A quick summary of what happened this week in the space of cyber security: FDA & CISA: Illumina medical devices found to have vulnerabilities that allow remote hacking Public notifications were put out by the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) to inform healthcare providers about the vulnerabilities found to affect the Universal Copy Service (UCS) component used by several of Illuminia’s medical devices. Illumina’s devices are used for DNA sequencing. They warned that a hacker could remotely take control of the device, or even alter configurations, settings, data or software on the device or the user’s network. They also warned that vulnerabilities found could impact “genomic data results in the instruments intended for clinical diagnosis”. Illumina has put out patches and mitigations. They have also sent out notifications to their customers to “check their instruments and medical devices for signs of potential exploitation of the vulnerability”, and steps customers have to take to prevent potential exploitation. Americold experiencing IT issues since network breach A cold storage and logistics company, Americold, has been experiencing IT issues since their network breach. From employee and customer reports, this attack has affected operations.Americold has estimated that their systems will be down until at least next week. Fortunately, Americold has contained the intrusion, and closed their network to ensure that there is no risk to non-contained areas or customers. The company has requested their customers to cancel all inbounds, and to reschedule all but the most critical outbounds to a later date. Yellow Pages Canada confirms cyberattack after data leak Yellow Pages Canada, a directory publisher has confirmed that they have been hit by a cyber attack. Black Basta, a ransomware and extortion gang, has claimed responsibility and posted sensitive documents and data of employees and customers. Personal information leaked includes but is not limited to: ID documents (e.g. passports and driver licenses), tax documents, sales and purchase agreements, budget and debt forecast dated December 2022 and ‘Accounts Receivable’ spreadsheet dated 28 February 2023. Yellow Pages has notified impacted individuals, and reported to the appropriate privacy regulatory authorities. They also did a thorough investigation with external cybersecurity experts to contain the incident and secure their systems. Black Basta has also breached Capita last month, and Sobeys last year. Microsoft: Cl0P and Lockbit abused PaperCut flaws that caused the hacks Microsoft has attributed the recent attacks of two vulnerabilities in relation to PaperCut application servers to Cl0P and LockBit ransomware affiliate groups. They used them to steal corporate data from vulnerable servers. They have tracked the threat actor called “Lace Tempest” which has exploited the PaperCut vulnerabilities since 13th April to access the corporate network. After which, they deployed the TrueBot malware followed by a Cobalt Strike Beacon implant, which allowed the threat actor to identify and exfiltrate files of interest using Megasync.Some intrusions have led to Lockbit deployment, and Microsoft has noted that more threat actors could follow suit. It is highly recommended for organizations to follow PaperCut’s recommendation to upgrade applications and servers. ViperSoftX upgraded: Now targets password managers and has sophisticated anti-detection techniques ViperSoftX, a cryptocurrency and information-stealing malware, have improved their anti-detection capabilities. TrendMicro researchers found that the latest version of ViperSoftX includes new evasion techniques (stronger code encryption and features) which allows threat actors to execute malware throughout the attack chain seamlessly, and enables them to evade detection by security software. It is also found that the new version has a broader range of targets, which includes KeePass and 1Password password managers. It has been found that ViperSoftX targets both enterprise and consumer sectors, with Australia, the United States, Japan, India, Philippines, Malaysia, Taiwan, Italy and France accounting for over 50% of the detected activity. To avoid this, it is important to ensure that you download software and applications only from official sources, and not unofficial and free sources. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|