Welcome reader to your CybersecurityHQ report.

Headlines

Pharmacies in the United States are in crisis — in many cases unable to process prescriptions due to a cyberattack on UnitedHealth's Change Healthcare. This is a crucial unit that handles prescription processing for insurance claims for thousands of pharmacies. The attack, disclosed in a regulatory filing on Thursday, apparently compromised some of the company's systems and disrupted prescription processing to insurance companies for payment.

UnitedHealth said the cyberattack could be the work of a nation-state-sponsored hacker group, and their filing assured readers that the effects were isolated. They are working to restore them while cooperating with law enforcement. In the meantime, the American Hospital Association has advised medical facilities to disconnect from UnitedHealth's network until fixes are made.

Cybersecurity firm Avast is set to pay a $16.5 million fine following a Federal Trade Commission (FTC) complaint, which accused the company of selling consumer data to third parties. In Wednesday’s complaint, the FTC alleges Avast collected and sold browsing data without user consent and misled customers about how their data would be used.

The FTC says Avast claimed to block and prevent tracking cookies yet sold the data to over 100 clients, including advertising firms and data brokers. Avast denied the allegations, though they agreed to settle.

In a news story that is incredibly important for its implications rather than the current situation, the ConnectWise ScreenConnect remote desktop management service faces a mass exploitation threat due to a critical security vulnerability, CVE-2024-1709. This is an authentication bypass that allows the unauthorized creation of administrator-level accounts. This vulnerability, coupled with a path-traversal issue (CVE-2024-1708), gives threat actors potential access to tens of thousands of servers and hundreds of thousands of endpoints.

Managed service providers (MSPs), widely utilizing ScreenConnect, are particularly vulnerable, raising fears of downstream attacks on their customers. The vulnerability has attracted the attention of hundreds of initial access brokers and cybercrime gangs, aiming to sell access to ransomware groups. Instances of ransomware deployment, including attacks on local government systems potentially linked to 911 services, have already been observed.

Interesting Read

The SEC has recently introduced a new "Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure" rule — and everyone in the industry is scrambling to fall into compliance. Jeffrey Wheatman, writing in Forbes this week, describes the next steps for companies and cybersecurity professionals in his latest article.

It’s an interesting read for anyone who will be affected by the new SEC mandate. And if you don’t know whether or not you fall into that category, it’s a good idea to read the article.

Employment Tip: Learn About Business

Cybersecurity affects businesses, but exactly how does managing that risk impact a company? If you don’t know or can’t communicate that value proposition clearly to a potential employer, then you need to learn about the businesses your services will be helping.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team