Last week, cyberattacks from a range of industries (healthcare, government, education, gaming etc.) have led to serious consequences such as data leak of sensitive information and shut-down of services. Furthermore, new malwares, new vulnerabilities and patches have been found.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Australia & U.S cyber agencies warn of IDOR security flaws that got millions of people‘s data stolen. In a joint advisory, the U.S cybersecurity agency CISA and the Australian Cyber Security Centre warns of vulnerabilities, known as insecure direct object references (IDORs), that allows malicious attackers to access or modify sensitive data on an organization’s servers or even send malware to victims due to lack of proper security checks. They are urging vendors and developers to review their code and reduce the prevalence of IDOR vulnerabilities and flaws. Personal, financial, and health information of millions of people have been stolen by this vulnerability globally. Examples include but not limited to the exposure of thousands of medical documents caused by a data breach in LabCorp, the First American Financial security breach that resulted in 800 million personal financial files exposed, and the leak of hundreds of thousands of people’s private data stolen by a global stalkerware network. Medical files of more than 8 million people compromised via the MOVEit mass-hacks. Maximus, a U.S. government services contracting giant, has confirmed that the protected health information of “at least” 8 to 11 million individuals have been accessed via the MOVEit mass-hacks. Maximus has not yet confirmed which specific types of health data were accessed, but they had begun notifying the impacted customers, federal and state regulators of this data breach. Maximus is expecting this data breach to cost approximately $15 million to investigate and remediate. With current additions to the victims’ list of the MOVEit mass-hack, there are currently at least 514 organizations and more than 36 million individuals impacted. CardioComm, provider of heart monitoring technologies, confirms cyberattack downed its services. CardioComm Solutions, a Canadian provider of consumer and professional-grade heart monitoring technologies, has taken their systems offline due to a cyberattack. They stated last Tuesday that due to a cyberattack, their business operations will be “impacted for several days and potentially longer”. A number of CardioComm’s products and services were affected by the outrage, which includes the HeartCheck CardiBeat, the Global Cardio 3 software, and the Home Flex software. The full extent of the outrage and the number of impacted consumers are not yet known. The details of the nature of the cyberattack were also not shared, but CardioComm did state they are working to restore their data, and to reestablish their production server environments. Also CardioComm stated that as of yet, there is no evidence that their customers’ health information were compromised by the attack. 12 Norwegian Ministries impacted by Ivanti’s EPMM zero-day vulnerability. The Norwegian Security and Service Organization (DSS) have disclosed that 12 Norwegian government agencies have been compromised by a “data attack” last Monday. This attack was via the exploitation of a zero-day vulnerability found in Ivanti’s mobile endpoint management software by hackers. The vulnerability (tracked as CVE-2023-35078) is an authentication bypass flaw that affects all supported versions of Ivanti’s EPMM (Endpoint Manager Mobile) software, which allows unauthenticated users to remotely access the software to access users’ personal information such as names, phone numbers, and other mobile device details. The U.S. cybersecurity agency, CISA, warned last Monday that the hackers could create an EPMM administrative account, which would allow them to make further changes to a vulnerable system. Ivanti chief security officer, Daniel Spicer, stated that after the company became aware of the vulnerability, they have released a patch and are engaging with customers to assist them in fixing the flaw. Hawai’i Community College paid the ransom to prevent data leak. The Hawai’i Community College (UH) admitted that they had paid a ransom to the relatively new NoEscape ransomware gang to prevent the data leak of approximately 28,000 people. As UH explained, after careful consideration of all options and consultation with an external team of cybersecurity experts, they decided to pay the ransom to protect the individuals whose sensitive information might have been compromised. After the ransom was paid, the ransomware gang removed UH from their data leak site. However, restoration of the damaged IT infrastructure is still ongoing, and is expected to be completed by 14 August. UH are also improving their security posture to prevent similar attacks from occuring in the future. However, it is important to note that paying a ransom does not mean that your data would not be leaked. There have been instances in the past whereby attackers have promised to destroy the stolen data but instead continued to extort the victims or released the data anyway. CISA: New Submarine malware used to hack Barracuda ESG appliances. CISA revealed that Submarine, another new malware, was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ network via the exploitation of a now-patched zero-day bug. This new malware is a multi-component backdoor used for detection evasion, persistence and data harvesting. Barracuda has provided guidance to affected customers, advising them to thoroughly review their environments to ensure that other devices within their networks have not been compromised. All Swiss visa appointments canceled across the UK due to “IT incident’. All appointments for Swiss tourist and transit visas have been canceled across the UK due to an ‘IT incident’ that has occurred in TLScontact, the Swiss government's chosen IT provider that facilitates visa applicants, at its London, Manchester and Edinburgh centers. TLScontact has informed that the ‘IT incident’ was not a ransomware attack but rather “technical difficulties with the transfer of customers’ biometric data to the Swiss government servers”. Call of Duty players infected with self-spreading malware. Hackers are infecting players of Call of Duty: Modern Warfare 2, with a malware that spreads automatically in online lobbies. This was alerted after a user warned players of this game, and suggested running an antivirus. After 2 analyses of the malware by different people, it was confirmed that the malware appears to be a worm. The company had brought the game offline while they investigated the reports of the issue. WordPress plugin Ninja Forms vulnerabilities let attackers steal user data. Patchstack researchers found that WordPress form-building plugin, Ninja Forms, contains 3 vulnerabilities (CVE-2023-37979, CVE-2023-38393, CVE-2023-38386) that would allow hackers to achieve privilege escalation and steal user data. These vulnerabilities affected NinjaForms versions 3.6.25 and older. The issues are rated as high-severity, but the CVE-2023-38393 is especially dangerous as the Subscriber role user requirement is incredibly easy to meet. The developers have released version 3.6.26 to fix the vulnerabilities. However, only roughly half of all NinjaForms users have downloaded the latest version, this leaves about 400,000 sites vulnerable to attacks. It is highly recommended for all website administrators who use the Ninja Forms plugin to update to the latest version immediately. If this is not possible, it is highly recommended to disable the plugin from their websites till they can update. Apple released patches for exploited bugs in their Apple products. Apple has released fixes for several security flaws that affect their iPhones, iPad, macOS computers, Apple TV and watches. They warned that some of these bugs have already been exploited. Last Tuesday, CISA warned that threat actors can exploit these vulnerabilities and take control of affected devices. One of the vulnerabilities (CVE-2023-32409) seems to be used to deploy spyware onto victims’ devices. It is highly recommended for users and admins to apply the software updates, and check that automatic patching systems are working properly. Zimbra released a patch for the zero-day vulnerability exploited by attackers. 2 weeks after the initial disclosure, Zimbra has released patches for a zero-day vulnerability (known as CVE-2023-38750) exploited in attacks on Zimbra Collaboration Suite (ZCS) email servers. This vulnerability is a significant threat as it allows attackers to steal sensitive information or execute malicious code on vulnerable systems. CISA warned U.S. federal agencies last Thursday to secure their systems against this vulnerability, and have added this vulnerability to its Known Exploited Vulnerabilities catalog. It is also highly recommended for private companies to prioritize and implement patches for all vulnerabilities listed in this catalog. That is all for last week! Enjoy (to the best you can) the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|