π What are the latest cybersecurity alerts, incidents, and news?
COLDRIVER Threat Actor, WordPress Vulnerability, POP Chain, Phishing Campaign, MrAnon Stealer, Star Blizzard, Bluetooth Vulnerability, ALDO Ransomware, LockBit Ransomware Gang, East River Medical, Cambridge Hospitals, Groveport Madison, Erris Water Systems, Microsoft CISO, Bitzlato Exchange, New Health Certification, 23andMe.
π¨Β Cyber Alerts
1. Microsoft Warns of COLDRIVER’s Tactics
Β COLDRIVER, also known as Star Blizzard, a Russia-linked threat actor, is intensifying its credential theft activities against entities strategically interesting to Russia while enhancing its detection evasion capabilities. The Microsoft Threat Intelligence team has identified the group’s use of server-side scripts, email marketing services, a domain name service (DNS) provider, password-protected PDF lures, and an upgraded domain generation algorithm in its recent cyber operations.
2. WordPress RCE Vulnerability Fixed
WordPress version 6.4.2 has been released to address a remote code execution (RCE) vulnerability, stemming from a Property Oriented Programming (POP) chain flaw introduced in WordPress core 6.4. The vulnerability, potentially critical when combined with certain plugins or themes, could allow attackers to execute arbitrary PHP code on the target website, emphasizing the importance of updating to the latest version for site administrators.
3. Phishing Delivers MrAnon Stealer
FortiGuard Labs uncovered an email phishing campaign using deceptive hotel booking details to lure victims into downloading a malicious PDF. The PDF, a downloader created with PowerGUI, triggers a PowerShell script to fetch MrAnon Stealer, a Python-based information stealer known for extracting credentials, system details, browser sessions, and cryptocurrency extensions.
4. CISA warns about Russian group Star Blizzard
CISA, along with international partners, issues an advisory on Russia’s Star Blizzard cyber threat, detailing tactics like spear-phishing and impersonation. The joint release emphasizes enhanced cybersecurity measures and secure software development practices to mitigate risks.
5. Bluetooth Flaw Endangers Devices
Β Critical Bluetooth flaw (CVE-2023-45866) enables attackers to bypass authentication, connecting and injecting keystrokes into Android, Linux, macOS, and iOS devices. Successful exploitation allows remote escalation of privilege without additional execution privileges needed, affecting devices since Android 4.2.2.
6. ALDO Shoes Hit by LockBit Ransomware
LockBit ransomware gang targets ALDO Shoes, demanding a ransom with a threat to publish stolen data. ALDO Group claims the incident only affected a franchise partner and was swiftly contained without impacting its own systems or customer data.
7. East River Med Notifies 605k Patients of Data Breach
East River Medical Imaging reported a data breach affecting over 605,000 patients to the U.S. Department of Health and Human Services. The breach, detected on September 20, 2023, exposed sensitive information, including names, Social Security numbers, contact details, insurance information, and medical records, prompting ERMI to collaborate with law enforcement and a cybersecurity firm for investigation and mitigation.
8. Cambridge Hospitals Confirm Excel Breaches
Β Cambridge NHS trust confirms two data breaches, involving patient data disclosed inadvertently in Excel spreadsheets in response to FOI requests. The breaches, revealed by the CEO, occurred in 2021, with one affecting maternity patient records and the other exposing information on cancer patients involved in clinical trials.
9. Groveport Madison Servers Hit by Ransomware
Groveport Madison Schools in Ohio faced a security breach by the BlackSuit ransomware group, impacting the internet and certain devices. The district assured no compromise of student or staff data, implemented security measures, and continued operations while fixing the breach.
10. Erris Water Hacked in Israel Stand
Β Cybercriminals disrupted water supply for 180 homeowners in Erris by targeting equipment from an Israeli manufacturer. The politically motivated attack left residents on the Binghamstown/Drum scheme without water, prompting urgent repairs to the affected system.
11. Microsoft Hires New CISO
Microsoft undergoes a major security leadership restructuring as CISO Bret Arsenault and Deputy CISO Aanchal Gupta are removed. Igor Tsyganskiy, a recent hire, takes over as CISO, focusing on the new ‘Secure Future Initiative’ for enhanced cloud security and faster patches.
12. Bitzlato Founder Admits to Money Laundering
Federal agencies have shown progress in handling cyber threats, bolstering incident response capabilities like detecting and addressing ransomware attacks and breaches. However, some agencies lag in meeting federal requirements for event logging, crucial for effective cyber threat detection and mitigation, highlighting the need for improved implementation of these logging standards across agencies.
13. Joint Commission Launches New Certification
Β The Joint Commission is launching a new voluntary certification program, the Responsible Use of Health Data (RUHD), for hospitals and critical access hospitals to ensure the responsible use of patient data in artificial intelligence initiatives, algorithms, and medical discovery. The certification covers key areas, including data de-identification, controls, limitations on use, algorithm validation, patient transparency, and oversight structure, aiming to address growing concerns over the secondary use of patient data by third parties.
14. 23andMe Shields Against Data Breach Suits
Β 23andMe, facing lawsuits over a data breach, updated its Terms of Use to require mandatory arbitration for disputes, preventing jury trials or class action lawsuits. The move comes after a threat actor’s credential stuffing attack exposed data of 6.9 million users, leading to legal action against the genetic testing provider.
15. LockBit Tops Global Ransomware
LockBit ransomware remains a dominant global threat, implicated in over 25 percent of ransomware and digital extortion (R and DE) attacks globally from January 2022 to September 2023, according to ZeroFox. While its overall proportion in attacks is declining, its adaptability and focus on sectors likely to pay ransoms, such as professional services and finance, make it a persistent menace.
