From the cybersecurity policy front,

• Modern Healthcare reports,
  • “The Centers for Medicare and Medicaid Services is planning oversight of third-party healthcare vendors in the wake of the Change Healthcare cyberattack, said Jonathan Blum, the agency’s principal deputy administrator.
  • “Blum, who also serves as chief operating officer for CMS, said at Modern Healthcare’s Leadership Symposium Thursday that the agency is working to determine what levers it can pull to ensure severe disruptions in care like those linked to the cyberattack on the UnitedHealth Group subsidiary aren’t repeated. 
  • “We will step in to help,” Blum said. * * *
  • “CMS declined to provide any details of its oversight strategy, but said it is collaborating with other partners across the Health and Human Services Department to “promote high-impact cybersecurity practices and enhance accountability for healthcare organizations and their vendors.”
    
• Per Cybersecurity Dive,
  • “Microsoft plans to boost collaboration on deployment practices, testing and other related issues with its security ecosystem partners following the historic July outage that crashed 8.5 million Windows devices, the company said in a Thursday blog post. 
  • “The plan follows a summit the company held Tuesday with U.S. and European endpoint security partners and government officials to address ways to prevent another widespread outage, which was the result of a faulty software update on the CrowdStrike Falcon platform. 
  • “Microsoft said it will make additional investments in Windows, building on security features in Windows 11. Microsoft and its partners raised additional changes designed to boost security capabilities outside of the kernel mode, including anti-tampering protection and security sensor requirements.”

From the cybersecurity vulnerabilities and breaches front,

• HHS Health Sector Cybersecurity Coordination Center, which has been quiet lately, posted its report on August vulnerabilities of interest to the health sector.

• Federal News Network informs us,
  • “Phishing, stolen credentials, and other lapses in basic cybersecurity continue to be a primary avenue available to hackers, including China-linked threat groups such as “Volt Typhoon,” looking to infiltrate U.S. critical infrastructure networks.
  • “That’s the upshot from a new analysis released today [September 13] by the Cybersecurity and Infrastructure Security Agency. The report breaks down the results of 143 Risk Vulnerabilities and Assessments (RVAs) CISA and the U.S. Coast Guard completed in fiscal 2023. The teams probed the cyber defenses of organizations across multiple critical infrastructure sectors.
  • “Ultimately, CISA and Coast Guard teams found they could infiltrate networks using some of the most common attack methods available, such as phishing, valid accounts, and default passwords.
  • “These are really low hanging things that you don’t actually need to be a sophisticated threat actor to take advantage of,” Chris Hilde, chief of risk insights within CISA’s vulnerability management branch, said in an interview with Federal News Network.”

• CISA added eight known exploited vulnerabilities to its catalog this week.
  • September 9, 2024,
    • CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability
    • CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability
    • CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability
  • September 10, 2024,
    • CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
    • CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
    • CVE-2024-38014 Microsoft Windows Installer Privilege Escalation Vulnerability
    • CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
  • September 12, 2024
    • CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability
      
• Per Cybersecurity Dive,
  • “An attacker gained access to Fortinet customer data stored on a third-party cloud-based shared file drive, the company said in a Thursday blog post. The cybersecurity company did not specify when the intrusion took place. 
  • “The breach exposed “a limited number of files” including data related to less than 0.3% of Fortinet customers, the company said. Fortinet ended the second quarter with more than 500,000 customers.
  • “To date there is no indication that this incident has resulted in malicious activity affecting any customers,” Fortinet said in its notice about the incident. “Fortinet’s operations, products, and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource.”

From the ransomware front,

• Cybersecurity Dive points out,
  • “Attackers are actively exploiting a critical vulnerability in SonicWall SonicOS, the software powering the security vendor’s firewalls, according to researchers and federal cyber authorities.
  • “The Cybersecurity and Infrastructure Security Agency added CVE-2024-40766 to its known exploited vulnerabilities catalog on Monday. The software defect impacts SonicWall Gen 5 and Gen 6 devices, and Gen 7 devices running SonicOS version 7.0.1-5035 or older.
  • “SonicWall disclosed and patched the improper access control vulnerability, which has a CVSS of 9.3, on Aug. 22. Arctic Wolf and Rapid7 have observed ransomware groups compromising secure sockets layer VPN accounts on SonicWall devices for initial access in ransomware attacks.”

• SCMedia notes,
  • “The CosmicBeetle ransomware group, also known as NONAME or Spacecolon, may now be an affiliate of RansomHub according to a report by ESET.
  • “The report, published Tuesday, outlines CosmicBeetle’s activities and tactics since its discovery in 2023, although the group is believed to have been active since at least 2020.
  • “In June 2024, an attack using RansomHub’s ransomware and endpoint detection and response (EDR) killer, was investigated by ESET and found to bear similarities to CosmicBeetle’s past activities. This incident led security researchers to say with “medium confidence” that CosmicBeetle has joined RansomHub’s ranks as an affiliate.
  • “The NoName group’s activities identify two critical trends in the current ransomware landscape. First, the complexity of ransomware tools is increasing, and second, ransomware gangs are becoming more organized, experimenting with strategies like affiliate programs and impersonation to extend their reach,” James McQuiggan, a security awareness advocate at KnowBe4, told SC Media in an email.”

From the cybersecurity defenses front,

• Cybersecurity Dive discusses “How to manage the rising tide of Common Vulnerabilities and Exposures (CVE). As the volume and complexity of vulnerabilities grows, organizations are struggling to manage and mitigate the security defects.”

• An ISACA commentator explains “Cybersecurity Compliance Essentials: Balancing Technical and Non-Technical Skills.”

• Intelligent CIO explores “the ever-evolving role of data privacy in the digital landscape.”

• Per Cybersecurity Dive,
  • “The cyber insurance market is expected to see strong growth over the next few years as malicious threat groups continue to target businesses with more sophisticated capabilities, according to a report released Thursday [September 12] by Moody’s Ratings. 
  • “Pricing has largely stabilized with moderate declines, and competition has increased thanks to the entrance of more insurance firms and investors into the market. Insurers are in a better position to manage losses, but loss ratios could increase if there is an uptick in ransomware and large losses, Moody’s said.
  • “Aggregation risk remains a concern for the insurance industry, as revealed by the global Microsoft Windows outage linked to a faulty CrowdStrike software update. Single point of failure risk will likely lead to changes in policy language and other adjustments as concerns remain about supply chain attacks and businesses’ reliance on connected technologies.”