<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/25/2024

SHARE

Breaches

57,000 Patients Impacted by Michigan Medicine Data Breach

Michigan Medicine, the academic medical center of the University of Michigan, is notifying roughly 57,000 individuals that their personal and health information might have been compromised in a data breach. The incident, Michigan Medicine says, resulted from threat actors gaining access to employee email accounts on May 23 and May 29. The compromised accounts were disabled as soon as the data breach was discovered. READ MORE...

Hacking

North Korean hacking group makes waves to gain Mandiant, FBI spotlight

Stepped-up activity from a North Korean hacking group is prompting Mandiant to upgrade it to a top-tier hacking threat and the FBI to issue an alert about the outfit, which the company and agency say has long sought to obtain intelligence about defense and research and development but has since expanded to other targets. Mandiant said in a report it released Thursday that the newly labeled APT45 has broadened its ransomware operations to target health care providers, financial institutions and more. READ MORE...


Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

A distributed denial-of-service (DDoS) attack targeting a financial institution in the United Arab Emirates set records for the duration of the cyberattack and the sustained volume of requests. The attack - attributed to pro-Palestinian hacktivist group BlackMeta, also known as DarkMeta - lasted six days and included multiple waves of Web requests lasting anywhere from four to 20 hours, targeting the financial institution's site. READ MORE...

Software Updates

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment

Siemens this week published an out-of-band security advisory to announce the availability of patches for a couple of potentially serious vulnerabilities affecting some of its Sicam power grid products. The industrial giant informed customers that its Sicam A8000 product, which is a remote terminal unit (RTU) designed for telecontrol and automation in the energy supply sector, as well as the Sicam Enhanced Grid Sensor (EGS), and the Sicam 8 software are impacted. READ MORE...


Docker fixes critical 5-year old authentication bypass flaw

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn't carried forward in later versions, so the flaw resurfaced. READ MORE...

Malware

Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such as RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer. READ MORE...

Information Security

Building cyber-resilience: Lessons learned from the CrowdStrike incident

As the dust settles on the cyber-incident caused by CrowdStrike releasing a corrupted update, many businesses will, or should, conduct a thorough post-mortem on how the incident affected their business and what could be done differently going forward. For most critical infrastructure and large organizations, their tried-and-tested cyber-resilience plan undoubtedly will have been kicked into action. However, the incident was likely something that no organization could have prepared for. READ MORE...


How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created. READ MORE...

Science & Culture

Is Our Water Safe to Drink? Securing Our Critical Infrastructure

In the realm of cybersecurity risk, the obscure dark corner of the room is operational technology (OT). This is the space where computers and physical function come together, opening and closing valves, flipping breakers, stamping metal, and changing the temperature in your home from an app on your phone. This is also a place that most IT professionals and cybersecurity practitioners shy away from and look to as "that stuff over there we don't really understand." READ MORE...

On This Date

  • ...in 1837, the first commercial use of an electric telegraph is demonstrated in London.
  • ...in 1954, Chicago Bears running back and nine-time Pro Bowl selectee Walter Payton is born in Columbia, MS.
  • ...in 1965, Bob Dylan "goes electric" with amplified instruments at the Newport Folk Festival, sparking controversy in the folk movement.
  • ...in 1976, the Viking 1 space probe takes a photograph of a natural Martian surface feature, popularly known as "The Face on Mars."