Project Hyphae

Information Security News 11-13-2023

Share This Post

McLaren Health Care says data breach impacted 2.2 million people

Article Link:

  • McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information.
  • Evidence shows that on August 31 an unauthorized threat actor had accessed data and the following data types were confirmed to have been exposed by October 10:
    • Full name
    • Social Security number (SSN)
    • Health insurance information
    • Date of birth
    • Billing or claims information
    • Diagnosis
    • Physician information
    • Medical record number
    • Medicare/Medicaid information
    • Prescription/medication information
    • Diagnostic results and treatment information
  • McLaren says it currently holds no evidence that cybercriminals abused the exposed data but urges impacted individuals to be cautious with unsolicited communications and keep a close eye on their bank account activity.

Microsoft extends Windows Server 2012 ESUs to October 2026

Article Link:

  • Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, giving administrators more time to upgrade or migrate to Azure.
  • The company also prolonged the end date for Windows Server 2012 and extended support by five years to provide customers with additional time to transition to supported versions of Windows Server, even though its mainstream support ended in October 2018.
  • “If your organization is unable to migrate, you can purchase and seamlessly deploy Windows Server 2012 Extended Security Updates enabled by Azure Arc on premises and in hosted environments without keys, directly from the Azure portal.”

Hackers breach healthcare orgs via ScreenConnect remote access

Article Link:

  • Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
  • Researchers at managed security platform Huntress spotted the attacks and report seeing them on endpoints from two distinct healthcare organizations and activity indicating network reconnaissance in preparation of attack escalation.
  • Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider present in all 50 states.

Microsoft: BlueNoroff hackers plan new crypto-theft attacks

Article Link:

  • Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.
  • After picking their targets following initial contact on LinkedIn, the BlueNoroff hackers backdoor their systems by deploying malware hidden in malicious documents pushed via private messages on various social networks.
  • “Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment. The threat actor then moves successful communications with targets to other platforms.”

ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks

Article Link:

  • The popular generative AI application ChatGPT experienced recurring outages this week on both the ChatGPT interface and the associated API, according to its own status page.
  • The company reported the first major outage on November 8, and has since reported the problem has been “identified and resolved,” without going into further detail.
  • A current check on ChatGPT did not reveal any ongoing problems, but some believe that the platform can expect plenty of attention from cyberattackers in general going forward.


‘CitrixBleed’ Linked to Ransomware Hit on China’s State-Owned Bank

Article Link:

  • The disruptive ransomware attack on the world’s largest bank this week, the PRC’s Industrial and Commercial Bank of China (ICBC), may be tied to a critical vulnerability that Citrix disclosed in its NetScaler technology last month. The situation highlights why organizations need to immediately patch against the threat if they haven’t done so already.
  • The so-called “CitrixBleed” vulnerability (CVE-2023-4966) affects multiple on-premises versions of Citrix NetScaler ADC and NetScaler Gateway application delivery platforms.
  • The vulnerability has a severity score of 9.4 out of a maximum possible 10 on the CVSS 3.1 scale, and gives attackers a way to steal sensitive information and hijack user sessions. Citrix has described the flaw as remotely exploitable and involving low attack complexity, no special privileges, and no user interaction.

‘Shields Ready’ Critical Infrastructure Initiative Addresses Inevitable Cyberattacks

Article Link:

  • The US government has issued a series of prescriptions for preparing critical infrastructure operators for disasters, physical attacks, and cyberattacks, with an emphasis on the ability to recover from disruptions in the future.
  • The initiative, dubbed “Shields Ready,” aims to convince 16 identified critical infrastructure sectors to invest in hardening their systems and services against any disruption, no matter the source.
  • A problem for the initiative is that many of the current recommendations are voluntary and informational.

Reach out to our incident response team for help

More To Explore

Information Security News 11-27-2023

East Texas Hospital Network Can’t Receive Ambulances Because of Potential Cybersecurity Incident Article Link: Canadian Government Discloses Data Breach After Contractor Hacks Article Link:

Information Security News 11-20-2023

PJ&A Says Cyberattack Exposed Data of Nearly 9 Million Patients Article Link: Google Workspace Weaknesses Allow Plaintext Password Theft Article Link: New York

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.