Last week, breaches and cyberattacks occurred across several industries from healthcare to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as UnitedHealth confirming that they paid the ransom to stop their patients’ data from being leaked. Furthermore, new vulnerabilities and patches for WP Automatic WordPress and Progress Flowmon have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. U.S. health conglomerate Kaiser notifies 13.4 million customers of data breach. On Thursday, Kaiser posted a notice in which they will be notifying millions of their members of a data breach that occurred earlier this month. The Kaiser Foundation Health Plan confirmed that 13.4 million current and former residents and patients had their information leaked to 3rd party trackers that were installed on their websites and mobile applications. These 3rd party vendors include Google, Microsoft Bing, and X(Twitter). The leaked data may include IP addresses, names, information that could indicate a member or patient has signed into a Kaiser Permanente account or service, details showing how a member or patient interacted with and navigated through the website and mobile app, and search terms used in the health encyclopaedia. Normally, this information is shared with an extensive network of marketers, advertisers, and data brokers. The organisation has stated that the trackers were discovered and removed following a voluntary internal investigation. Additional security measures have also been implemented to prevent this incident from reoccurring. As of now, Kaiser found no evidence of any member’s or patient’s personal information being misused. DPRK hacking groups breached South Korea’s defence contractors to steal information. The National Police Agency in South Korea issued an urgent warning on 23 April that North Korea hacking groups have breached defence industry entities to steal technology information. North Korean hacking groups - Lazarus, Andariel and Kimsuky have been found to have breached S.Korean defence companies via leveraging vulnerabilities in targets’ or subcontractors’ environments to plant malware to exfiltrate data. It was found that multiple companies had been compromised since late 2022 but were unaware of the breach until authorities informed them. The Korean police recommends both defence companies and their subcontractors to improve their network security segmentation, reset their passwords periodically, set up 2FA on all critical accounts, and block foreign IP addresses. LA County Health Services: Data breach has exposed thousands of patients’ data. The LA County of Health Services disclosed a data breach after approximately 6,085 patients’ personal and health information was exposed in a data breach due to a recent phishing attack that impacted over 2 dozen employees. In the data breach notification, 23 employees had their mailboxes compromised after their credentials were stolen in a February attack. Hence, attackers gained access to patients’ personal and health data that were stored in the employees’ email inboxes. The compromised information includes patients’ full name, birth date, home address, phone number, email address, medical record number, client identification number, dates of service, medical information (e.g. diagnosis/condition, treatment, test results, medications), and/or health plan information. Affected individuals are impacted differently. Upon discovering the breach, the organisation disabled the impacted email accounts and quarantined all suspicious incoming emails. No evidence has been found that the attackers have accessed or misused the exposed personal and health information. However, LA County Health Services do advise all affected patients to contact their healthcare providers to verify the content and accuracy of their medical records. UnitedHealth confirmed it paid the ransom to stop data leak. UnitedHealth Group confirmed on Monday that they have paid the ransom to the ransomware gang to protect patient data from being leaked. This followed the February cyberattack on their subsidiary, Change Healthcare. The company also confirmed that files containing personal information were compromised in the breach. In a statement to CNBC, the company said that they are currently working with law enforcement and multiple cybersecurity firms. The company has launched a call centre that will offer free identity theft protections and credit monitoring for 2 years. However, the call centre will not be able to offer any details about individual data impact due to the ongoing investigation and complexity of the data review. Concerned patients can visit their dedicated website for access to resources. Okta warns of a spike in proxy-driven credential stuffing attacks aimed at online services. Okta has warned of a surge in the frequency and scale of credential stuffing attacks aimed at online services. In an alert published, Okta warned that these attacks were facilitated by the broad availability of residential proxy services, lists of previously stolen credentials and scripting tools. Okta stated that they detected a surge in credential stuffing activity against user accounts from 19 April - 26 April 2024, from likely similar infrastructure. It was found that sometimes a user device has been infected with malware and became enrolled as a botnet, which allows threat actors to conceal their malicious traffic. From their observation, it seems that most of the traffic in these credential stuffing attacks appear to originate from the mobile devices and browsers of everyday users. To mitigate the risks of account takeovers, Okta recommends that organisations enforce users to switch to strong passwords, enable 2FA, deny requests originating from locations where they don't operate, and IP addresses with poor reputation, and add support for passkeys. Critical vulnerability in the WP Automatic Wordpress plugin is being exploited: More than 5.5 million attacks detected. Threat actors have started to exploit a critical severity vulnerability (tracked as CVE-2024-27956) in the WP Automatic plugin for Wordpress to create user accounts with administrative privileges and to plant backdoors for long-term access. This plugin is currently installed on more than 30,000 websites. This vulnerability is an SQL injection issue and it impacts WP Automatic versions before 3.9.2.0. It has been observed that more than 5.5 million attacks were trying to leverage this vulnerability, in which most were recorded on 31 March. It is highly recommended for administrators to update the WP Automatic plugin to version 3.92.1 or later. Maximum severity vulnerability found in Progress Flowmon: Patch available now. A top severity security vulnerability (tracked as CVE-2024-2389) in Progress Flowmon, a tool for monitoring network performance and visibility and used by more than 1,500 companies globally, has been found. An attacker can exploit the vulnerability to gain remote unauthenticated access to the Flowmon web interface and execute arbitrary system commands. This vulnerability impacts versions of the product v12.x and v11.x. It is highly encouraged for system administrators to upgrade to the latest releases - v12.3.4 and 11.1.14. The security update was released to all Flowmon customers either via automatic package download system or manually from the vendor's download centre. It is also highly recommended to upgrade all Flowmon modules afterwards. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|