Comments on: Cyber security news October 2021

By: Tomi Engdahl

Tomi Engdahl — Thu, 18 Nov 2021 05:49:11 +0000

https://www.securityinfowatch.com/video-surveillance/article/21243600/congress-passes-bill-banning-new-fcc-equipment-authorizations-for-hikvision-dahua-and-others

By: Tomi Engdahl

Tomi Engdahl — Tue, 02 Nov 2021 06:34:51 +0000

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 12:17:58 +0000

Massachusetts Health Network Hacked; Patient Info Exposed
https://www.securityweek.com/massachusetts-health-network-hacked-patient-info-exposed

A Worcester, Mass. health care network says someone hacked into its employee email system, potentially exposing the personal information of thousands of patients.

UMass Memorial Health notified patients earlier this month if their information was involved in the breach, which occurred between June 2020 and January. The personal data included Social Security numbers, insurance information and medical information, The Telegram & Gazette reported Thursday.

More than 200,000 patients and health plan participants could have been affected by the breach, according to a federal database of cybersecurity incidents at medical facilities.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 12:17:27 +0000

Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation
https://www.securityweek.com/shrootless-macos-vulnerability-found-microsoft-allows-rootkit-installation

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 12:17:08 +0000

12 People Arrested Over Ransomware Attacks on Critical Infrastructure
https://www.securityweek.com/12-people-arrested-over-ransomware-attacks-critical-infrastructure

Europol and Norwegian Police on Friday announced the arrests of 12 individuals suspected of being involved in ransomware attacks launched against companies around the world, including critical infrastructure organizations.

According to Europol, the suspects played various roles in ransomware attacks that impacted more than 1,800 victims across 71 countries, including many major corporations that suffered significant disruptions due to the attacks.

The law enforcement operation targeting the 12 suspects was carried out on October 26 in Ukraine and Switzerland, and it resulted in the seizure of cash, luxury vehicles and electronic devices.

“Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions,” Europol said.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 10:12:47 +0000

Misconfigured Database Leaks 880 Million Medical Records https://www.infosecurity-magazine.com/news/misconfigured-database-leaks-880-m/
Researchers have found an unsecured database leaking over 886 million patient records online, although it’s now confirmed that this was dummy data.. The non-password-protected data trove was found by Jeremiah Fowler and Website Planet and traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu promptly after it was responsibly disclosed.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 10:12:03 +0000

Chaos ransomware targets gamers via fake Minecraft alt lists https://www.bleepingcomputer.com/news/security/chaos-ransomware-targets-gamers-via-fake-minecraft-alt-lists/
The Chaos Ransomware gang encrypts gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.

TA575 criminal group using ‘Squid Game’ lures for Dridex malware https://www.zdnet.com/article/ta575-criminal-group-using-squid-game-lures-for-dridex-malware/
The emails come with subject lines saying things like “Squid Game is back, watch new season before anyone else, ” or pretend to offer victims a spot in the cast of the show’s second season.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 10:11:36 +0000

Remote Desktop Protocol (RDP) Discovery
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
I have noticed a surge in probe against the RDP service in the past 2 weeks. In August, a remote code execution (RCE) critical patch was released to fix an exploit related to CVE-2021-34535 which include a POC to exploit this vulnerability. This vulnerability is also affecting Microsoft Hyper-V Manager “Enhanced Session Mode” [5] and Microsoft Defender’s Application Guard (WDAG).

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 10:11:04 +0000

APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm https://www.darkreading.com/threat-intelligence/apts-teleworking-and-advanced-vpn-exploits-the-perfect-storm
A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.

Security News This Week: The SolarWinds Hackers Are Looking for Their Next Big Score https://www.wired.com/story/solarwinds-hackers-iran-gas-station-hack-ransomware-security-news/
Plus: Gas station hacks in Iran, ransomware arrests in Europe, and more of the week’s top security news.

By: Tomi Engdahl

Tomi Engdahl — Mon, 01 Nov 2021 10:10:17 +0000

Hackers Breach iOS 15, Windows 10, Google Chrome During Massive Cyber Security Onslaught https://www.forbes.com/sites/daveywinder/2021/10/30/hackers-breach-ios-15-windows-10-google-chrome-during-massive-cyber-security-onslaught/
During the weekend of 16-17 October, Chinese hackers went on something of a rampage that saw all but three of the 15 target products breached during the exploit onslaught that was the Tianfu Cup. This annual competition, held in the Sichuan province of Chengdu, has been the go-to for China’s elite hackers since they were banned from participating in similar competitive hacking events outside of the country.