<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/28/2024

SHARE

Top News

Russian hackers hijack Ubiquiti routers to launch stealthy attacks

Russian military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. Military Unit 26165 cyberspies, part of Russia's Main Intelligence Directorate of the General Staff (GRU) and tracked as APT28 and Fancy Bear, are using these hijacked and very popular routers to build extensive botnets that help them steal credentials, collect NTLMv2 digests, and proxy malicious traffic. READ MORE...

Breaches

Change Healthcare outages reportedly caused by ransomware

On Wednesday February 21, 2024, Change Healthcare-a subsidiary of UnitedHealth Group-experienced serious system outages due to a cyberattack. Change Healthcare is one of the largest healthcare technology companies in the United States. Its subsidiary, Optum Solutions, operates the Change Healthcare platform. This platform is the largest payment exchange platform between doctors, pharmacies, healthcare providers, and patients in the US healthcare system. READ MORE...


Hackers Steal Personal Information From Pharma Giant Cencora

Global pharmaceutical solutions provider Cencora on Tuesday disclosed a cyberattack that resulted in personal information being stolen from its systems. The data breach was identified on February 21, Cencora said in a filing with the Securities and Exchange Commission (SEC). It's unclear exactly what type of data has been exfiltrated and who it belongs to, whether it's employees or customers. READ MORE...

Hacking

Ivanti Connect Secure hackers hide in plain sight, evading protections

A patch issued to mitigate vulnerabilities in Ivanti Connect Secure does not eradicate the threat if a malicious actor previously gained access to their computer network, researchers from Mandiant warned on Tuesday. A suspected espionage actor linked to the People's Republic of China has utilized living off the land techniques and deployed novel malware to maintain persistence despite system upgrades, factory resets and patch deployment, according to Mandiant. READ MORE...

Malware

FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks

Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. "ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector," the joint advisory cautions. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021. READ MORE...

Exploits/Vulnerabilities

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

More threat actors have started exploiting two recently resolved vulnerabilities in the ConnectWise ScreenConnect remote desktop access software. The issues, tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), are described as an authentication bypass flaw and a path traversal bug. ConnectWise disclosed the security defects on February 19, when it announced patches for them. Two days later, the company updated its advisory to warn of ongoing exploitation. READ MORE...

On This Date

  • ...in 1901, Nobel Prize-winning chemist and peace activist Linus Pauling is born in Portland, OR.
  • ...in 1935, DuPont chemist Wallace Hume Carothers invents nylon, the first fully synthetic fiber.
  • ...in 1983, the final episode of "M*A*S*H" airs on CBS, drawing over 120 million viewers, the largest audience of any TV series finale.
  • ...in 2013, Pope Benedict XVI resigns as pope of the Catholic Church, becoming the first to do so since Pope Gregory XII in 1415.