The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024
…
While most Linux distrobutions pushed out fixes fairly quickly, Red Hat had not pushed out a fix until March
Wyden lambasted UHG in a letter sent to Lina Khan and Gary Gensler, chairs of the FTC and SEC respectively, imploring the regulators to investigate the healthcare company’s many failures leading up to the ransomware attack that downed services across the US.
Martin was hired by UHG in 2020 originally as its exec veep of enterprise tech after previously holding the role of acting CEO at GE Digital.
One such critic is Tom Kellermann, SVP of cyber strategy at Contrast Security, who previously told The Register: "I’m blown away by the fact that they weren’t using multi-factor authentication.
Wyden went on to say that even with MFA not being deployed across the entirety of UHG’s IT estate, it probably isn’t the only cybersecurity failing that turned it from an organization that was merely targeted by cybercriminals, to one that was floored by ransomware.
In calling for a full regulatory investigation, Wyden pointed to two historical cases that led to sanctions against companies that were found to have taken a lax approach to data security.
“Accordingly, I urge the FTC and SEC to investigate UHG’s numerous cybersecurity and technology failures, to determine if any federal laws under your jurisdiction were broken, and, as appropriate, hold these senior officials accountable.”
The original article contains 809 words, the summary contains 208 words. Saved 74%. I’m a bot and I’m open source!
Additionally, the souk, where ransomware operators and other miscreants trade pilfered information, showed profile pics of admins Baphomet and ShinyHunters behind bars, which several infosec spectators took to mean that both had been cuffed.
Meanwhile, there has been no official statement from the US Department of Justice or the FBI about the takedown — which is unusual, compared to other high-profile cybercrime busts over the past couple of years.
This particular dark-web souk has been an ongoing thorn in the side for police over the past couple of years, with BreachForums taking over after a similar operation shut down RaidForums in 2022.
“The reconstitution of Breach Forums is not surprising,” said Austin Berglas, also a former FBI agent who now works as global head of professional services at BlueVoyant.
Ensuring that all personnel with access are in custody and offline, identifying and seizing critical infrastructure to include the removal of the entire financial, technical, and communication network is necessary to dismantle and severely limit the ability to reconstitute," he told The Register.
Berglas is a former assistant special agent in charge of the FBI’s New York Office Cyber Branch, and during his tenure the bureau dismantled LulzSec, a group linked to Anonymous, and arrested its leader Sabu in June 2011.
The original article contains 566 words, the summary contains 209 words. Saved 63%. I’m a bot and I’m open source!
“While the system’s firewall did issue an alert upon detecting the intrusion, the absence of backup servers and contingency plans forced a complete shutdown of the affected software and applications.”
securitynews
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.