Skip to content
Home » SIEM Tuning Insights » Cyber Security Brief 5/20/2024

Cyber Security Brief 5/20/2024

Cyber Security brief Blue team in a blue room.

Below is the Cyber Security Brief 5/20/2024 security brief for today:

Hacking Activity

  • A significant ransomware attack on a U.S. healthcare payment processor, Change Healthcare, has been described as the “most serious incident of its kind”⁵.
  • The attack has had widespread effects, crippling the company’s ability to manage customer payments and insurance claims⁵.
  • The company has taken most of its systems offline to prevent the attack from spreading⁵.
  • The outage has prevented doctors from being able to electronically fill prescriptions and has kept insurance providers from reimbursing providers⁵.
  • The attack was carried out using a type of ransomware called Alphv⁵.
  • The same ransomware was used in the devastating attack on MGM Resorts in Las Vegas last year⁵.

Vulnerability Management

  • Microsoft Defender Vulnerability Management has announced new features and updates¹⁴¹⁸.
  • These include the ability to identify, report on, and recommend remediation for common, proprietary, and open-source software components known to have had security issues in the past¹⁴¹⁸.
  • A new AI-generated vulnerability description is now in public preview, providing detailed information on vulnerabilities, their impact, recommended remediation steps, and any additional information, if available¹⁴¹⁸.
  • Nucleus Security, a leading innovator in enterprise risk-based vulnerability management, has been recognized with the Risk-Based Vulnerability Management Award in the 9th Annual Cybersecurity Excellence Awards¹⁴.
  • Linguistic Lumberjack (CVE-2024-4323) is a vulnerability in the Fluent Bit utility that can allow DoS, information disclosure and RCE¹⁶.

CISA Updates

  • The Cybersecurity and Infrastructure Security Agency (CISA) has released several alerts and advisories⁹¹¹¹²¹³.
  • These include a fact sheet on defending OT operations against ongoing Pro-Russia hacktivist activity, and reports of known exploited vulnerabilities⁹¹¹¹²¹³.
  • CISA has also added to its catalog a vulnerability in the R Programming Language⁹¹¹¹²¹³.
  • CISA has warned of hackers exploiting Chrome and EoL D-Link bugs⁸.
  • Eric Goldstein will depart from his role as executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency next month⁹.
  • The FBI, CISA, and HHS advised healthcare organizations to harden their systems to protect against Black Basta ransomware[^10^].

Please note that this is a brief summary and for more detailed information, you should refer to the original sources⁵⁸⁹[^10^]¹¹¹²¹³¹⁴¹⁶¹⁸.

Cyber Security Brief 5/20/2024 Sources:
(1) Ransomware attack on U.S. health care payment processor … – NBC News.
(2) Nucleus Security Wins Prestigious Award for Risk-Based Vulnerability Management.
(3) What’s new in Microsoft Defender Vulnerability Management.
(4) Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies.
(5) CISA official Eric Goldstein to step down next month.
(6) News & Events | CISA.
(7) Cyber Threats and Advisories | Cybersecurity and Infrastructure … – CISA.
(8) Official Alerts & Statements – CISA | CISA.
(9) CISA warns of hackers exploiting Chrome, EoL D-Link bugs.
(10) CISA, HHS warn healthcare of Black Basta ransomware attacks.
(11) Live Cyber Threat Map | Check Point.
(12) Cyber Security News Today – Latest Updates & Research – Cybernews.
(13) Cybersecurity – Latest News, Research and Analysis –
(14) Latest cyber-attack news | The Daily Swig – PortSwigger.
(15) The biggest data breaches, hacks of 2021 | ZDNET.
(16) Data Breaches That Have Happened in 2024 So Far – Updated List –
(17) The Fall of the National Vulnerability Database.
(18) Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE … – Tenable.
(19) Five Trends Shaping The Future Of Vulnerability Management – Forbes.

Last weeks brief.

Cyber Security Brief 5/20/2024

Check out my friend’s site, probably shouldn’t link to a competitor, but it’s all good.

Leave a Reply

Your email address will not be published. Required fields are marked *