Please fill in the form below to subscribe to our blog

The Week in Breach News: 07/03/24 – 07/09/24

July 10, 2024

This week: Third-party data trouble for Roblox, Roll20 rolls a one on its Data Security check, three new phishing simulation kits, the truth about patching and the four most common vulnerabilities revealed during penetration tests. 


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



Roll20

https://techcrunch.com/2024/07/03/roll20-an-online-tabletop-role-playing-game-platform-discloses-data-breach/?guccounter=1

Exploit: Hacking

Roll20: Gaming Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.801 = Severe

Roll20, a popular tabletop gaming platform, disclosed a data breach on June 29, 2024. A hacker accessed their administrative website account, exposing the personal information of all users. The attacker modified one account, which Roll20 quickly corrected. Exposed information may include users’ names, email addresses, last-known IP addresses and the last four digits of credit cards. Roll20 assured users that passwords, full payment information, home addresses and complete credit card numbers were not accessed.

How It Could Affect Your Customers’ Business: Bad actors are finding creative ways to strike organizations like backdoors and supply chain attacks.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


Roblox

https://www.bleepingcomputer.com/news/security/roblox-vendor-data-breach-exposes-dev-conference-attendee-info

Exploit: Third-Party Data Breach

Roblox: Gaming Platform

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.856 = Moderate

Gaming giant Roblox recently announced a data breach affecting attendees of the 2022, 2023, and 2024 Roblox Developer Conference (RDC). That event is promoted as a conference that helps developers network, learn and share knowledge with others through workshops and new tool presentations. The breach occurred through FNTech, the vendor managing conference registrations. The compromised data includes full names, email addresses, and IP addresses of attendees, with 10,386 unique email addresses affected. 

How It Could Affect Your Customers’ Business: Cybersecurity trouble for a vendor is also cybersecurity trouble for all of its customers.

Kaseya to the Rescue:  In The Comprehensive Guide to Third-party and Supply Chain Risk we show you how to mitigate cyber risk from partners and suppliers. DOWNLOAD IT>>


HealthEquity 

https://www.bleepingcomputer.com/news/security/healthequity-data-breach-exposes-protected-health-information

Exploit: Hacking

HealthEquity: Fintech

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

HealthEquity, a provider of health savings account (HSA) services, reported a data breach involving unauthorized access to personal and protected health information of certain members. Hackers used a partner’s compromised account and device to infiltrate HealthEquity’s systems and exfiltrate sensitive health data. HealthEquity promised to offer complimentary credit monitoring and identity restoration services to mitigate the risk for exposed people.  

How It Could Affect Your Customers’ Business: Bad actors are looking for any way to get into a company’s network and steal its data, no matter how small the opening may be.

Kaseya to the Rescue: Our Penetration Testing Buyer’s Guide walks you through the pentesting process to help you find the right pentesting solution for your needs. GET THE GUIDE>>


Alabama State Department of Education

https://www.alreporter.com/2024/07/05/alabama-state-department-of-education-hit-by-cyber-attack-data-breached

Exploit: Hacking

Alabama State Department of Education: Regional Education Authority

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.803 = Moderate

Hackers attacked the Alabama State Department of Education on June 17, potentially stealing names, addresses and Social Security numbers. District officials said that IT personnel were able to restore systems from backups smoothly. Officials advised educators to monitor their credit but clarified that financial information, like credit card and bank routing numbers, was not breached. Both student and employee data may have been compromised.

How It Could Affect Your Customers’ Business: Schools, school districts and other education sector entities have been the top targets for dangerous cyberattacks like ransomware for several years now.

Kaseya to the Rescue:  Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>




Ireland – Patelco Credit Union

https://www.siliconvalley.com/2024/07/05/patelco-makes-minor-restorations-but-no-end-near-for-crippling-bank-cyber-attack/

Exploit: Hacking 

Patelco Credit Union: Financial Institution

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.312 = Extreme

Customers of Dublin-based Patelco Credit Union are seeking answers following a cyberattack last week. The attack has disrupted electronic payments, deposits and transfers, affecting thousands of California residents. Members have been unable to access their statement balances, online payments, direct deposits or other daily functions. Customers can still process some transactions in person. Social Security payments have bounced, and customers have incurred late fees for missed payments. Recently, customers were informed that they can now use Venmo and PayPal for payments and that borrowers will not be penalized or incur fees due to the system attack. There is no word on when full functionality will be restored.

How it Could Affect Your Customers’ Business: Incident response planning is critical for reducing the downtime a business experiences in the wake of a cyberattack.

Kaseya to the Rescue:  Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>


France – Fédération Internationale de l’Automobile (FIA)

https://www.bleepingcomputer.com/news/security/formula-1-governing-body-discloses-data-breach-after-email-hacks

Exploit: Phishing

Fédération Internationale de l’Automobile (FIA) : Sports Governing Body

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.896 = Moderate

The Fédération Internationale de l’Automobile (FIA), the governing body for Formula 1 auto racing, reported a phishing attack that compromised several email accounts, leading to unauthorized access to personal data. The breach involved two FIA email accounts. The FIA has informed both the Swiss and French data protection regulators about the incident. Details such as the breach’s detection time, the number of affected individuals and the specific data exposed have not yet been disclosed.

How it Could Affect Your Customers’ Business: Every network that an organization maintains needs to be ready for cybercriminal incursions.

Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from landing employees. DOWNLOAD IT>> 


Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>


South Africa – National Health Laboratory Service (NHLS)

https://techpoint.africa/2024/07/03/cyber-security-attack-south-africas-healthcare

Exploit: Ransomware

National Health Laboratory Service (NHLS): Testing Lab Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.866 = Severe

South Africa’s National Health Laboratory Service (NHLS) is recovering from a June 22, 2024, ransomware attack that disrupted systems and deleted backups. The breach caused delays in lab testing across public health facilities and made test results inaccessible via the online portal. Although all laboratories are now functional and processing clinical samples, restoring breached data will take weeks. The NHLS assured the public that no patient data was compromised, but the delays have impacted emergency patients and intensive care units nationwide. There is no clear timeline for full system restoration. 

How it Could Affect Your Customers’ Business: Making incident response plans for specific threats like ransomware helps companies bounce back faster.

Kaseya to the Rescue: There are a bewildering array of acronyms used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>> 




New Zealand – Elite Fitness 

https://www.bankinfosecurity.com/new-zealand-fitness-retailer-hit-by-dragonforce-ransomware-a-25718

Exploit: Ransomware

Elite Fitness: Sporting Goods Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

The DragonForce ransomware group has taken responsibility for a ransomware attack on the retailer Elite Fitness. The group claims to have stolen 5.31 gigabytes of data. Unusual activity from an unauthorized third party was detected on one of Elite Fitness’s systems on the night of June 26, 2024. While the company has not disclosed the specific types of data compromised, they have confirmed that both customers and staff are affected. 

How it Could Affect Your Customers’ Business: Security solutions like Managed Detection and Response (MDR) can help minimize the damage and cost of a cybersecurity incident.

Kaseya to the Rescue: Should you rely on a Managed SOC for MDR or build your own SOC? This whitepaper helps clarify the dollars and cents costs of both options. DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



Hot new phishing simulation kits are here


Phishing simulations are known to keep employees on their toes. If you are planning your next cybersecurity training exercise, we now have three new phishing simulation kits available in the BullPhish ID training portal.

  • Adobe – Special Offer With Blank Landing Page
  • Flair Airlines – Flight Rescheduled
  • President’s Choice Financial – Account Locked 

CHECK THEM OUT>>


How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>



Read (and share) our case studies


Business decision-makers have an easier time understanding how a security solution might work for them when they can see its real-life, practical application, especially if that company is in their industry. Our case studies are a great way to showcase the benefits of comprehensive security using sophisticated solutions.

Did you miss… Raising the Bar on Security With Datto EDR and AVDOWNLOAD IT>> 


an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>




Cybercriminals are always looking for new ways to break into networks and systems, but sometimes they don’t have to. Many organizations are neglectful about patching their software and updating firmware to the newest version. This laxity gives cybercriminals the openings they need to slip past security to steal data or deploy ransomware, and they’re ready to exploit every crack in a company’s defenses. Analysts reported a 180% surge in cyberattacks that exploit vulnerabilities in 2023, nearly triple the 2022 average. As that statistic shows, patching and updating is mission critical. Here are a few reasons why you must prioritize patching and updating along with four real-life examples of maintenance-related exploits from Vonahi’s Top 10 Critical Pentest Findings 2024 Report.  


What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>



Here’s why keeping software patched and using the latest versions of operating systems and firmware is vital for cybersecurity. 

1. Protection Against Vulnerabilities 

Software vulnerabilities are flaws or weaknesses in a program that can be exploited by attackers to gain unauthorized access or perform malicious activities. These vulnerabilities are often discovered after the software has been released, making patching crucial. Software developers continuously work to identify and fix these vulnerabilities, including zero-day vulnerabilities. By applying the patches and updates that contain those important fixes, IT professionals can protect their systems from being exploited through these known weaknesses. In the case of the MOVEit exploit, many organizations were able to be hit through that vulnerability because they were slow to patch it after the fix was released.  

2. Mitigation of Exploits and Attacks 

Cybercriminals are always on the lookout for unpatched systems as easy targets for their attacks, and your unpatched systems and networks are very attractive. Exploits are often developed to take advantage of vulnerabilities. By ensuring that a company’s software, operating systems and firmware are up to date, IT professionals can significantly reduce that company’s risk of falling victim to these exploits. This proactive approach is essential in maintaining a robust security posture. 



3. Enhanced Performance and Stability 

Updates and patches not only address security vulnerabilities but also often include performance improvements and bug fixes. By keeping your systems updated, you ensure that they run smoothly and efficiently. This stability is crucial for both personal and business environments, as it minimizes downtime and increases productivity. 

4. Compliance with Security Standards and Regulations 

Many industries are governed by strict security standards and regulations that require systems to be regularly updated and patched. Compliance with these standards is not only a legal obligation but also a best practice to ensure the highest level of security. Failure to comply can result in hefty fines and damage to an organization’s reputation. 

5. Protection of Sensitive Data 

Data breaches can have devastating consequences, including financial loss, legal repercussions and reputational damage. Keeping software and systems up to date is a fundamental step in protecting businesses from expensive data breaches. This is especially important for businesses that handle personal information, financial data and intellectual property. 

6. Future-Proofing Your Technology 

Technology evolves rapidly, and newer versions of software and operating systems often come with advanced security features that older versions lack. By staying current with updates, IT professionals can ensure that a company’s systems are equipped with the latest security technologies and practices. This future-proofs your technology, making it more resilient to emerging threats. 




Every year, Vonahi Security releases an informative report about the top 10 exploits they discovered in penetration tests in the prior year. In this year’s top 10 findings, four were the result of neglecting patching and updating. 


Outdated Microsoft windows systems 


An outdated Microsoft Windows system raises several concerns as the system is no longer receiving updates from Microsoft. This could be a prime target for an attacker as these systems typically do not contain the latest security updates, oftentimes leaving them vulnerable to significant threats

Reproduction steps: Use an operating system identification scanner, such as Nmap or Metasploit, to scan the affected targets to identify their specific versions. Alternatively, a network administrator can check the operating system version by logging into the system and viewing the operating system version through the system properties. 

Security impact: An exploited Microsoft Windows system could potentially result in an attacker gaining unauthorized access to the affected system(s). Additionally, depending on the similarities in configurations between the compromised system(s) and other systems within the network, an attacker may be able to pivot from this system to other systems and resources within the environment. 

Recommendations: Replace outdated versions of Microsoft Windows with operating systems that are up-to-date and supported by the manufacturer. 


AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>


Microsoft Windows RCE (BlueKeep) 


During testing, systems were identified that are vulnerable to CVE-2019-0708 (BlueKeep), which is a vulnerability that exists in Microsoft Windows systems. This vulnerability is extremely valuable to an attacker due to the availability of tools and code that could take advantage of this weakness. Successful exploitation of this vulnerability typically results in full access to the exploited system(s). 

Reproduction steps: Using a tool such as Metasploit, use the following module: exploit/windows/rdp/cve_2019_0708_bluekeep_rce Provide the necessary IP address information about the source and target, and type “exploit” to launch the exploit. It should be noted that exploitation of this issue could potentially cause an impact on the availability of the remote system. 

Security impact: By exploiting the BlueKeep vulnerability, an attacker could gain full control over the affected system. This typically leads to additional attacks within the organization, including extraction of cleartext passwords and hashes, along with lateral movement within the network. Since exploitation of this vulnerability does not require privilege escalation on the affected system, an attacker would typically have as much access as they need on the compromised system to start enumerating the system. 

Recommendations: It is recommended to apply security updates on the affected system. Furthermore, the organization should evaluate its patch management program to determine the reason for the lack of security updates. As this vulnerability is a commonly exploited vulnerability and could result in significant access, it should be remediated immediately. 



Microsoft Windows RCE (EternalBlue) 


During testing, systems were identified that are vulnerable to MS17-010 (EternalBlue), which is a vulnerability that exists in Microsoft Windows systems. This vulnerability is extremely valuable to an attacker due to the availability of tools and code that could take advantage of this weakness. Successful exploitation of this vulnerability typically results in full access to the exploited system(s). 

Reproduction steps: Leveraging a tool such as Metasploit, use the smb_ms17_010 module to scan for this vulnerability. 

Security impact: By exploiting the EternalBlue vulnerability, an attacker could gain full control over the affected system. This typically leads to additional attacks within the organization, including extraction of cleartext passwords and hashes, along with lateral movement within the network. Since exploitation of this vulnerability does not require privilege escalation on the affected system, an attacker would typically have as much access as they need on the compromised system to start enumerating the system. 

Recommendations: It is recommended to apply security updates on the affected system. Furthermore, the organization should evaluate its patch management program to determine the reason for the lack of security updates. As this vulnerability is a commonly exploited vulnerability and could result in significant access, it should be remediated immediately. 



Dell EMC iDRAC 7/8 CGI injection (CVE-2018-1207) 


Dell EMC iDRAC7/iDRAC8 is running a version prior to 2.52.52.52, making it vulnerable to a command injection issue tracked as CVE-2018-1207. The vulnerability allows unauthenticated attackers to execute commands with root privileges, thereby giving them complete control over the iDrac device. 

Reproduction steps: Log into the iDRAC web interface h Go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed. h Click on the Update tab. The firmware version is now displayed. Only versions prior to 2.52.52.52 are vulnerable. 

Security impact: The vulnerability allows unauthenticated attackers to execute commands with root privileges, thereby giving them complete control over the iDrac device

Recommendations: Upgrade the firmware to the latest possible version. 

As you can see, regularly patching and updating software is essential for preventing cyberattacks through an easily fixed security weakness. As cyber threats evolve and become more sophisticated, maintaining up-to-date software ensures that known vulnerabilities are addressed promptly, reducing the risk of exploitation. By prioritizing regular updates, organizations can protect their data, maintain the integrity of their systems and foster a more secure digital environment. Don’t wait for an attack to highlight the importance of patch and update management – make this routine maintenance a key component of your cybersecurity strategy right now.


IDA-CL-Top-5-Cyberthreats-Schools-Face_Resource

Learn about the top cyber threats K-12 schools face and how to mitigate them. DOWNLOAD INFOGRAPHIC>>



Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber-risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.   

BullPhish ID: This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus: Graphus is a cutting-edge, automated phishing defense solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone solution or supercharges your Microsoft 365 and Google Workspace email security. 

RocketCyber Managed SOC: Our managed detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.    

Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero-days and ransomware, with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.

Vonahi Penetration Testing: How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.

See how our Security Suite can be put to work for you with a personalized demo.




Top Secrets of MDR Revealed

July 18, 2024 | 1 PM ET / 10 AM PT

Join us as we demystify Managed Detection and Response (MDR) We’ll reveal why it’s a must-have solution to your defense-in-depth security architecture. 

  • An insider’s view of how a world-class MDR service operates, from threat detection to incident response.
  • Common misconceptions about MDR, including what it can and can’t do.
  • Key factors to consider when selecting an MDR provider.
  • The differences between MDR and managed Endpoint Detection and Response (EDR) and why these distinctions matter for your security posture.

This is a must-see webinar! REGISTER NOW>>

July 11: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>

July 16: Kaseya+Datto Connect Local Calgary REGISTER NOW>>

July 23: Discover Your Prospecting Secret Weapon REGISTER NOW>>

August 6: Kaseya+Datto Connect Local Atlanta REGISTER NOW>>

August 8: Kaseya+Datto Connect Local Perth (Australia) REGISTER NOW>>

August 18: Kaseya+Datto Connect Local Perth REGISTER NOW>>

August 22: Kaseya+Datto Local Symposium Long Branch REGISTER NOW>>

August 28: Kaseya+Datto Connect Local New York REGISTER NOW>>

September 19: Kaseya+Datto Connect Local the Netherlands REGISTER NOW>>

October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>

November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>


dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!