The latest in cybersecurity:
The latest in cybersecurity: Cl0p, MOVEit, ALPHV Ransomware, Ukraine, SmokeLoader, Ubuntu, Fenix, Windows 11, SiegedSec, NATO, CardioComm, SEC, Genesis Market.
The scale of the Clop crime group’s zero-day attacks on the widely used MOVEit file transfer software continues to grow, with German cybersecurity firm KonBriefing reporting that 455 organizations have now been affected. Recent victims include healthcare risk adjustment firm Cognisight, Pacific Premier Bank, Northwestern Mutual, Transactions Applications Group, Sutter Senior Care, life insurance companies, U.S. colleges, aerospace firm Honeywell, and others. Emsisoft estimates that at least 23 million individuals’ personal details have been stolen by attackers, and ransomware response firm Coveware suggests that the Clop group may have already earned $75 million to $100 million from the MOVEit campaign. The Russian-language Clop group appears to have exploited a zero-day vulnerability in Progress Software’s MOVEit, which was patched on May 31 to block further attacks.
The ALPHV ransomware gang, also known as BlackCat, is attempting to increase the pressure on victims to pay ransom by providing an API for their data leak site, allowing for more visibility of their attacks. The gang’s move follows their breach of Estée Lauder, where the beauty company ignored negotiations for ransom payment. As fewer victims succumb to ransom demands, ransomware gangs like ALPHV are searching for new methods to apply pressure and get the money, making their leaks easily accessible to a broader audience in an attempt that may ultimately fail.
In a recent discovery, Wiz’s researchers found two critical Linux vulnerabilities (CVE-2023-32629 and CVE-2023-2640) in the Ubuntu kernel, posing a significant threat to the over 40 million users of this popular Linux distribution. The flaws allow unprivileged local users to gain elevated privileges, enabling potential attackers to execute arbitrary code and perform malicious activities. The vulnerabilities stem from conflicting changes made to the OverlayFS module, and weaponized exploits for these issues have already been made publicly available, increasing the urgency for users to apply the latest security updates.
The Fenix cybercrime group, based in Mexico, has been actively targeting individuals in Mexico and Chile, using cloned official portals of the tax authorities to deceive victims. They redirect unsuspecting users to these fake websites, offering a supposed security tool for download that instead installs malware on the victims’ systems. This initial stage of malware enables the theft of sensitive information, including credentials. Fenix’s ultimate goal is to act as an initial access broker, gaining entry into various companies in the region and selling the access to ransomware affiliates for further exploitation. Their tactics involve phishing campaigns coinciding with government activities and the creation of typosquatting domains to lure victims into downloading malware disguised as legitimate software like AnyDesk.
In the latest optional cumulative update for Windows 11 version 22H2, Microsoft addresses 27 issues, including problems affecting VPN performance, display, and audio devices. The update aims to improve audio and display device functionality that occasionally disappeared after the system resumed from sleep. Additionally, it enhances VPN performance on wireless mesh networks and ensures that Widgets no longer unexpectedly unpin from the Windows taskbar. While this update does not include security-related fixes, users can opt to install it to test forthcoming improvements before the August 2023 Patch Tuesday release.
NATO’s IT team is currently investigating claims made by the hacking group SiegedSec regarding an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal. The COI Portal serves as NATO’s unclassified information-sharing and collaboration environment for supporting NATO organizations and member nations. On July 25th, SiegedSec posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal, and cybersecurity firm CloudSEK discovered that the leaked data contains sensitive information, unclassified documents, and user account access details. While the NATO spokesperson confirmed the ongoing investigation, SiegedSec’s motives appear to be hacktivism-related, as they emphasize their protest against NATO member countries’ alleged attacks on human rights and describe the attack as a statement-making endeavor with no financial motivations.
In a concerning development, Michigan State University (MSU) has been alerted about a potential data breach that may have exposed personal information of students and employees. The university’s vendors, the National Student Clearinghouse and the Teachers Insurance and Annuity Association, recently informed MSU about the possibility of a leak from their stored data. Both vendors utilized the file transfer software MOVEit, which experienced a breach in May, allowing hackers access to stored information, raising concerns about the data security of millions of individuals, including MSU community members.
CardioComm Solutions, a leading Canadian provider of heart monitoring technologies, has fallen victim to a severe cybersecurity incident. The company’s website is currently inaccessible, leaving consumers concerned about the impact on their heart monitoring devices, including the popular HeartCheck CardiBeat. As CardioComm races to restore its services, questions loom about the nature of the attack and its potential consequences for both customers and employees.
In a recent incident, the Firearms Safety Authority mistakenly leaked the email addresses and names of more than 100 gun owners while notifying them about potential address discrepancies in their listed firearms licenses. The leaked email, which included prominent Auckland residents, was sent from the Auckland City Police District’s firearms email address but bore the signature and logo of the newly established Firearms Safety Authority. The authority confirmed the privacy breach due to human error and is conducting a rapid review of their processes to prevent such incidents in the future. This event adds to concerns about the security of gun owners’ information following the launch of the firearms registry last month, and voices have been raised to establish an independent and trusted firearms authority to handle such sensitive data.
The U.S. Securities and Exchange Commission (SEC) has approved rules requiring publicly traded companies to disclose “material cybersecurity incidents” within four business days after determining their significance. While Democratic commissioners see this as a way to help investors make informed decisions about risks and investments, Republican commissioners argue that such disclosures might provide cybercriminals with a roadmap for targeting companies and maximizing ransom payments. The new disclosure rule, set to take effect in mid-December, aims to bring consistency and comparability to cyber incident reporting and ensure that investors have essential information about potential cyber threats.
In an announcement made by the Biden administration, Harry Coker, a former Navy commander and senior official in the NSA and CIA, has been selected to succeed Chris Inglis as the U.S. National Cyber Director. With over 40 years of public service, including leadership roles in the Navy, CIA, and NSA, Coker is well-equipped to lead the implementation of the nation’s newly developed cybersecurity strategy and navigate the complex relationship between the federal government and tech giants amidst relentless cyber threats.
In a significant development, Dutch police apprehended a suspected super user of the now-defunct Genesis Market, believed to be one of the top 10 most active buyers of stolen digital credentials and compromised computer access. The arrest took place in the Netherlands, where the 32-year-old Dutch citizen faces multiple charges, including identity fraud and possession of stolen payment information. While Genesis Market was taken down in April as part of Operation Cookie Monster, this latest action by the Dutch police underscores the ongoing efforts to apprehend cybercriminals connected to the illicit marketplace.
In a major legal action, Norton Healthcare is facing a federal class action lawsuit filed on behalf of employees and patients affected by a recent cyber attack that exposed personal information stored on the company’s servers. The lawsuit accuses the healthcare provider of failing to notify those impacted by the breach and alleges that a wide range of sensitive data, including names, addresses, social security numbers, medical information, and more, was stolen by hackers. Victims of the breach are concerned about the potential for identity theft and other forms of exploitation, and the lawsuit is seeking compensatory damages and credit monitoring for those affected, among other remedies.
Protect AI, a startup specializing in bolstering the security around AI systems, has announced securing $35 million in a Series A funding round led by Evolution Equity Partners, with participation from Salesforce Ventures and other prominent investors. The funding will be utilized to enhance Protect AI’s platform capabilities, expand their research efforts, and launch new open-source projects. The company’s flagship tool, AI Radar, offers visibility into AI model components, generating a “machine learning bill of materials” to address potential AI security weak points. As AI adoption increases in sensitive industries, Protect AI aims to mitigate risks and create a safer AI-powered world.