Round Up of Major Breaches and Scams
OSF HealthCare System (“OSF”) is mailing letters to its patients advising them of the Blackbaud ransomware incident that has already impacted more than 10 million other patients. On August 20, 2020, OSF’s investigation and review of the Blackbaud database involved in the incident determined that it contained some patient information, including names, addresses, phone numbers, email addresses, dates of birth, treatment facilities, treating physicians, departments of service, room numbers and/or medical record numbers.
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud. Pharma giant Pfizer has leaked the private medical data of prescription-drug users in the U.S. for months or even years, thanks to an unprotected Google Cloud storage bucket. The exposed data includes phone-call transcripts and personally-identifiable information (PII), according to vpnMentor’s cybersecurity research team.
Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github. Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store.
Round Up of Major Malware and Ransomware Incidents
The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack. Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.
Last week, a coalition of cyber-security firms led by Microsoft orchestrated a global takedown against TrickBot, one of today’s largest malware botnets and cybercrime operations. Even if Microsoft brought down TrickBot infrastructure in the first few days, the botnet survived, and TrickBot operators brought new command and control (C&C) servers online in the hopes of continuing their cybercrime spree.
Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems. On October 19th, STM suffered an outage that affected its IT systems, website, and customer support. While these outages did not affect the operation of buses or metro systems, people with disabilities who rely on STM’s door-to-door paratransit service are affected as it uses an online registration system.
The Dickinson County Healthcare System is in the process of a confidential investigation and recovery after the hospital had a ransomware attack on Saturday. A written statement provided to TV6, from the hospital says, ‘DCHS is in the process of responding to a recent security incident involving malicious software (commonly known in the industry as ransomware) that has disrupted access to computer systems at our hospital and clinics. Upon discovery of unauthorized access to our IT system on the morning of Saturday, October 17, we took the utmost precautions to shut down the system to isolate the threat.
A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common. They allow an attacker to present a fake address for a web page – which is a problem in the mobile world, where a URL is often the only verification of legitimacy that users have before navigating to a website.
Round Up of Major Vulnerabilities and Patches
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers. The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China. Chinese state-sponsored cyber activity is “one of the greatest threats” to US National Security Systems, the US Defense Industrial Base, and Department of Defense information networks, the NSA writes in its advisory.
Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software. In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products. CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host.
Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability. The zero-day is tracked as CVE-2020-15999 and is described as a memory corruption bug in the FreeType font rendering library that’s included with standard Chrome distributions. In-the-wild attacks leveraging this FreeType bug were discovered by security researchers from Project Zero, one of Google’s internal security teams.
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco products if they run vulnerable Cisco IOS XR Software versions.
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After Effects, Adobe Photoshop, Adobe Premiere Pro, Adobe Media Encoder, Adobe InDesign and the Adobe Creative Cloud Desktop Application.
An “address bar spoofing” vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there are various signs and security features that could be used to detect when malicious code alters the address bar to display a bogus URL.