Categories
APT Breach Bug CVE Cyber Security Data leak Hacking Malware MiTM Phishing Ransomware Scam Vulnerability

Foreign govt. hackers break into FireEye, Unpatched MiTM vulnerability affects all Kubernetes versions, and more

Major cybersecurity events on 9th December 2020 (Morning Post): Kalispell Regional Healthcare proposes $4.2m data breach settlement. Ransomware forces hosting provider Netgain to take down data centers. Microsoft releases Windows update to fix 58 newly discovered security flaws.

Round Up of Major Breaches and Scams

Cybersecurity Firm FireEye Says Was Hacked by Nation State

Prominent U.S. cybersecurity firm FireEye said Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state and local governments and top global corporations. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.

US Healthcare Provider Proposes $4.2m Data Breach Settlement

An American healthcare provider is proposing to resolve a lawsuit filed on behalf of victims of a 2019 data breach with a $4.2m settlement. Kalispell Regional Healthcare, based in Montana, announced in October last year that a data breach had occurred. Approximately 130,000 patients had their personal health information (PHI) exposed as a result of a cyber-attack. Criminals used what Kalispell chief executive officer and president Craig Lambrecht described as a “sophisticated phishing attack” to gain access to the email accounts of multiple employees on May 24, 2019.

Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

APT28, one of Russia’s military hacking units, was most likely responsible for hacking the email accounts of the Norwegian Parliament, the Norwegian police secret service (PST) said today. The Norwegian Parliament (Stortinget) hack was disclosed earlier this year on September 1. At the time, Stortinget director Marianne said that hackers gained access to the Parliament’s email system and accessed inboxes for Stortinget employees and government elected officials.

Round Up of Major Malware and Ransomware Incidents

Four sentenced to prison for planting malware on 20 million Gionee smartphones

Four Chinese nationals were sentenced last week to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee. The scheme involved Xu Li, the legal representative of Shenzhen Zhipu Technology, a Gionee subsidiary tasked with selling the company’s phones, and the trio of Zhu Ying, Jia Zhengqiang, and Pan Qi, the deputy general manager and software engineers for software firm Beijing Baice Technology.

Ransomware forces hosting provider Netgain to take down data centers

Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. Netgain offers hosting and cloud IT solutions, including managed IT services and desktop-as-a-service environments, to companies in the healthcare and accounting industry. In a series of emails sent to customers and seen by BleepingComputer, Netgain states that they were victims of a ransomware attack on November 24th, 2020.

Round Up of Major Vulnerabilities and Patches

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity. The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets. Google did not reveal the technical specifics of the critical flaw, tracked as CVE-2020-0458, and will likely not until a majority of handsets are patched. The other nine critical bugs plugged this month by Google are tied to the underlying Qualcomm chipsets and accompanying firmware, common on most Android phones.

Bug could expose patient data from GE medical imaging devices, researchers warn

Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data from X-ray and MRI machines, or more than 100 models of General Electric medical devices. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices sending patient information over insecure channels.

Critical fixes to Exchange, Excel in the final Patch Tuesday release of 2020

The final patch Tuesday release from Microsoft for 2020 squashes only the second-fewest number of bugs of the year, but the ones the company chose to repair include some of the most serious vulnerabilities the company has fixed in the past 12 months. Attackers who target the remote code execution vulnerabilities found in some of Microsoft’s premiere enterprise products, including Sharepoint and a version of Exchange, may be more likely to succeed because the weaknesses in both products are the result of logic bugs.

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. Overall, Adobe issued patches for flaws tied to one important-rated and three critical-severity CVEs, during its regularly scheduled December security updates. The updates follow the company’s November patches, where the company fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions.

All Kubernetes versions affected by unpatched MiTM vulnerability

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. Kubernetes (aka K8s), originally developed by Google and now maintained by the Cloud Native Computing Foundation.