Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Law firms are in a precarious position when it comes to cyber risk. These organizations are tasked with storing large amounts of sensitive information — from corporate finances to client data to intellectual property (IP) — and, as such, are finding themselves in the crosshairs of threat actors.

On May 6, 2024, Bishop Fox publicly disclosed a vulnerability along with a proof of concept (PoC) exploit in Citrix NetScaler ADC and Gateway, identified as an unauthenticated out-of-bounds memory read issue in the components used for Authentication, Authorization, and Auditing (AAA).

On May 8, 2024, Ascension Healthcare notified business partners of suspicious activity detected within their systems. They have launched investigations and are actively working on remediation efforts. Consequently, some systems will experience interruptions during this process, such as clinical operations. Ascension is currently working with Mandiant to investigate the compromise and whether sensitive data was affected, if at all.

K-12 schools, colleges, and universities store massive amounts of personal information for students, parents, and employees. This means that, while they may not make the news as much as other breaches, schools, colleges, and universities are under constant attack by modern threat actors.

Classrooms have never been more connected. Many students are issued laptops or tablets instead of textbooks, while teachers and administrators rely on dozens of apps and connected devices like Smartboards to provide instruction, track grades, manage bus schedules, create budgets, and orchestrate countless other school-related activities.

A law firm can only be successful if it can meet the needs of its clients, and few components put that success at risk more than the rising danger and repercussions of a cyber attack. In addition to the time, effort, and money a firm must spend responding to a successful breach, employees may find themselves unable to access the firm’s technology and, therefore, unable to bill hours.

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content.

On April 12, 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information.