVE-2024-25153
CVE-2024-25153: (9.8 score) directory traversal within the 'ftpservelet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request - specially crafted JSP files could be used to execute code, including web shells
Link (1): https://www.fortra.com/security/advisory/fi-2024-002
Link (2): https://www.helpnetsecurity.com/2024/03/19/cve-2024-25153-poc-exploit/
Mid-stream hack postpones ESports league
Apex Legends Global Series, an ESport tournament for a shooter game Apex Legends (a $5 million total prize pool!)
Link (1): https://techcrunch.com/2024/03/18/esports-league-postponed-after-players-hacked-midgame/
Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains
Akamai researchers discovered a new means to perform privilege escalation affecting on-premise AD leveraging the DHCP administrators' group
Until next week, it’s Brent Forrest signing off. Be cyber safe my friends!
About the Author: Brent Forrest is a Field CISO with Flair Data Systems. In this role, Brents acts as an advisor to customers that span across different verticals providing guidance to include; developing strategies to reduce risk with existing or modern technology while enabling the business. With over 20 years of experience in the IT industry, Brent has been able to be a part of multiple groups within the IT field spanning from Telecom, Network, Wireless, Infrastructure, and eventually finding his passion within Security. Roughly 20 years of that time was spent within the Oil and Gas industry working across multiple teams and leading initiatives. Specifically with EnLink Midstream, he spent most of his time building resilience and developing the cybersecurity program.
Brent has been with Flair Data for 3 years and is CISSP, C|CISO, CvCISO, & Sec+ certified. In his free time, he likes to spend time with family, working out, or staying up with personal development. He lives in Dallas, Texas with his wife and children.
About: Flair Data Systems is a strategically priced IT solutions company, serving clients in the U.S., with offices in Texas and Colorado. Now a technology industry leader, we began in 1916 as the Porter Burgess Company. Flair Data Systems is your Trusted Advisor for: Collaboration, Unified Communications, Networking, Cloud, Infrastructure, Data Analytics, and Cybersecurity, serving the U.S. We are a trusted cyber security company in Plano, TX.