Cyber Bits · · 2 min read

Cyber Bits: May 20, 2024

This week, we dive into the SEC updating its breach disclosure timelines, Microsoft finally forcing all sign-ins to Azure to use MFA, malvertising is back targeting PuTTy and WinSCP, and UnitedHealth confirms it paid the ransom for the attack it suffered several weeks ago.

Cyber Bits: May 20, 2024

This week, we dive into the SEC updating its breach disclosure timelines, Microsoft finally forcing all sign-ins to Azure to use MFA, malvertising is back targeting PuTTy and WinSCP, and UnitedHealth confirms it paid the ransom for the attack it suffered several weeks ago.

SEC gives organizations 30 days to send data breach notifications

Link: Bleeping Computer

The United State's SEC (Securities and Exchange Commission) has updated its regulations affecting specific financial institutions, requiring them to disclose data breach incidents within 30 days of discovery. Originally introduced in 2000, these rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against any potential threats.

Microsoft to start enforcing Azure multi-factor authentication

Link: Bleeping Computer

Finally, Microsoft will start forcing MFA for all users signing into Entra ID (formerly Azure) this July. Currently, this change will only affect users with specific administrator roles within a tenant, with further rollouts for CLI, PowerShell, and Terraform sign-ins.

This is a welcomed addition to all Entra ID environments and while we would still recommend forcing all users to use MFA, coupled with specific and dedicated Conditional Access policies, progress is progress.

Malvertising targeting PuTTy and WinSCP

Link: Bleeping Computer

Rapid7 recently reported that search engine campaigns were displaying ads for fake installations of PuTTy and WinSCP, specific tools targeted for administrators and their workflows. For those unaware, malvertising is a campaign where attackers purchase Google ads to promote fake download sites for Putty and WinSCP they control.

Given the rise in these attack vectors, we'd recommended avoiding downloading apps from unofficial sources wherever you can. And, if you have to download from the web, stay away from any "promoted" links on Google offering downloads for the same thing.

UnitedHealth confirms it paid ransomware group

Link: Bleeping Computer

UnitedHealth has confirmed it paid a ransom to protect data stolen during a breach it suffered in February. With early estimates reporting the attack caused roughly $872 million in damages, UnitedHealth noted that $22 million of that was paid in a ransom directly to the attackers.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.