Cyber Threat Report: Cyber Security News for 09/30/22

Multiple Cisco Products Impacted by L2 Network Security Control Bypass Flaws 
Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls. Read More

Morgan Stanley Fined $35M by SEC Over Improper Data Disposal
Gurbir Grewal, director of the SEC’s enforcement division, called Morgan Stanley’s failures “astonishing.” Read More

High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks
Recent high-profile cyberattacks have demonstrated the effectiveness of an interesting method for getting past multi-factor authentication (MFA). Read More

Chrome 106 Patches High-Severity Vulnerabilities
Google this week announced the release of Chrome 106 to the stable channel with patches for 20 vulnerabilities, including 16 reported by external researchers. Read More

Dark Patterns, the Tricks Websites Use to Make You Say Yes, Explained
How design can manipulate and coerce you into doing what websites want. Read More

Hackers are Testing a Destructive New Way to Make Ransomware Attacks More Effective
Cybercriminals are testing a new method of cyber extortion. It could be very worrying. Read More

US Organizations Hit by Almost Half of all Ransomware Since 2020
American exceptionalism extends to ransomware as organizations based in the U.S. suffered the greatest number of attacks, ahead of Canada and the U.K. Read More

Stolen Single Sign-on Credentials for Major Firms Available for Sale on the Dark Web
Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500. Read More

Stealthy Hackers Target Military and Weapons Contractors in the Recent Attack
A new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Cisco, announces earlier this week that 4 newly discovered Layer-2 vulnerabilities have been found. Listed as CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, and CVE-2021-27862, each vulnerability is able to bypass the company’s L2 network security controls. Router and switch models running on IOS, IOS XE, IOS XR, and NX-OS software are impacted by the breach. According to the CERT/CC advisory, “An attacker can bypass security controls and deceive a locally connected target host to route traffic to arbitrary destinations.”

Morgan Stanley was fined $35 million by the U.S. Securities and Exchange Commission (SEC) for customer data exposure. Not following protocol, Morgan Stanley hired a moving and storage company to help decommission thousands of old hard drives containing the personal data of over 15 million people. The investment company failed to monitor their contractors in the process, resulting in a third party purchasing those devices from the moving company. The third party then went on to sell the merchandise online while some unencrypted data unknowingly remained intact.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.