Debian Linux Security Advisory 5722-1 - It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5722-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 26, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libvpxCVE ID         : CVE-2024-5197It was discovered that multiple integer overflows in libvpx, amultimedia library for the VP8 and VP9 video codecs, may result indenial of service and potentially the execution of arbitrary code.   For the oldstable distribution (bullseye), this problem has been fixedin version 1.9.0-1+deb11u3.For the stable distribution (bookworm), this problem has been fixed inversion 1.12.0-1+deb12u3.We recommend that you upgrade your libvpx packages.For the detailed security status of libvpx please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libvpxFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ8XGEACgkQEMKTtsN8TjbR3xAAjCKV4coiR5I7kJJmjWma8XZvNs2U6UIr1TMuovp88eglwhfc/ppxfi+i3K4+80Wznd+OqOwPvhOKDkSwR1H+Q1d7l3vRJnHvLOMVzjr8uziabk/P2GdszBWByxFZ9K0iVJZyR0DDhn3gThBuSaPk8Y/9O0vP3ZWl/5cp66b3jdyOl/INVmwfylC8tg2cFIeZJrGTbTI9avbhHvMaxbqvyLIaXM/hvewbN6I0yGhk3y2kasbkyEkDclcgQHzfQc20kPwgcWvJXD5ZD4MEHvXKvjhEfI7SRipgk2wFpxdrxRr/deA9+ZEvW5mnMl0FkuAbOZp0MeqSu1/rWfqdAPy1q0nKJQgnTJ9uLskaYrL+ou/eNvhERD6Vdn5tNpa2pJlNlXkrmxmlUoLPmkgp9mO4EZ0xqaFqarj2KeYipUZMLdU1+19VsWkp+YdmqmrQ1PSIbJ+M+sGCyrStR5V6MSe+FaIW1M+XmGvST98TrHj8MZvjBiqXjjGthhDmXHUhHfY4uM7ivurEjVcPiCJuD+YF7OfuFIxWP7Qoi50JJXeRpo1CYj4CaKwqXpbUQzocfXfiVm9v0I8xeJXhfTxV6K1lowYKTAcJ5u+rfUYYV/Q5nX1D5FqWFPjvNxtgGNF51gBbivEQNja1z7LFVSQs7QtiP6+gXuMFfrBMrhgA/ikO3Mk==AYgJ-----END PGP SIGNATURE-----

Debian Security Advisory 5722-1

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4107.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security and bug fix updateAdvisory ID:        RHSA-2024:4107-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4107Issue date:         2024-06-26Revision:           03CVE Names:          CVE-2022-1048====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)Bug Fix(es):* core: backport rps_default_mask support (JIRA:RHEL-26427)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1048References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2066706https://bugzilla.redhat.com/show_bug.cgi?id=2270881https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-4107-03

Red Hat Security Advisory 2024-4075-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4075.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:4075-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4075Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2024-1086====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1086References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-4075-03

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

Source: Aleksey Funtap via Alamy Stock Photo

COMMENTARY

In the world of cybersecurity, we often hear the saying, "It's not a matter of if, but when." While this is said mostly in reference to security breaches, it could also be used to remind us that secure social habits reduce the likelihood of those breaches happening in the first place.

Throughout my career in cybersecurity, I've observed a high level of security carelessness, even among security professionals. This is problematic because one individual's insecure behavior can cause others to be less secure as well. Remember the human behavior studies that showed the tendency to litter is higher if a person sees litter all around them? It's the same for cybersecurity. If we see insecure behaviors all around us, we are less motivated to improve security practices.

The good news is that change can truly happen, and it can start with one person: you.

**What Are Secure Social Norms, and Why Create Them?**

Social norms typically are informal, unwritten rules that guide acceptable behavior among members of a group or society. Secure social norms can be established at two levels: The general level that focuses on what everyone needs to know about protecting information, and the role-based level that pertains to groups of people performing specific tasks.

Consider the example of protecting personal identifiable information (PII). While organizations are bound to protect the personal information of their employees and customers, it is up to individuals to take action to secure their data, and to help others learn how to do so as well. Not doing this can lead to financial loss, identity theft, and so much more.

Security professionals have a unique opportunity to transform security awareness concepts into social norms and actions. By doing so, we elevate the security culture all around us. Now is the time to step up and become the team member who practices secure behaviors and inspires others to do the same.

**Steps for Establishing Secure Social Norms**

Below are some practices security practitioners can adopt to establish secure social norms for ourselves and everyone around us.

**1\. Make data security relatable and actionable.**

Launching a security awareness campaign that helps people understand PII in tangible, everyday terms can be a great way to teach people how to protect their personal data. Always use brief, clear language to explain security words and topics. When sharing tips and best practices, provide examples. And be sure to spell out the specific actions to take to be more secure, as well as the positive impact it can have.

**2\. Educate people on what constitutes PII and how to protect it.**

The more we use apps and websites, the more important it is to know how our personal information can be accessed, how it might be used, and when we should not share it. Below are some key examples to help develop a security mindset:

*   Safeguard the primary identifier. A Social Security number is the critical primary identifier of an individual within the United States. If you reside outside the US, find out what the primary identifier is for your country.
    
*   Protect your banking information. Your bank account number should be carefully protected. A stolen bank account number can be used to commit fraud on fintech platforms.
    
*   Know other elements that can be considered PII. Your IP address, school, and degree are all PII. When isolated, this information may not be used to identify you. However, when collected and used together, it can pinpoint you.
    
*   Set up multifactor authentication. Adding multifactor authentication is an easy way to protect your accounts. However, numerous organizations ask only for usernames and passwords. This lack of focus on using strong credentials is disappointing. Stolen PII can be used to take over an individual's identity in order to open bank accounts, apply for loans, and more. 
    
*   Beware of social engineering scams. Phishing messages from senders who impersonate close friends and family are common ways fraudsters target individuals. Read the Federal Trade Commission's guidance to learn how to protect yourself.
    
*   Build consistent and secure social norms at places you frequent often. You might not think about protecting your data when going to the supermarket. However, be wary when the checkout clerk asks for your phone number or email address. Don't be embarrassed to ask why they need this information. Develop a habit of being inquisitive about such requests.
    
*   Protect your data when seeking expert advice. If you are looking for professional support like tax or legal services, ask them how they protect your information. Some services may not have the bandwidth to focus on customer data security. Go with a reputable firm that has a lot at stake.
    
*   Safeguard protected health information (PHI). PHI is information in a medical record or designated record set that was created, used, or disclosed in the course of providing a health care service and can be used to identify an individual. 
    
*   Develop a habit of knowing the privacy policy of any website where you open an account. Most websites are required to ask how you want your data to be shared. Choose the option that protects you the most.
    
*   Obtain an identity protection service. It's a no-brainer. It's advisable to freeze your credit in all three credit bureaus: Equifax, Experian, and Transunion. This option is available free of charge and ensures that no new accounts can be fraudulently opened. It isn't sufficient to get protection from just one of the credit bureaus — you need all three.
    

**You Can Make a Difference**

We know much more about security today; the issue is that we don't act on it. If we commit to build secure habits and help others do the same, we can be much better protected. If we don't take action, the costs and its outcome will be significant. Instead of simply hearing about someone else's security breach, we will be the ones affected. Remember, it's not a matter of if, but when.

This content is not intended to provide tax, legal, or financial advice. Please consult your adviser with any questions.

**About the Author(s)**

Director of Information Security, BILL

Sriram Dandapani is a seasoned cybersecurity leader with a strong engineering background and a passion for executing enterprise-wide initiatives critical to the infrastructure. Sriram also enjoys mentoring early-in-career security practitioners and dedicates his time to building security awareness with the engineering community. Before joining BILL, Sriram held leadership and senior technical positions at Lifelock, Nimble Storage, and BT Counterpane. Sriram has a master's in computer science (data science) from the University of Illinois Urbana, Champaign, and has obtained the Stanford LEAD professional certificate for driving innovation and change.

Achieve Next-Level Security Awareness by Creating Secure Social Norms

A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international scale.

In 2012, the al-Qaeda–linked jihadist group Ansar Eddine swept through Timbuktu, taking control of the Malian city. As part of the group’s imposition of sharia law over the residents, it created an Islamic police force, led by Al Hassan Ag Abdoul Aziz. Ansar Eddine controlled the city until 2013, when a military campaign led by France drove the group out.

During his tenure with the police force, Al Hassan helped carry out a campaign of “forced marriages” and floggings of those accused of violating the strict religious rules imposed by Ansar Eddine. He faced 13 counts of crimes against humanity before the International Criminal Court at the Hague. Earlier today, the ICC convicted Al Hassan of war crimes and crimes against humanity, including torture and cruel treatment, for which he could face life in prison.

As part of the case, prosecutors employed a unique strategy of presenting evidence—a bespoke immersive replica of the city that includes visual evidence of where the alleged crimes took place. Created by SITU Research, a visual investigations firm, the platform used to prosecute Al Hassan represents a watershed moment in how evidence of war crimes is presented and the kinds of evidence the ICC might consider in future rulings.

Established in 2002, the ICC is relatively young. Alexa Koenig, a law professor at UC Berkeley, who helped set up the Technology Advisory Board at the ICC, says that the impetus for incorporating new technologies into evidence came as a response to an evaluation from the court that cases relied too heavily on witness testimony.

“Judges were saying that the prosecution had a problem,” says Koenig. “That essentially they were over-relying on the stories of survivors without bringing in the corroborating information needed to meet the evidentiary standards to allow these cases to go forward.”

As more and more evidence of war crimes became digital—through social media content or videos and photos uploaded online—Koenig says, the court has allowed this material to be submitted as evidence, but other tools, like the platform created by SITU Research, are still a nascent way to present evidence. And because cases can take much longer to move through the ICC than another kind of court, Koenig says, the ICC has only begun to reckon with these kinds of questions.

“As people are preserving evidence on places like Facebook or WhatsApp or YouTube, we're going, How do we preserve this in a way that preserves its values for our purposes?” Koenig says. “But also how do we make the content more impactful?”

SITU Research created a similar platform for the ICC prosecution of Ahmad Al Faqi Al Mahdi, also a part of Ansar Eddine, who was accused of destroying sites of cultural heritage in Timbuktu. But al Mahdi pleaded guilty, so the court never had the opportunity to evaluate the platform as a piece of evidence. Al Mahdi was sentenced to nine years in prison in 2016.

“It's kind of challenging to get new tech integrated and admitted as evidence,” says Brad Samuels, founding partner at SITU Research. “And often the technology that's in the world isn't necessarily finding its way into the courtroom quickly.”

The platform allows users to virtually walk through the city of Timbuktu, as well as see it from above. Nested within the virtual re-creation of the city are pieces of video, photo, and audio evidence, showing where and when an event allegedly occurred. For instance, users can explore down a street and encounter an item labeled to a corresponding piece of evidence, click on it, and see a video of a particular moment that shows who was allegedly present and what occurred.

SITU’s platform combines drone footage, satellite imagery, laser scans, and other forms of visual evidence that, Samuels says, allows the judges to see the evidence over time and space in a way that would not otherwise be possible. This is particularly important in cases of crimes against humanity, which require the crimes to be systematic and widespread as opposed to a single, isolated incident. And he says there’s more value to the platform than just helping the judges organize visual evidence that supports witness testimony.

“In the case of Timbuktu, the security situation in Mali has sort of gotten worse and worse. And the judges definitely were not able to go there in person,” Samuels says. For instance, the platform includes the interior of a former bank that functioned as the headquarters of Islamic Police, and another site where someone was flogged.

“It can also become a tool for interviewing witnesses about what they experienced,” Koenig says of SITU’s platform. “If you think about some of the language barriers and cultural barriers, not having a touchpoint like that, have them walk you through what happened to them can be almost guesswork at times of trying to piece together their story, particularly when there's a lot of trauma involved and memories are fragmented or recollections are fragmented.”

Sarah Zarmsky, assistant lecturer at Essex Law School, says, however, that often the defense teams for the accused lack the same resources offered to the prosecution.

“This platform was designed for the prosecution,” she says. “So, while SITU Research does great work, the defense also isn't coming in with that same expertise. And so there are a lot of fair-trial implications there.”

In an article published in 2023, ICC chief prosecutor Karim Khan noted that “the defense sought full access to the virtual platform, and required (and were provided) training and guidance on its use, so that they could also deploy it as needed.”

In the case of the ICC, where the court allows almost all evidence to be submitted and then decides afterward how much weight to assign each piece of evidence, that can mean an overburdened defense team may not have the time to sift through each piece of evidence. For something novel like the platform created by SITU, Zarmsky says, it’s unclear how much weight the court might put on it when it comes down to making a ruling.

But Khan asserted that the “Trial Chamber’s acceptance of the platform shows that the law and procedure of the ICC is ready to accommodate forward-thinking approaches to the presentation of evidence.”

War Crime Prosecutions Enter a New Digital Age

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed.
The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions -

From 2023.0.0 before 2023.0.11
From 2023.1.0 before 2023.1.6, and&

Vulnerability / Data Protection

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed.

The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions -

*   From 2023.0.0 before 2023.0.11
*   From 2023.1.0 before 2023.1.6, and
*   From 2024.0.0 before 2024.0.2

"Improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass," the company said in an advisory released Tuesday.

Progress has also addressed another critical SFTP-associated authentication bypass vulnerability (CVE-2024-5805, CVSS score: 9.1) affecting MOVEit Gateway version 2024.0.0.

Successful exploitation of the flaws could allow attackers to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway systems.

watchTowr Labs has since published additional technical specifics about CVE-2024-5806, with security researchers Aliz Hammond and Sina Kheirkhah noting that it could be weaponized to impersonate any user on the server.

The cybersecurity company further described the flaw as comprising two separate vulnerabilities, one in Progress MOVEit and the other in the IPWorks SSH library.

"While the more devastating vulnerability, the ability to impersonate arbitrary users, is unique to MOVEit, the less impactful (but still very real) forced authentication vulnerability is likely to affect all applications that use the IPWorks SSH server," the researchers said.

Progress Software said the shortcoming in the third-party component "elevates the risk of the original issue" if left unpatched, urging customers to follow the below two steps -

*   Block public inbound RDP access to MOVEit Transfer server(s)
*   Limit outbound access to only known trusted endpoints from MOVEit Transfer server(s)

According to Rapid7, there are three prerequisites to leveraging CVE-2024-5806: Attackers need to have knowledge of an existing username, the target account can authenticate remotely, and the SFTP service is publicly accessible over the internet.

As of June 25, data gathered by Censys shows that there are around 2,700 MOVEit Transfer instances online, most of them located in the U.S., the U.K., Germany, the Netherlands, Canada, Switzerland, Australia, France, Ireland, and Denmark.

With another critical issue in MOVEit Transfer widely abused in a spate of Cl0p ransomware attacks last year (CVE-2023-34362, CVSS score: 9.8), it's essential that users move quickly to update to the latest versions.

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that its Chemical Security Assessment Tool (CSAT) was targeted earlier this January by an unknown threat actor by taking advantage of security flaws in the Ivanti Connect Secure (ICS) appliance (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893).

"This intrusion may have resulted in the potential unauthorized access of Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts," the agency said, adding it found no evidence of data exfiltration.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!

LockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States.

On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25:

LockBit leak site

> “Federal banking is the term for the way the Federal Bank of America distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City and San Francisco.
> 
> 33 terabytes of juicy banking information containing American’s banking secrets.”

The statement ends expressing the group’s disappointment about a negotiator who apparently offered to pay $50,000.

So, you can imagine that everyone was anticipating the end of the countdown that signalled the release of the stolen data with bated breath.

However, when that deadline passed and the data was released, people who looked at the data found it did not, in fact, belong to the Federal Reserve but instead to a particular financial organization: Evolve Bank & Trust.

Overview of the available data

All the links lead to directories containing data that seems to belong to Evolve.

There hasn’t been enough time to do a full analysis of the huge amount of data, but it appears it is only remotely tied to the Federal Reserve by some included links to a Federal Reserve press link from mid-June.

At that time, the US Federal Reserve Board penalized Evolve Bancorp and its subsidiary, Evolve Bank & Trust, for multiple “deficiencies” in the bank’s risk management, anti-money laundering (AML) and compliance practices.

According to the Federal Reserve statement released at the time:

> “In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.”

So, as expected, LockBit drew a lot of attention under false pretences.

The group was disrupted by law enforcement in February of 2024 and their activity diminished as a result. As the ThreatDown monthly ransomware review of May review pointed out:

> “While LockBit is technically still alive, it’s fair to say the group is not what it was: Not only are its attacks dwindling, but in early May law enforcement also revealed the identity of alleged LockBit leader Dmitry Khoroshev, aka LockBitSupp. LockBitSupp, who is now subjected to a series of asset freezes and travel bans, also has a reward of up to $10 million over his head for information that leads to his arrest.”

And recently the FBI announced it had over 7,000 LockBit decryption keys in its possession, allowing it to help victims to recover data encrypted by the gang in past attacks. LockBit ransomware has impacted over 1,800 US victims, according to FBI stats.

Back to the data, it’s good news it appears not to be from the Federal Reserve. However, it’s not good news for customers of Evolve Bank & Trust and their data may well have been stolen and published. And it’s a lot of data.

A lot of data

We’ll keep you updated on this developing story. For now, there’s no official statement from Evolve, but there are general things to know if you think you have been involved in a data breach.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Federal Reserve &#8220;breached&#8221; data may actually belong to Evolve Bank 

Almost immediately after Neiman Marcus began informing customers about a data breach, the alleged data was offered for sale.

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers’ personal information.

The letter tells customers:

> “Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform.”

In the data breach notification, Neiman Marcus says 64,472 people are affected.

An investigation showed that the data contained information such as name, contact data, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers. According to Neiman Marcus, the exposed data does not include gift card PINs. Shortly after the data breach disclosure, a cybercriminal going by the name “Sp1d3r” posted on BreachForums that they were willing to sell the data.

Image courtesy of Daily Dark Web

> “Neiman Marcus not interested in paying to secure data. We give them opportunity to pay and they decline. Now we sell. Enjoy!”

According to Sp1d3r, the data includes name, address, phone, dates of birth, email, last four digits of Social Security Numbers, and much more in 6 billion rows of customer shopping records, employee data, and store information.

Neiman Marcus is reportedly one of the many victims of the Snowflake incident, in which the third-party platform used by many big brands was targeted by cybercriminals. The name Sp1d3r has been associated with the selling of information belonging to other Snowflake customers.

Oddly enough, Sp1d3r’s post seems to have since disappeared.

Later screenshot

Sp1d3r’s post count went down back to 19 instead of the 20 displayed in the screenshot above.

So, the post has either been removed, withdrawn, or hidden for reasons which are currently unknown. As usual, we will keep an eye on how this develops.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Check your exposure**

While matters are still unclear on how much information was involved in the Neiman Marcus breach, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Neiman Marcus confirms breach. Is the customer data already for sale? 

WikiLeaks founder Julian Assange has agreed to plead guilty to one count of espionage in US court on Wednesday, ending a years-long legal battle between the US government and a controversial publisher.

United States prosecutors have secured a deal with WikiLeaks founder Julian Assange requiring the long-embattled publisher to plead guilty to one count of espionage for his role in making public classified documents concerning the US wars in Iraq and Afghanistan.

The agreement, which follows more than a decade of efforts by Assange, 52, to avoid extradition from the United Kingdom, would draw to a close one of the longest-running national security investigations in US history. The deal was first disclosed in court documents made public in the UK.

Assange and his legal team, which have denied the accusations levied by the US, could not be immediately reached for comment.

“Julian Assange is free,” WikiLeaks wrote in a statement posted to X. “He left Belmarsh maximum security prison on the morning of 24 June, after having spent 1901 days there.”

A letter US prosecutors filed in the US District Court for the Northern Mariana Islands on Monday indicates that Assange will enter his guilty plea at a Wednesday hearing in Sapian, the island territory’s capital, having refused to travel to the continental US. He is then expected to return to his home country of Australia, having already served the expected 62-month sentence in London prison.

The case against Assange centers around the publishing of more than 750,000 stolen US documents by WikiLeaks between 2009 and 2011. It has drawn enormous attention for its clear implications on press freedoms internationally. Organizations such as the Committee to Protect Journalists in the US have for years warned the case could severely imperil the ability of journalists to obtain and publish classified information—even though the nation’s highest court has long recognized the right of journalists to do so.

Ahead of the 2016 US presidential election between Hillary Clinton and Donald Trump, WikiLeaks published a trove of emails stolen from the Democratic National Committee. The leak, which embarrassed the DNC and won Assange praise from right-wing figures, was later revealed to be the work of notorious Russian hacking groups known as Cozy Bear and Fancy Bear, both affiliated with Moscow’s GRU military intelligence agency.

US prosecutors initially charged Assange with a single count under the Computer Fraud and Abuse Act for allegedly conspiring with Chelsea Manning, who provided WikiLeaks with the trove of classified material related to the wars in Iraq and Afghanistan, to gain unauthorized access to government computers. Prosecutors later added an additional 17 charges under the Espionage Act—a move widely condemned as an attack on the free press.

Assange, forcibly removed from the Ecuadorian embassy in London in 2019 after seven years asylum, has been held in Belmarsh prison in London pending the outcome of his extradition hearings, which were delayed repeatedly over the course of the Covid-19 pandemic. His attorneys argued that due to his deteriorating mental health, extradition to the US would increase the likelihood of suicide.

US prosecutors secured, on appeal, permission to extradite the award-winning journalist, who married his longtime partner, Stella Moris, while in jail in 2022, by offering UK courts a slate of written assurances. Among other concessions, the US promised not to subject Assange to “special administration measures,” a term referring to the practice of wiretapping certain defendants’ phone calls citing national security concerns.

“This period of our lives, I’m confident now, has come to an end,” said Moris—now Assange—in a video prerecorded last week. “I think by this time next week, Julian will be free.”

Kristinn Hrafnsson, WikiLeaks editor in chief, said in the same video captured outside Belmarsh that he hoped to see Assange for the last time inside its walls. “If you’re seeing this, it means he is out.”

The Julian Assange Saga Is Finally Over

Change Healthcare has detailed the types of medical and patient data that was stolen in a recent ransomware attack.

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack.

First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at pharmacies across the United States. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on. The ransomware group ALPHV claimed responsibility for the attack.

But shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the FBI had seized control over the group’s website. Then a new ransomware group, RansomHub, listed the organization as a victim on its dark web leak site, saying it possessed 4 TB of “highly selective data,” relating to “all Change Health clients that have sensitive data being processed by the company.”

In April, parent company UnitedHealth Group released an update, saying:

> “Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.”

Now, Change Healthcare has detailed the types of medical and patient data that was stolen. Although Change cannot provide exact details for every individual, the exposed information may include:

*   Contact information: Names, addresses, dates of birth, phone numbers, and email addresses.
*   Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers.
*   Health information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.
*   Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.
*   Other personal information: Social Security numbers, driver’s license or state ID numbers, and passport numbers.

Change Healthcare added:

> “The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review.”

Change Healthcare says it will send written letters—as long as it has a person’s address and they haven’t opted out of notifications—once it has concluded the data review.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tag

#sap