Cyber Security Headlines: Powerball drawing delayed, Australian health record leak, Hushpuppi gets 11-year sentence

$2 billion Powerball drawing delayed by security issues

The record-breaking $2.04 billion Powerball run ended Tuesday after an hours-long delay at the hands of a security issue. The drawing was initially set for Monday but was paused for nearly 10 hours by the Multi-State Lottery Association after the Minnesota Lottery failed to submit required data (such as lottery ticket sales metrics). The drawing commenced on Tuesday morning, and lottery officials confirmed a single victor from Los Angeles County who will take home the world’s largest ever lottery jackpot. A Powerball spokeswoman said, “The delay was necessary to confirm the Powerball drawing could be conducted securely and accurately” but some are now questioning the integrity of the drawing process. 

(Gizmodo and WSJ)

Hackers leak Australian health records on dark web

Earlier this morning, hackers began leaking sensitive medical records stolen from Medibank, an Australian health insurer with nearly 10 million customers, after the firm refused to pay a ransom. The data leaked anonymously on the dark web includes names, birth dates, passport numbers and information on medical claims for hundreds of customers. The hackers also separated victim data into a “naughty” and “nice” list with some on the “naughty” list having codes linking them to drug addiction, alcohol abuse and HIV. Among the victims is Prime Minister Anthony Albanese, himself a Medibank customer, who said the attack was a “wake-up call” for corporate Australia. As Medibank scrambles to contain the leak, it is also staring down the barrel of a potentially-costly class action lawsuit. 

(SecurityWeek)

Hushpuppi gets 11 years in prison for cyber fraud

An Instagram influencer known as ‘Hushpuppi’ has been sentenced to 11 years in prison for conspiring to launder millions of dollars through business email compromise (BEC) scams and other cyber schemes. Forty-year-old Nigerian, Ramon Olorunwa Abbas, admitted to conspiring to launder over $300 million between 2019 and 2022. The U.S. Department of Justice (DoJ) ordered Abbas to pay restitution of $1,732,841 to two confirmed victims, a law firm in the U.S. and a businessperson in Qatar. Abbas used proceeds from his scams to show off a lavish lifestyle on Instagram, gaining him influencer status.

(Bleeping Computer)

Malicious extension lets attackers control Google Chrome remotely

A new Chromium browser botnet named ‘Cloud9’ has been discovered in the wild using browser extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. Cloud9 has also been spotted loading exploits for known vulnerabilities for other browsers including Firefox, Internet Explorer, and Edge. The malicious extension isn’t available on the Chrome web store but is being circulated through alternative channels, like websites pushing fake Adobe Flash Player updates. Researchers at Zimperium have seen Cloud9 infections on systems across the globe and have linked the hackers to the Keksec malware group due to the C2 domains used. Zimperium also believes that Keksec is likely selling/renting the malware to other operators.

(Bleeping Computer)

Thanks to today’s episode sponsor, AppOmni

Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help.

AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com.

Report highlights insider risk is on the rise

A new report from Dtex indicates that 12% of all employees take sensitive intellectual property (IP) with them when they leave an organization. The report also suggests a 55% increase in unsanctioned application usage, which can make data exfiltration easier by allowing users to maintain clipboard history and sync data across multiple devices. The report also highlights a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs. These ‘side gigs’ reportedly leverage corporate data to assist third-party businesses that may be in direct competition with the employer

(Infosecurity Magazine)

You should probably patch that (Patch Tuesday edition)

Microsoft’s November 2022 Patch Tuesday included fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws. Microsoft’s fixes include two that address the actively exploited ProxyNotShell bugs which affect Exchange Server 2019, 2016, and 2013. ProxyNotShell bugs were disclosed in September through Microsoft’s Zero Day Initiative Program by Vietnamese security firm, GTSC. Overall, 11 of the 68 vulnerabilities are classified as ‘Critical’ and allow for privilege elevation, spoofing, or remote code execution. 

Additionally, Citrix issued a bulletin urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Versions of these products prior to 12.1 are not supported and therefore customers will need to upgrade to a supported version to receive security fixes.  

And finally, on Tuesday, VMware released Workspace ONE Assist 22.10 (89993) for Windows customers which addresses three critical severity vulnerabilities that enable remote attackers to bypass authentication and elevate privileges to admin.

(Bleeping Computer [1][2][3])

SMBs fear security budget cuts amidst rising inflation

According to a new report from OpenText Security Solutions, 57% of small and medium-sized businesses (SMBs) are worried about their cybersecurity budgets being slashed due to rising inflation. The report found that, despite many SMBs having suffered a serious attack in the past, budgets are already low, with half (50%) of respondents spending less than $20,000 annually. Only 10% spend more than $50,000 per year and 68% have fewer than five security professionals on staff. That’s not great news considering nearly half (46%) of SMBs polled admitted they have suffered an attack in the past, and 60% indicated they are either not confident or only somewhat confident they could repel an attack..

(Infosecurity Magazine)

CYBER.ORG range expanded to K-12 students nationwide

The CYBER.ORG Range, a no-cost, safe, virtual environment for K-12 students to learn cybersecurity skills, will be expanded to all 50 states. The announcement came from Louisiana Governor John Bel Edwards and Cybersecurity Infrastructure Security Agency (CISA) Director Jen Easterly. CYBER.ORG was initially funded by the state of Louisiana, and is now funded by CISA’s Cybersecurity Education and Training Assistance Program (CETAP) grant. The labs in CYBER.ORG give students hands-on cyber security experiences in a safe and controlled virtual environment. The platform also helps prepare students for the CompTIA Security+ Exam, which will help lower the barrier to cybersecurity jobs.

(Security Magazine)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.