Round Up of Major Breaches and Scams
Prominent U.S. cybersecurity firm FireEye said Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state and local governments and top global corporations. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.
An American healthcare provider is proposing to resolve a lawsuit filed on behalf of victims of a 2019 data breach with a $4.2m settlement. Kalispell Regional Healthcare, based in Montana, announced in October last year that a data breach had occurred. Approximately 130,000 patients had their personal health information (PHI) exposed as a result of a cyber-attack. Criminals used what Kalispell chief executive officer and president Craig Lambrecht described as a “sophisticated phishing attack” to gain access to the email accounts of multiple employees on May 24, 2019.
APT28, one of Russia’s military hacking units, was most likely responsible for hacking the email accounts of the Norwegian Parliament, the Norwegian police secret service (PST) said today. The Norwegian Parliament (Stortinget) hack was disclosed earlier this year on September 1. At the time, Stortinget director Marianne said that hackers gained access to the Parliament’s email system and accessed inboxes for Stortinget employees and government elected officials.
Round Up of Major Malware and Ransomware Incidents
Four Chinese nationals were sentenced last week to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee. The scheme involved Xu Li, the legal representative of Shenzhen Zhipu Technology, a Gionee subsidiary tasked with selling the company’s phones, and the trio of Zhu Ying, Jia Zhengqiang, and Pan Qi, the deputy general manager and software engineers for software firm Beijing Baice Technology.
Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. Netgain offers hosting and cloud IT solutions, including managed IT services and desktop-as-a-service environments, to companies in the healthcare and accounting industry. In a series of emails sent to customers and seen by BleepingComputer, Netgain states that they were victims of a ransomware attack on November 24th, 2020.
Round Up of Major Vulnerabilities and Patches
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.
Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets. Google did not reveal the technical specifics of the critical flaw, tracked as CVE-2020-0458, and will likely not until a majority of handsets are patched. The other nine critical bugs plugged this month by Google are tied to the underlying Qualcomm chipsets and accompanying firmware, common on most Android phones.
Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data from X-ray and MRI machines, or more than 100 models of General Electric medical devices. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices sending patient information over insecure channels.
The final patch Tuesday release from Microsoft for 2020 squashes only the second-fewest number of bugs of the year, but the ones the company chose to repair include some of the most serious vulnerabilities the company has fixed in the past 12 months. Attackers who target the remote code execution vulnerabilities found in some of Microsoft’s premiere enterprise products, including Sharepoint and a version of Exchange, may be more likely to succeed because the weaknesses in both products are the result of logic bugs.
Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. Overall, Adobe issued patches for flaws tied to one important-rated and three critical-severity CVEs, during its regularly scheduled December security updates. The updates follow the company’s November patches, where the company fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions.
The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. Kubernetes (aka K8s), originally developed by Google and now maintained by the Cloud Native Computing Foundation.