Environment Overview, Pixel tech, and more.
It’s time — we’re not using our exercise bike as a clothes rack anymore! — because the new year is (almost) upon us. For better or worse, it’s time to think about our security resolutions for 2023. We have some we’d like to share for consideration:
- Invest in a password manager. Adding an exclamation point to your dog’s name does not make for a particularly secure account.
- Use phishing-resistant MFA. Fraudulent funds transfer (where threat actors use social engineering to trick employees to wire money to a bank account they control) is representative of 36% of Corvus’s claims last quarter.
- Stay up to date with cyber threats, because it never hurts to be in the know. (We can help you get a headstart with this one).
💡 What's New on the Policyholder Dashboard?
Last month, we announced our new Environment Overview tab on the Policyholder Dashboard. As your partner in cyber risk mitigation, we want it to be clear that you not only have a voice, but that we’re here to listen and respond.
So, what’s changed? By clicking the three dots on the right side of the listed domain, you can click “dispute” to alert Risk + Response to anything that doesn’t look representative of your external perimeter. By having an accurate understanding of your environment, we can provide you with even more valuable security recommendations moving forward.
Check your domains now in the Environment Overview.
Risk + Response Tips
Security tips and service updates from SVP of Risk + Response Lauren Winchester
A 1x1 graphic (about the size of a grain of sand) is present on 30% of the web’s 100,000 most popular destinations. It’s nearly impossible to notice, except for the very targeted ads that follow you across your digital journey.
Why are we talking about it? Pixel technology necessitated a breach notification to 3 million patients at 26 hospitals throughout the Chicago area for (arguably) providing third-party vendors, like Facebook and Google, with personal information.
How does this impact you? Tracking pixels have been found in places they shouldn’t be, like password-protected patient portals. The U.S. Department of Health and Human Services Office for Civil Rights recently released guidance for regulated entities (as this is a potential HIPAA violation). Organizations should review their websites for code relating to tracking technologies and determine if the technology is being used (and if it’s being used correctly).
📌 It’s not just healthcare entities. Since February, 47 proposed class actions allege that Meta pixel sent video consumption data from online platforms to Facebook without user consent, in violation of the Video Privacy Protection Act. Read more about pixel tracking technology (and our guidance for policyholders) here.
Mark your calendars. Get all of your pixel tech questions answered by some of the smartest minds working in cyber risk. Join us on January 5, 2022 @ 12 p.m. EST. Reserve your spot now.
What to watch for this month.
The Corvus Scan is a powerful asset that enables us to identify which policyholders may be at greater risk for vulnerabilities. In response, we send tailored notifications with insights and guidance for remediation. We’ve gathered a monthly round-up of our alerts and threat intel updates below:
Rackspace Microsoft Exchange Ransomware Incident
Cloud services provider, Rackspace Technology, confirmed they suffered a ransomware incident affecting their hosted Microsoft Exchange environment, leading to an ongoing outage lasting multiple days. Read our guidance.
Fortinet Vulnerability Advisory
On December 12, 2022, Fortinet released an advisory detailing a critical security flaw (CVE-2022-42475) in FortiOS SSL-VPN products. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Read our guidance.
Citrix Vulnerability Advisory
On December 13, 2022, Citrix released an advisory detailing a critical security flaw in Citrix Gateway and Citrix Application Delivery Controller (ADC). The security flaw (CVE-2022-27518) allows a remote, unauthenticated attacker to perform arbitrary code execution. Read our guidance.
ICYMI — Our December Threat Intel Updates
- Cuba Ransomware Operation, (Another) LastPass Breach, & Hacks on Redis
- Rackspace Hit By Ransomware, Healthcare Industry, Too, & Google Chrome Vulnerability
- Microsoft Vulnerability, Fortinet Exploited, & Security Tools for Software Development
This newsletter and its contents are intended for general guidance and informational purposes only. This newsletter is under no circumstances intended to be used or considered as specific insurance or information security advice.