[Cybersecurity News] 17 Jun - 24 Jun
Not off to a great start. I forgot to post last week and I'm a day late this week. Still, here it is.
Two Additional Universities Announce Email Compromise
https://threatpost.com/university-breaches-email-threats/145759/
On the heels of OSU (last week), Graceland University in Iowa and Missouri Southern State University also had accounts containing sensitive data compromised. “The higher education landscape is a target-rich environment that criminals are increasingly going after.”
US Launches Cyber Retaliation Against Iran, Iran Strikes Back.
https://news.yahoo.com/pentagon-secretly-struck-back-against-iranian-cyber-spies-targeting-us-ships-234520824.html
https://www.marketwatch.com/story/as-tensions-rise-iranian-hackers-step-up-cyberattacks-against-us-2019-06-22
On Thursday, the US launched cyberattacks against Iran in retaliation for attacks on commercial ships (first story above). Following this, "Iranian hackers have revved up attempts to breach computer systems in the U.S." (second story). Some of you may also remember that it was just over one year ago that Iranian hackers were indicted for hacking into ~150 US Universities (300 worldwide). It's also worth remembering last week's news regarding cyber-attacks between US and Russia against respective power grids.
“hostile takeover of an attack platform belonging to a competing hacking group”
https://arstechnica.com/information-technology/2019/06/researchers-think-nation-sponsored-hackers-attacked-rival-espionage-group/
Related to other nation-state hacking news, it appears one group (possibly Russian) has taken control of the infrastructure belonging to another group (possibly Iranian).
Riviera Beach, Florida pays $600,000 Ransomware Demand
https://arstechnica.com/information-technology/2019/06/a-tale-of-two-cities-why-ransomware-will-just-get-worse/
One interesting and relevant note regarding this article is that ransomware operators are going after larger entities such as cities and businesses, instead of individuals. These targeted attacks mean less “spray and pray” via malicious emails, and more targeted attacks that may include credential theft and privilege escalation before launching the ransomware. “a new trend of targeted ransomware, seeking even bigger payouts, is emerging, in which more sophisticated organizations go specifically after businesses and other organizations more likely to pay out.”
Two Separate Patches Fix Actively Exploited Firefox Vulnerabilities
https://nakedsecurity.sophos.com/2019/06/24/mozilla-patched-two-firefox-zero-day-flaws-in-one-week/
Two major vulnerabilities in a browser within one week is unusual and newsworthy. Please keep your browsers patched!
Critical Oracle WebLogic Vulnerability under Active Attack
https://arstechnica.com/information-technology/2019/06/oracle-issues-emergency-update-to-patch-actively-exploited-weblogic-flaw/
It's painful to patch Oracle/WebLogic many times, segment these systems and don't directly expose them to the internet!
Remote Access/Management Tools Used by MSPs Used to Spread Ransomware
https://www.darkreading.com/attacks-breaches/attackers-exploit-msps-tools-to-distribute-ransomware/d/d-id/1335025
Several Managed Service Providers (MSPs) reportedly had their own software used to spread ransomware to clients. This is not the first time we have seen attackers use legitimate enterprise management tools to spread malware to host systems.
Unauthenticated MongoDB, Open to Internet, Leads to Breach of 78,000 Patients.
https://www.zdnet.com/article/meds-prescriptions-for-78000-patients-left-in-a-database-with-no-password/
As MongoDB does not require authentication by default, there are multiple news stories regarding open databases resulting in breaches. Remember to check your firewall openings!
Personal data of 2.7 million people leaked from Desjardins
https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5183297
In other data breach news, millions of individuals had their records leaked from a Canadian based Credit Union. It appears, based on initial reports, that this was not a sophisticated hacker, but rather an employee at the company that stole these records and sold them online.
Medical Collections Firm Files for Bankruptcy After Breach.
https://krebsonsecurity.com/2019/06/collections-firm-behind-labcorp-quest-breaches-files-for-bankruptcy/
The American Medical Collection Agency (AMCA) made the newsletter about two weeks ago. The collections agency, which handles clients such as Labcorp and Quest Diagnostics, disclosed a data breach of approximately 20 million patients. They are now filing for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers. This is an important reminder of just how costly data breaches can be.
More “Stories of the Week”
https://nakedsecurity.sophos.com/2019/06/24/monday-review-the-hot-20-stories-of-the-week-45/
https://blog.talosintelligence.com/2019/06/threat-source-newsletter-june-20-2019.html