<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/13/2024

SHARE

Breaches

20+ hospitals in Romania hit hard by ransomware attack on IT service provider

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems. Romania's National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware - a variant of Phobos. READ MORE...


Bank of America warns customers of data breach after vendor hack

Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year. Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas. READ MORE...

Hacking

Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor

Security researchers recently uncovered a stealthy espionage campaign targeting an Islamic charitable nonprofit organization in Saudi Arabia. The long-term campaign - apparently active since March 2021 - relies on a previously unreported custom backdoor, dubbed Zardoor, researchers at Cisco Talos reported. The malware exfiltrates data from the victim organization - which Cisco did not identify - approximately twice a month. READ MORE...

Trends

Global malicious activity targeting elections is skyrocketing

With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time Magazine notes that 64 countries (plus the European Union) are set to hold national elections this year. According to Time Magazine, "2024 is not just an election year. It's perhaps the election year." READ MORE...

Software Updates

ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities

Siemens has published 15 new advisories that describe - based on SecurityWeek's analysis - a whopping total of 270 unique vulnerabilities found in the company's products. The advisory covering more than half of them describes vulnerabilities in Scalance XCM-/XRM-300 switches. The flaws impact third-party components and most of them were discovered in 2022 and 2023. A majority of these issues have severity ratings of 'critical' or 'high.' READ MORE...


Patch now! Roundcube mail servers are being actively exploited

The Cybersecurity & Infrastructure Security Agency (CISA) has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by March 4, 2024, in order to protect their devices against active threats. We urge other Roundcube Webmail users to take this seriously too. READ MORE...

Malware

Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks

The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from Check Point suspect that the developers behind the initial access tool are contracting with Dark Web exploit traffickers, allowing them to quickly incorporate new exploits for obtaining system-level privileges before such exploits are disclosed to the public. READ MORE...

Exploits/Vulnerabilities

Ivanti Vulnerability Exploited to Deliver New 'DSLog' Backdoor

A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named 'DSLog', security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side request forgery (SSRF) bug identified in the SAML component of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA that could be exploited without authentication to leak sensitive information. READ MORE...


Can a $10 Raspberry Pi break your PC's disk encryption? It's complicated.

Last week, a video by security researcher StackSmashing demonstrated an exploit that could break Microsoft's BitLocker drive encryption in "less than 50 seconds" using a custom PCB and a Raspberry Pi Pico. The exploit works by using the Pi to monitor communication between an external TPM chip and the rest of the laptop, a second-generation ThinkPad X1 Carbon from roughly 2014. READ MORE...

On This Date

  • ...in 1923, US Air Force officer and record-setting test pilot Chuck Yeager, the first human to break the sound barrier, is born in Myra, WV.
  • ...in 1950, musician and former Genesis lead singer Peter Gabriel ("Solsbury Hill", "Sledgehammer") is born in Surrey, England.
  • ...in 1954, Furman University shooting guard Frank Selvy becomes the only NCAA Division I basketball player ever to score 100 points in a single game.
  • ...in 2004, astronomers announce the discovery of the universe's largest known diamond: a white dwarf star, named "Lucy" for the Beatles song "Lucy in the Sky with Diamonds".