Information Security News 11-27-2023

Share This Post

East Texas Hospital Network Can’t Receive Ambulances Because of Potential Cybersecurity Incident

Article Link: https://www.cnn.com/2023/11/24/us/east-texas-hospital-cybersecurity/index.html

  • According to a spokesperson for the UT Health East Texas hospital network, located in Tyler, Texas, hospitals in the network have been unable to receive ambulances for emergency rooms since identifying a potential security incident on November 23rd.
  • Representatives of the network, which operates 10 hospitals and dozens of additional facilities, didn’t provide additional details beyond stating that the network was operating using established downtime procedures as the hospital investigates a potential security incident.
  • While it is unknown what the potential incident may be, the article noted that there have already been 209 publicly reported ransomware attacks on US healthcare organizations in 2023.

Canadian Government Discloses Data Breach After Contractor Hacks

Article Link: https://www.bleepingcomputer.com/news/security/canadian-government-discloses-data-breach-after-contractor-hacks/

  • Recently, the Canadian government disclosed that two of its third-party vendors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were the victims of data breaches that exposed the data of Government of Canada employees, Canadian Armed Forces personnel, and the Royal Canadian Mounted Police (Mounties).
  • At this time, the Canadian government hasn’t attributed a threat actor to either of the breaches. Likewise, the Canadian government is still analyzing the data that was exposed to identify who all were specifically impacted.
  • Currently, the Canadian government is erring on the side of caution until all of the potentially exposed data is reviewed and assuming that anyone from the entities noted above who utilized relocation services dating back to 1999 have had personal information exposed.
  • Link to the Canadian Government’s Announcement: https://www.canada.ca/en/treasury-board-secretariat/news/2023/11/message-to-current-and-former-public-service-employees-and-members-of-the-canadian-armed-forces-and-royal-canadian-mounted-police.html

Rackspace Ransomware Costs Soar to Nearly $12M

Article Link: https://www.darkreading.com/operations/rackspace-ransomware-costs-soar-12-million

  • Financial disclosures filed over the past year highlight that recovery processes have cost almost $12 million for Rackspace Technology, which experienced a ransomware attack in December 2022.
  • Rackspace noted that they expect a $5.4 million cyber insurance payout but will still be paying $6 million out of pocket directly related to the incident in addition to anything else that may come from several currently pending lawsuits.
  • Additionally, Rackspace funded a total of $222 million in stock buy-backs earlier this year. As the article noted, while Rackspace could afford to do this, many organizations do not have this luxury.

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Article Link: https://thehackernews.com/2023/11/kubernetes-secrets-of-fortune-500.html

  • According to a report from the cybersecurity firm Aqua, numerous Kubernetes configuration secrets were uploaded to public repositories in GitHub. Using the GitHub API tool, researchers found 438 records that potentially held valid registry credentials which open the door to supply chain attacks.
  • Aqua found a variety of secrets with objectively weak passwords like “ChangeMe,” “dockerhub,” and more. Likewise, Aqua found instances where organizations failed to remove secrets from the files that were committed to public repositories on GitHub, leading to inadvertent exposure.
  • Aqua highlighted a variety of ways to improve the security of configuration files in their full report. Several tips include encrypting data at rest, practicing least privilege, following in the footsteps of Google Cloud Platform (GCP) and Amazon Web Services (AWS) who leverage key expiration dates, and removing files with sensitive information from public tools like GitHub.
  • Link to Aqua’s Report: https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets

Fake Browser Updates Targeting Mac Systems With Infostealer

Article Link: https://www.darkreading.com/attacks-breaches/threat-actor-using-fake-browser-updates-to-distribute-mac-infostealer

  • A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer malware, a dangerous information stealer, to macOS systems.
  • Researchers have noted that Atomic Stealer is capable of stealing account passwords, browser data, session cookies, and cryptocurrency wallets.
  • Malicious hackers rent the Atomic Stealer malware for $1,000 a month and then distribute the malicious software in a variety of ways, including through cracked versions of applications or fake browser updates. As the article notes, the new malware and campaign are examples of what some researchers see as an increased threat actor interest in macOS systems.

The Top Five Reasons to Use an API Management Platform

Article Link: https://securityaffairs.com/154505/security/api-management.html

  • Application Programming Interfaces (APIs) are pieces of software that allow third-party services and other pieces of software to easily interact with one another. Due to their versatility, many organizations have leveraged APIs in their environments.
  • As the article highlights, API management is vital for a variety of reasons including addressing security vulnerabilities, compliance risks, cost inefficiencies, and more. Likewise, API endpoints are unique with their own set of threats and avenues for exploitation.
  • The article emphasizes that an API management platform is beneficial for a variety of reasons. These include that such a platform increases organizational agility, allows for workflow automation and customization, enhances strategic decision-making, improves security, and offers cost savings.

California Publishes First Report on Generative AI Risks, Potential Use Cases

Article Link: https://statescoop.com/california-generative-ai-use-cases/

  • Recently, California released its “Benefits and Risks of Generative Artificial Intelligence” report, which conducts an in-depth analysis of the pros and cons of AI in general and for the State of California.
  • As the report explores, AI opens the door for workload optimization, enhanced data analysis, and more. However, AI can also be used to democratize cybercrime and spread disinformation.
  • California looks to lead the way in leveraging and regulating generative AI over the coming years. As the article notes, the timeline for working with AI is a process that will occur over years and not months.
  • Link to the State of California’s Report: https://www.govops.ca.gov/wp-content/uploads/sites/11/2023/11/GenAI-EO-1-Report_FINAL.pdf

CISOs Can Marry Security and Business Success

Article Link: https://www.helpnetsecurity.com/2023/11/22/cisos-business-security-goals/

  • While there are a variety of issues that require the attention of CISOs and their teams, the essence of their roles is to reduce risk to enable the business to thrive. The article emphasizes that, beyond this, security leaders should also look at the business strategy of the organization to find ways to turn cybersecurity into a competitive advantage.
  • Many businesses simply see cybersecurity as dealing with business continuity. However, depending on the direction the organization is moving in, security can also enhance customer trust and reputation, regulatory compliance, cost efficiency, and more.
  • The bottom line is that security isn’t “one size fits all” whether your organization is acquiring vendors or are the vendor being acquired by other organizations or consumers.

CISA Offers Cybersecurity Services to Non-Federal Orgs in Critical Infrastructure Sector

Article Link: https://www.helpnetsecurity.com/2023/11/22/critical-infrastructure-cybersecurity-services/

  • Recently, CISA has announced it will be starting its free Cybersecurity Shared Services Pilot program, which aims to act as a managed security service provider for “target rich, cyber poor” critical infrastructure.
  • Ultimately, CISA is looking to gather information on how to best serve the organizations it is designated to protect in cost-effective, highly scalable, and innovative ways akin to their recent Protective DNS solution pilot.
  • Currently, CISA has announced that they plan to focus the pilot on up to 100 critical infrastructure entities in the healthcare, water, and K-12 education sectors. CISA noted that if organizations are interested in the program to contact a security advisor from their respective CISA regional offices.
  • Link to CISA’s Announcement: https://www.cisa.gov/news-events/news/piloting-new-ground-expanding-scalable-cybersecurity-services-protect-broader-critical


Reach out to our incident response team for help

More To Explore

Information Security News – 11/4/2024

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft Article Link: https://thehackernews.com/2024/11/microsoft-warns-of-chinese-botnet.html FBI, Partners Disrupt RedLine, Meta Stealer Operations Article Link: https://www.darkreading.com/threat-intelligence/fbi-partners-disrupt-redline-meta-stealer-operations FakeCall

Information Security News – 10/28/2024

SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures Article Link: https://www.infosecurity-magazine.com/news/sec-charges-solarwinds-hack/ Major Publishers Sue Perplexity AI for Scraping Without Paying Article Link: https://www.theregister.com/2024/10/22/publishers_sue_perplexity_ai/ Microsoft

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.