Cyber Bits · · 2 min read

Cyber Bits: May 20, 2024

This week, we dive into the SEC updating its breach disclosure timelines, Microsoft finally forcing all sign-ins to Azure to use MFA, malvertising is back targeting PuTTy and WinSCP, and UnitedHealth confirms it paid the ransom for the attack it suffered several weeks ago.

Cyber Bits: May 20, 2024

This week, we dive into the SEC updating its breach disclosure timelines, Microsoft finally forcing all sign-ins to Azure to use MFA, malvertising is back targeting PuTTy and WinSCP, and UnitedHealth confirms it paid the ransom for the attack it suffered several weeks ago.

SEC gives organizations 30 days to send data breach notifications

Link: Bleeping Computer

The United State's SEC (Securities and Exchange Commission) has updated its regulations affecting specific financial institutions, requiring them to disclose data breach incidents within 30 days of discovery. Originally introduced in 2000, these rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against any potential threats.

Microsoft to start enforcing Azure multi-factor authentication

Link: Bleeping Computer

Finally, Microsoft will start forcing MFA for all users signing into Entra ID (formerly Azure) this July. Currently, this change will only affect users with specific administrator roles within a tenant, with further rollouts for CLI, PowerShell, and Terraform sign-ins.

This is a welcomed addition to all Entra ID environments and while we would still recommend forcing all users to use MFA, coupled with specific and dedicated Conditional Access policies, progress is progress.

Malvertising targeting PuTTy and WinSCP

Link: Bleeping Computer

Rapid7 recently reported that search engine campaigns were displaying ads for fake installations of PuTTy and WinSCP, specific tools targeted for administrators and their workflows. For those unaware, malvertising is a campaign where attackers purchase Google ads to promote fake download sites for Putty and WinSCP they control.

Given the rise in these attack vectors, we'd recommended avoiding downloading apps from unofficial sources wherever you can. And, if you have to download from the web, stay away from any "promoted" links on Google offering downloads for the same thing.

UnitedHealth confirms it paid ransomware group

Link: Bleeping Computer

UnitedHealth has confirmed it paid a ransom to protect data stolen during a breach it suffered in February. With early estimates reporting the attack caused roughly $872 million in damages, UnitedHealth noted that $22 million of that was paid in a ransom directly to the attackers.

Read next

Cyber Bits: July 8, 2024
Cyber Bits ·

Cyber Bits: July 8, 2024

In this week's Cyber Bits, we look into Cloudflare's BGP incident, a Go-based ransomware variant targeting VMs, Ticketmaster struggling with a ransomware incident, hackers leaking Twilio data, and Cobalt Strike servers being shutdown by the feds.

Cyber Bits: June 24, 2024
Cyber Bits ·

Cyber Bits: June 24, 2024

This week - VMware's urgent security patches, a UEFI vulnerability in Intel PCs, US sanctions on Kaspersky, ransomware attacks on old Android phones, and a breach of 1,590 crypto wallets by North Korean hackers. Stay updated with the latest cybersecurity news and tips.